MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 13 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf
SHA3-384 hash: aed68c8f84ce035910144f6d7ec39f22721c26a9552886633fac37f265645af37daf48a696e55991537a89906770ce0d
SHA1 hash: f1a9969a998a3ef0152c6ec4d8772ee9f5048880
MD5 hash: 85bb0d97a5a35c3ff84ef42b5ea06751
humanhash: virginia-twenty-hot-six
File name:Plaguecheat_Crack.exe
Download: download sample
File size:2'647'552 bytes
First seen:2025-11-22 15:20:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ed4c51dbe5a6b19a1289dd0f315e3f6
ssdeep 49152:bzf6V1jqp9ekTDoSxfHLqY+xKkmyLW5RhM0gl4:bzyV0pBfOtIFIl4
TLSH T1BCC5E122F3918837D55326345D4B93D86926BF201E2858877BE93E4CAF367C27839367
TrID 94.7% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
2.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
1.4% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
0.6% (.EXE) Win32 Executable (generic) (4504/4/1)
0.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
dhash icon f0d8d8daecc4fe3c
Reporter aachum
Tags:exe RUS Winlock


Avatar
iamaachum
https://www.youtube.com/watch?v=45HwYlEXIkc => https://telegra.ph/PLAGUECHEAT-CRACK-CHEAT-CS2-11-22 => https://mega.nz/file/3IszCTAA#-ImsMqJw1hDo82JDr8LijRDWtaDj151RNlREtIoceV4

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
Plaguecheat_Crack.exe
Verdict:
Malicious activity
Analysis date:
2025-11-22 15:23:41 UTC
Tags:
winlocker loader auto-reg delphi
Link:
https://app.any.run/tasks/4ce95838-205c-4f83-8bd9-a22667d778e2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/39043/
Detection(s):
Win.Malware.Barys-10021286-0
Create hunting rule

Win.Malware.Lockscreen-10029317-0
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6921d4c48cf6736ec0b0a1dc
Tags:
lockscreen delphi emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Creating a file
Sending a custom TCP request
Blocking a possibility to launch for cmd.exe command interpreter
Blocking the User Account Control
Setting a single autorun event
Changing the Windows explorer settings
Forced shutdown of a system process
Rewriting of the hard drive's master boot record
Enabling autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug barys borland_delphi cscript diskwriter explorer fingerprint installer-heuristic keylogger lockscreen lolbin msconfig packed regedit runonce wscript
Link:
https://www.filescan.io/uploads/6921d4c0f96b58f0dc8015da/reports/0d4b5293-0a84-4fa3-ad6c-a1bd5b84caa7/overview
Verdict:
Malicious
Labled as:
Genie.Generic
Link:
https://www.hybrid-analysis.com/sample/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-22T11:09:00Z UTC
Last seen:
2025-11-23T01:47:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic Trojan.Win32.Locker.sba HEUR:Trojan.Win32.DiskWriter.gen not-a-virus:PDM:RiskTool.Win32.BootChanger.a.9
Link:
https://opentip.kaspersky.com/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ef310717-fdac-411e-b84e-a97b1809bd9e
Gathering data
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/85bb0d97a5a35c3ff84ef42b5ea06751
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf/
Verdict:
Malicious
Threat:
Trojan.Win32.Locker
Link:
https://tip.neiki.dev/file/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf
Threat name:
Win32.Trojan.Genie
Create hunting rule
Status:
Malicious
First seen:
2025-11-22 15:20:33 UTC
File Type:
PE (Exe)
Extracted files:
112
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rilumlaiz3vsumd74dq2izyqp3smtsab3n7aehis525qvfzc57pq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
bootkit defense_evasion discovery persistence trojan
Link:
https://tria.ge/reports/251122-sq122stmcr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
System policy modification
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Adds Run key to start application
Checks whether UAC is enabled
Writes to the Master Boot Record (MBR)
Event Triggered Execution: Image File Execution Options Injection
UAC bypass
Verdict:
Malicious
Tags:
trojan Win.Malware.Barys-10021286-0
YARA:
Windows_Generic_Threat_d8f834a9
Link:
https://app.threat.zone/submission/d59d8684-c0ed-4cbf-b477-f4929672d051
Unpacked files
SH256 hash:
8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf
MD5 hash:
85bb0d97a5a35c3ff84ef42b5ea06751
SHA1 hash:
f1a9969a998a3ef0152c6ec4d8772ee9f5048880
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
e545a54742d5955f1c35623b65aa14c999d8c5741c9f6f8881f732d7637831f4
MD5 hash:
e1182eaeae0c62839733035ab36bd005
SHA1 hash:
7c18dfa13e5f01348300ef156b860c772047a36a
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
SH256 hash:
bdae48dc7dab57759f9a03a24f55854a7f3222e68d858d50473999f86b06270d
MD5 hash:
a0dbd315ed27feadd33e810867744301
SHA1 hash:
d892cf570fbcd4489bf88b4430440b3753e6e217
Link:
https://www.unpac.me/results/4a00422d-711a-43b1-8531-19cd5d492400/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8a17462c08ce/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BobSoftMiniDelphiBoBBobSoft
Create hunting rule
Author:malware-lu
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:dependsonpythonailib
Create hunting rule
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:grakate_stealer_nov_2021
Create hunting rule
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:TH_Generic_MassHunt_Win_Malware_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Windows malware mass-hunt rule - 2025
Reference:https://cyfare.net/
Rule name:Windows_Generic_Threat_d8f834a9
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8a17462c08ceeb2a307fe0e1a467107ee4c9c801db7e021d12eebb0a9722efdf

(this sample)

  
Link
https://tria.ge/251122-smdgkstmap/behavioral2
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/39043/

Comments