MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64a93971587ee0521ecbfd3a3b2c04de75aff5cc1cb70ac104aa3ab7395c66ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments

SHA256 hash: 64a93971587ee0521ecbfd3a3b2c04de75aff5cc1cb70ac104aa3ab7395c66ab
SHA3-384 hash: f99f80d601569b2397db7caf0882fc4a4093ffce6f8b13d1d0babc233d34e8a68abfee24cfa0c2bab2abc7466788a213
SHA1 hash: ea8b2a706fa1251dd013a0f36c72c180ae512be8
MD5 hash: 2055c8bcf91205b274d4a411d536da2c
humanhash: bakerloo-three-march-minnesota
File name:instbeta.exe
Download: download sample
File size:99'279'175 bytes
First seen:2026-05-16 18:14:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46ce5c12b293febbeb513b196aa7f843 (42 x GuLoader, 21 x RemcosRAT, 10 x AgentTesla)
ssdeep 1572864:3ylRCMKXYwbxCy9htw3FwLlXjsuz2z3N9VNJ4iN4NBiQztJwGw+5bkXcy744Q0Bc:3yVKIiCqh+VwLlXjTz2z3N9F4iGpzI+v
Threatray 13 similar samples on MalwareBazaar
TLSH T1C928334933BF6833C23E827BFDF568DA25D15EB36C07D01228E4995A19CE5B7E168603
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 71f8cccccc82cccc
Reporter Ling
Tags:exe Shellcode ShellCodeRunner


Avatar
CNGaoLing
ShellcodeRunner

Intelligence


File Origin
# of uploads :
1
# of downloads :
118
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
instbeta.exe
Verdict:
No threats detected
Analysis date:
2026-05-16 17:38:28 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug evasive evasive installer installer installer-heuristic microsoft_visual_cc nsis reconnaissance smb
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-05-15T23:59:00Z UTC
Last seen:
2026-05-17T18:22:00Z UTC
Hits:
~100
Detections:
Trojan.Win64.Silverfox.sb PDM:Exploit.Win32.Generic Trojan.Win32.Shellcode.poc Trojan-Downloader.Agent.TCP.C&C HEUR:Trojan.Win32.Generic HEUR:Trojan.PowerShell.Starter.gen HackTool.Multi.AmsiETWPatch.sb Trojan.Win32.Shellcode.sb HEUR:Trojan.Win32.ShellEx.gen not-a-virus:AdWare.Win32.Agent.jxja
Gathering data
Threat name:
Win32.Trojan.Malgent
Status:
Malicious
First seen:
2026-05-16 17:37:31 UTC
File Type:
PE (Exe)
Extracted files:
2618
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Gathering data
Malware family:
DonutLoader
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 64a93971587ee0521ecbfd3a3b2c04de75aff5cc1cb70ac104aa3ab7395c66ab

(this sample)

  
Delivery method
Distributed via web download

Comments