MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019
SHA3-384 hash: 203a837b3070719443eb6fa0a0ddb3c3aeba3662a9287d389962bac45d75545918dbdd37e5a85ed122dd2af08b1bcc5f
SHA1 hash: 36fa7b0c73296ddb4ad959599fad7f610fe56e83
MD5 hash: 3f20ccbdc8b27752ca6a8804541f3654
humanhash: lion-pluto-mango-seventeen
File name:onboardingAccess.exe
Download: download sample
File size:45'148'496 bytes
First seen:2026-04-16 22:00:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46ce5c12b293febbeb513b196aa7f843 (35 x GuLoader, 21 x RemcosRAT, 8 x AgentTesla)
ssdeep 786432:8yuo2QjfILc1qM49EqUtOM2e+f5ZU/MGYj6rRZl6ffIsh77oVv:8yuo2Qb0c1qM3xUM83UpY2lZl6fACfol
TLSH T1E0A733433048A2D4E5AA29F2354FEE2212517C9F0212159F635ABF9F017A7705ABFDBC
TrID 27.0% (.EXE) Win64 Executable (generic) (6522/11/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon f031f8ccc4f4ecc8
Reporter Anonymous
Tags:exe signed

Code Signing Certificate

Organisation:INFOTECK SOLUTIONS PRIVATE LIMITED
Issuer:Microsoft ID Verified CS AOC CA 04
Algorithm:sha384WithRSAEncryption
Valid from:2026-04-15T15:11:04Z
Valid to:2026-04-18T15:11:04Z
Serial number: 3300001a0a0da6f871b03a582b000000001a0a
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: f162f0d4de7340798207d8fd02c793c9a06555e9f8132e697eaf32fe9b7ccc14
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
Link:
https://research.acce.ciphertechsolutions.com/results/a087c0be-382e-423c-bacd-3f84306f589d/
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
Suspicious activity
Analysis date:
2026-04-16 22:04:30 UTC
Tags:
python doc-url arch-exec arch-doc
Link:
https://app.any.run/tasks/78a3cb94-a603-4c04-aa32-cffd8e7081ed

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e15c45f68adfe1003a8bf4
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a process from a recently created file
DNS request
Connection attempt
Sending a custom TCP request
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug expired-cert installer installer installer-heuristic microsoft_visual_cc nsis short-lived-cert signed soft-404
Link:
https://www.filescan.io/uploads/69e15c2a9124ebc087547478/reports/d21ea446-1055-4f8f-bad9-5c87454c36d4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-04-16T19:29:00Z UTC
Last seen:
2026-04-18T00:04:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.Agent.xcdnju Trojan-Downloader.Python.Agent.em NetTool.PythonUserAgent.HTTP.Download
Link:
https://opentip.kaspersky.com/62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019/results?tab=lookup
Score:
83%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mktomstsgp2kovwqdrkiid7xaotcbjawskovp3v4bpnmhopneamq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/260416-1xbpqsby5k/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Warp
Create hunting rule
Author:Seth Hardy
Description:Warp
Rule name:WarpStrings
Create hunting rule
Author:Seth Hardy
Description:Warp Identifying Strings

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments