MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 13 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960
SHA3-384 hash: 59334b4fea32e3c00cb0cb700907b6a18b5522fe399db8cb6a84362e032009721a432d4d9407e14794b31e87f1b55063
SHA1 hash: edaeacb4cd88d8f9d8b8ca46846154c0c78cef84
MD5 hash: ef8d55bd4ea5912df47c188c2f3a4790
humanhash: stream-paris-black-five
File name:Installer.exe
Download: download sample
File size:10'068'464 bytes
First seen:2025-11-20 10:38:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'861 x AgentTesla, 19'793 x Formbook, 12'305 x SnakeKeylogger)
ssdeep 196608:EnAUgXQklm8i98p5sXnfykb5WaAfgBf6GlCMk0PU/:CoXQko38pq50fKB260
TLSH T1BEA61252FBD10192EADB00F525DB63F60D3D2620D71549E3C9A02DE48A226E36F3F75A
TrID 48.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
28.5% (.EXE) InstallShield setup (43053/19/16)
6.9% (.EXE) Win64 Executable (generic) (10522/11/4)
4.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
dhash icon f0c0a22593b2c8f0
Reporter SquiblydooBlog
Tags:exe signed

Code Signing Certificate

Organisation:Beyond Ideas LLC
Issuer:SSL.com EV Code Signing Intermediate CA RSA R3
Algorithm:sha256WithRSAEncryption
Valid from:2025-08-22T08:56:05Z
Valid to:2026-07-24T19:31:05Z
Serial number: 3a2844fba53eed9f3c50390f0fb51f84
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 7d993675e1777962c02a956a2a6a517c0809c3b19f78705680e10fe01f63d9fe
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
primepdfconvert.exe
Verdict:
Malicious activity
Analysis date:
2025-11-19 14:32:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b392277d-5a73-4eec-b44f-7da4c5a9b23b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38828/
Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691eefac8cf6736ec0afa697
Tags:
injection packed micro
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the %temp% subdirectories
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Creating a file
Using the Windows Management Instrumentation requests
Searching for synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug expand fingerprint installer-heuristic lolbin obfuscated packed signed
Link:
https://www.filescan.io/uploads/691eefa505386ce62550fb5c/reports/278e829c-9324-4266-bb2e-14426c253c14/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-03T12:12:00Z UTC
Last seen:
2025-11-21T20:56:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.MSIL.Agent.gen
Link:
https://opentip.kaspersky.com/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6050f3f6-4bcc-4a19-b948-6f6cbbdf7bad
Score:
54%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960
Verdict:
inconclusive
YARA:
12 match(es)
Tags:
.Net Executable Fody/Costura Packer Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.00 SOS: 0.15 SOS: 0.17 SOS: 0.18 SOS: 0.21 SOS: 0.22 SOS: 0.23 SOS: 0.24 SOS: 0.25 SOS: 0.26 SOS: 0.27 SOS: 0.28 Win 32 Exe x86
Link:
https://app.malva.re/file/ef8d55bd4ea5912df47c188c2f3a4790
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960/
Verdict:
Malicious
Threat:
NetworkReferences.Malware.Generic
Link:
https://tip.neiki.dev/file/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6aubndqo6bkfn6yhdirlbx7i2lcczef4zlvbikfwxqtzwellfqa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/251120-mplyvaen91/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System Location Discovery: System Language Discovery
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/37484e57-282d-4741-91eb-b31b37ad6882
Unpacked files
SH256 hash:
b7993b5a7686ae70000073ce02d53f81a94ffce67f1eb5b7c287b6c9f8241ec4
MD5 hash:
cb18871478e630ba3923c8aabbf958b1
SHA1 hash:
b32cdb8fe7cfdf281b92e9fb4853a7a16e37a1e1
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
1c0d2119bf8c843be4c6a884840bf764b4c8867e2f9cb742683354f5c3ae7e4f
MD5 hash:
25890ec0723967a385618ae2504d7573
SHA1 hash:
53f846f725d46a3f0806c34151ec8fbf866f8e73
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
defc4a739fb06a4c70ea2eed5be226e6a1c949223e8c6cc4a89dcbaa09c90bc1
MD5 hash:
13956fa680021feac23d8dfb7a94f15d
SHA1 hash:
0559c1b5b53e1c7d2f672619c42375d96305dfab
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
e63a9c9414570e7e649a797bd212867f4e4c766691c2415e5083f243bb183db0
MD5 hash:
8970048e95b9581fccd2fa2420ca88e5
SHA1 hash:
0fd704ad97d919464e786cac31d872683bd81416
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
207833c6dd510192d05bc8d297b16d5161379d968bed22d335b931078218c5cc
