MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 6 File information Comments

SHA256 hash:	8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8
SHA3-384 hash:	8e660d9b3b5c572019003ec03a92a4452ea5d968927b443cc2877d1b736d479456fc2cc7545f3c8bdfe5dfdf967bfd77
SHA1 hash:	15a1d1a365e83d0fa8e55af5c71fe9f53fd44497
MD5 hash:	eb1cee1376691b30df38ba730f5958df
humanhash:	failed-yellow-skylark-cola
File name:	8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8
Download:	download sample
File size:	3'262'592 bytes
First seen:	2026-03-19 17:17:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	88016fcdef7f227c62171d0afad9aae4 (10 x ValleyRAT, 8 x OffLoader, 3 x Gh0stRAT)
ssdeep	49152:1uI2hU90iNyyCxzqmsoNKU2mo6NnPkEejkOX8xwZzGPXEkvbxrOM7vJxJV+:15OtiNy1z/TNK/mBGTliPUU0MFh+
Threatray	22 similar samples on MalwareBazaar
TLSH	T182E5F13FB28B653EE06E5A3979B6E210583BB661A5138C06D6E4C84CCF251711E3F787
TrID	61.4% (.EXE) Inno Setup installer (107240/4/30) 23.8% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 3.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.7% (.EXE) Win64 Executable (generic) (6522/11/2) 2.5% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
dhash icon	020d2dcce871b24d
Reporter	JAMESWT_WT
Tags:	Eos-Mist-LTD exe signed

Code Signing Certificate

Organisation:	Eos Mist LTD
Issuer:	Sectigo Public Code Signing CA EV R36
Algorithm:	sha256WithRSAEncryption
Valid from:	2026-01-08T00:00:00Z
Valid to:	2027-01-08T23:59:59Z
Serial number:	7c74a3c9578969d8a164d63522f4491d
Intelligence:	21 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:	This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	e057d99a4b691a6f320f4b92a6cff77f2b93e10336edeb4d8c203998db3a4aa5
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

155

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/fb53d802-7acb-40ef-b458-59d902a10a27/

Malware family:

n/a

ID:

File name:

_8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8.exe

Verdict:

No threats detected

Analysis date:

2026-03-19 17:18:42 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/111ece6c-a309-42f5-9373-fafbf29e4e2b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/58186/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69bc2ff593b644ca466bbc51

Tags:

dropper delphi micro blic

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Creating a file

Moving a recently created file

Creating a file in the %AppData% subdirectories

Unauthorized injection to a recently created process

Gathering data

Verdict:

Suspicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

Verdict:

Malicious

File Type:

exe x32

Detections:

HEUR:Trojan.MSIL.Agent.gen Trojan.Win64.Agent.smftoi Trojan.Win64.Agent.smftoa

Link:

https://opentip.kaspersky.com/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a275174b-6470-4b7c-97c9-d23a51169655

Score:

50%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rjlgdluuuz7b4j7uz4kv7ec5mzn6ot33uhxuetvuogqnuikwfdea._file

Verdict:

malicious

Label(s):

shellcode_loader_008

3f65f1f17d631beb4b0d89037fe2fb5bdbbe76e8bc7bb29113b801c5079b941a

58fa05f20d8eb34a2bf4117ccce6328cd4cb6cf8714f00df5e55c282a16beeec

6968840ce1b13d50d13f7f0320a2e5d66bfd97073f325231edc58ec85e694b6b

8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

ab2072ea9875d18f277462b80b10835a54c863ef4545a8ba821fff05291bc592

error

+ 12 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

4/10

Tags:

discovery installer

Link:

https://tria.ge/reports/260319-vvhglscz31/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Inno Setup is an open-source installation builder for Windows applications.

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Checks installed software on the system

Executes dropped EXE

Unpacked files

SH256 hash:

74f76c91e8f9e7a80b25bcc7f95907d118ba7716e84dd35aa172ed76fbdf4456

MD5 hash:

2b97b35de47dd92c062ab39d7cb05991

SHA1 hash:

18b644549d6acbc6c9481e82646d02b12d7455a2

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

SH256 hash:

388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

MD5 hash:

e4211d6d009757c078a9fac7ff4f03d4

SHA1 hash:

019cd56ba687d39d12d4b13991c9a42ea6ba03da

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

SH256 hash:

31574ba8f6f3311f37cfdce5a06a37c98dc73002418ae8747a92297d92e409d7

MD5 hash:

5a8f56ee0a065b5c814db6b5e403bdf5

SHA1 hash:

3c65f09d91dd0e64ddad2b0fbb46de6948958b0c

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

SH256 hash:

420123caa145317e7af458e7b83996ac0bc85ec39e472258d95d897c02a755f9

MD5 hash:

4603f65d14952bf67e85f23761813890

SHA1 hash:

4509eaa5e3a2ef39741850274cf354f44579fae4

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

SH256 hash:

9ff205599b9eea5e561170ef0e9843a31578cbb117759d32e3c1df96d7bc9838

MD5 hash:

18e90d097704371ccb605e34f9140d8c

SHA1 hash:

ef9b13edf2eff3e23868e5b5d4d8fdfe0cc67210

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

SH256 hash:

8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

MD5 hash:

eb1cee1376691b30df38ba730f5958df

SHA1 hash:

15a1d1a365e83d0fa8e55af5c71fe9f53fd44497

Link:

https://www.unpac.me/results/4d634b0f-acdb-4af5-bd36-bd93e96faed1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8a5661ae94a67e1e27f4cf155f905d665be74f7ba1ef424eb471a0da215628c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Borland Create hunting rule
Author:	malware-lu

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/58186/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample