MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f
SHA3-384 hash: 621d11bc52d387bc2f168e7ac782b74c32668fc8bd35099dff20868c129d2afa3107dca321203d4c694709e8c971a8e9
SHA1 hash: 8dd8ba85f27525000d57d8d213599d5b416e9497
MD5 hash: 0b7e5f027bef86e8d65855233e4f67a6
humanhash: double-hawaii-lima-sad
File name:Game.exe
Download: download sample
File size:82'109'004 bytes
First seen:2025-12-30 21:05:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e05e31a5063c852520cc6950fe83ad1a (12 x CoinMiner)
ssdeep 393216:Ds/nU/1IN3Uuw8ygaACggdwVCRdsQ+hrxAAsIyNOnS0B4AycWMCYulLX5zlc+S+W:DEYGD7sJYgNukUB4S5rs3wbpLLNNL
TLSH T157086B4262EA04C4F9F7DA759AF65617C673BC122F3095CF221C172A1F336E09976B22
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter lfr
Tags:exe


Avatar
lfr
https://www.patreon.com/file?h=147026740&m=588863311

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5e4834a6-55aa-41f1-9c84-969adfdd3e4f/
Malware family:
n/a
ID:
1
File name:
Game.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-30 21:04:12 UTC
Tags:
anti-evasion
Link:
https://app.any.run/tasks/1c0f413d-742a-4738-89ac-656d2818c728

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69543e527d915bf1778f1237
Tags:
virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto expand fingerprint installer-heuristic lolbin microsoft_visual_cc nexe overlay overlay packed packed
Link:
https://www.filescan.io/uploads/69543ed7127d6a14e0c91258/reports/7377ca4a-11ea-418e-9489-08832603988e/overview
Verdict:
Malicious
Labled as:
W64/Agent.KWO.gen
Link:
https://www.hybrid-analysis.com/sample/67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-30T18:01:00Z UTC
Last seen:
2025-12-30T23:28:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-PSW.Win64.Stealer.gen
Link:
https://opentip.kaspersky.com/67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f/results?tab=lookup
Score:
67%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f
Gathering data
Verdict:
Malicious
Threat:
Trojan-PSW.Win64.Stealer
Link:
https://tip.neiki.dev/file/67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f
Threat name:
Win64.Malware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-30 21:04:12 UTC
File Type:
PE+ (Exe)
Extracted files:
9
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m72zgcbrhce3zhj66hx33lwse6egzv7hhu26mq4eqhe74aqnzrhq._file
Gathering data
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/438e2ab6-d5ed-464c-a0d3-3e6fd684fcda
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 67f59308313889bc9d3ef1efbdaed227886cd7e73d35e6438481c9fe020dcc4f

(this sample)

  
Delivery method
Distributed via web download

Comments