MD5 hash:
d9d55ce7c19ae971251d1d1dbdd8c320
SHA1 hash:
128bd75385106d94318c5d00269c2c7d6f175408
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
f32c70c45a3d24225a34d70201f4127c69b1d180619f3c63258cf7ee97fa4122
MD5 hash:
f9d6b4820600bd12589f7e56d64420cb
SHA1 hash:
15b5d99b2f637a961467324c5a083e8e73c98a30
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
77f822fbd19f96a284e9d442821b393386511aa79a20e2d6d1558d87391227f3
MD5 hash:
795423cd6bd12e4a3780a8036d5b627b
SHA1 hash:
188cc003d569c9a3dace73d989576cc06cebe61d
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
b9d2de16431f6052ed85e19cbce43dc8080adce065b2c8a5b649d57530712d32
MD5 hash:
018480bf5a89405a2ca523f1dd3a0806
SHA1 hash:
22e3a85ad664843cb9404a32693c4725d327b10f
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
1764c46b9b21021eb38ba5eeeedcc41dcebb727fe986bf235a931818b2d4c945
MD5 hash:
0b3ea0befa836ec2d35c6bd59c134971
SHA1 hash:
5636bc9dcb8b770e57847008dbfda378c0860f69
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
5de9828d62b0bb3a2b2205b7dfe8554e12a222e39477d1344a9bdb8a8d19cb08
MD5 hash:
3058c68157a75ec731c1d6df0bef2b98
SHA1 hash:
5f1f19af9245b0820c9fdfe2c364c44337397e05
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
039c6a65f72de10f30c1de7db249ac9e52c909cfd5508de8659ff89ab1feacec
MD5 hash:
669bc9fe643c655d04c9043b93da5a82
SHA1 hash:
63651e278530136ef020a6a4c05a23403109dfff
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
c9d54cea30038fe4dc2842bf7c97efef34ca2b3a44cfbce6dbd8578395427691
MD5 hash:
69de3ddebe420bf4b649685b90eee2ca
SHA1 hash:
65c038b8cd4f06c1b445cca7eaf14c22c769fbf9
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
7f43a5f3fceadb52717ce7b623ccc8cada34ff07e26189dc7f673ffd054065f9
MD5 hash:
98706a573fa552bf3a774a5ca7736835
SHA1 hash:
6ad6cd19c2eaddf2b800266a67a7d237b22a460c
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
cac7a34b14e42f01bb5bb835c15b6547756f594e1e6dda5ae0c2f5e06f71bbd8
MD5 hash:
5b9de98c465e2aa28cffe946eb058fb9
SHA1 hash:
8484ba3ba8c7471ab10b81406288fc27f49c11b8
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
0cb5b8b06ca1dd120fe812ba85a9b487cd44dc696f984a1fb2f90c1e8ab48546
MD5 hash:
7e35f745a3677efa0cb1d38b0d56bba9
SHA1 hash:
8a635a115676e4322d6ba851cf1cdd55f8128473
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
48092f8fb2acdca3a18df8814386206ead18774a20f51c0a9a2f3e928f0bc38f
MD5 hash:
0d231bb7a265db2382ecbc3679e4bf94
SHA1 hash:
8af7011c24798098315cfe6d24f2492cb97d3c92
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
c00914c579a77c99c915cba0847961fc1f549aaa5be0874bb1c7b8ca1c451451
MD5 hash:
45d0b50ff9b4e22273f94c56e7ddd883
SHA1 hash:
a4930e1683ddbe5903883f3c4db1e2911ef5c456
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
82add80d000e6e1313c9af8aa48245a2ec21252d4c6ea54898cf237eb35bbc1e
MD5 hash:
8a4d5ade5d669bac3798bae0c4b56ebf
SHA1 hash:
c2844017f533663e971b2fe256dd41c037859c4f
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
20b0bc8d12d8fca520a1e89fd8c9e0e920a76ec730eb4b1b7c70cd9f0b813046
MD5 hash:
8aab8fc11676e347f12d6bd2d93a769a
SHA1 hash:
c3c0d718ac92716ab3f38804a0279fd0aac8f5f3
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
cc927d8e2ad4718ab95cd000ceb6ff66a5e946e912a1b45f4a5047a920ea7abb
MD5 hash:
345387015bbbdf8d45187868d6ddb6bb
SHA1 hash:
d41dd3e44f4af8c99d5fcb9570ff207f7ccaa296
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
229a87e0f0542e17be335a1f6dc6b26561ef8d8b927b70c25b88d4d52967940b
MD5 hash:
46dd339ac09ed7fb03e5e1ddccf15747
SHA1 hash:
e638471840dfb01735643122f020380e1d3ce802
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
fb89d883d002ab2cd2e180ef97b4e590663afa83073badd64a675c2d344a57be
MD5 hash:
8675db31db956bf14ca8873680378969
SHA1 hash:
f3190f78292a2944e1d43daf318f5ab851f0c1db
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
SH256 hash:
878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960
MD5 hash:
ef8d55bd4ea5912df47c188c2f3a4790
SHA1 hash:
edaeacb4cd88d8f9d8b8ca46846154c0c78cef84
Link:
https://www.unpac.me/results/d6d3c2a1-ae92-41e6-ac24-c210cd2c20f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/878140b4707782a2b7d838d11586ff4696216485e65750a145b5e13cd88b5960

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_EXE_Packed_Fody
Create hunting rule
Author:ditekSHen
Description:Detects executables manipulated with Fody
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38828/

Comments