MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9
SHA3-384 hash: 02d6cd56616d000942fed8615068143e27e60f87636590dd006794898cb509abf95ecc7ea489418cfc68dd37b1b0933f
SHA1 hash: 01dbe176f642f95cd51a50dfcd01eaed68bf57fe
MD5 hash: 73ab9ab779feb248c5822225dafd108f
humanhash: xray-salami-east-washington
File name:random.exe
Download: download sample
File size:2'522'611 bytes
First seen:2025-08-11 09:29:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d991aeca9edd47508ed45f564f40849a
ssdeep 49152:mljlQb4aPGkS3bctXXg7d2NB4BLy1rpJer3IcR8j1sbnyp0utGto:mljlQVdkctXXg7d2ABGxCr3hqj17f4o
TLSH T174C5F12255A438F5C8F67978AD1E719E5C127A62793CF14EDEE40B08AEEC7C0217734A
TrID 52.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
16.8% (.EXE) Win32 Executable (generic) (4504/4/1)
7.7% (.EXE) Win16/32 Executable Delphi generic (2072/23)
7.5% (.EXE) OS/2 Executable (generic) (2029/13)
7.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
SE SE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/20114/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6899b814fca70bd90e8e1101
Tags:
injection delphi
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug borland_delphi fingerprint keylogger overlay packed
Link:
https://www.filescan.io/uploads/6899b8e96d7bffa0a7a09484/reports/7ef7ada6-d8b3-4135-8b26-730cc409e190/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1b4d7c74-e5b3-4295-9944-3b776756eadd
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1754454
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) Win 32 Exe x86
Link:
https://app.malva.re/file/73ab9ab779feb248c5822225dafd108f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9/
Verdict:
Malicious
Threat:
HEUR:Trojan-Banker.Win32.Qbot
Link:
https://tip.neiki.dev/file/9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9
Threat name:
Win32.Trojan.Tepfer
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 01:06:03 UTC
File Type:
PE (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tqjelybgsvpd3x5brgt6niz3shjfcghfasjrnr7etdvmlmtos7uq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-ljc83sttdz/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0f640cd0-c7f2-4e08-b92b-1ea5241f6bfb
Unpacked files
SH256 hash:
9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9
MD5 hash:
73ab9ab779feb248c5822225dafd108f
SHA1 hash:
01dbe176f642f95cd51a50dfcd01eaed68bf57fe
Link:
https://www.unpac.me/results/774427db-a874-4242-a3da-81ad6e6c1a9d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.32
Link:
https://yomi.yoroi.company/submissions/9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BobSoftMiniDelphiBoBBobSoft
Create hunting rule
Author:malware-lu
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9c1245e026955e3ddfa189a7e6a33b91d25118e5049316c7e498eac5b26e97e9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3590307/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/20114/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and Threadskernel32.dll::CloseHandle
kernel32.dll::CreateThread
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryExA
kernel32.dll::LoadLibraryA
kernel32.dll::GetSystemInfo
kernel32.dll::GetStartupInfoA
kernel32.dll::GetDiskFreeSpaceA
kernel32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateFileA
kernel32.dll::GetSystemDirectoryA
kernel32.dll::FindFirstFileA
kernel32.dll::GetTempPathA
version.dll::GetFileVersionInfoSizeA
version.dll::GetFileVersionInfoA
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegOpenKeyExA
advapi32.dll::RegQueryValueExA
WIN_SVC_APICan Manipulate Windows Servicesadvapi32.dll::CreateServiceA
advapi32.dll::OpenSCManagerA
advapi32.dll::OpenServiceA
advapi32.dll::RegisterServiceCtrlHandlerA
advapi32.dll::StartServiceCtrlDispatcherA
WIN_USER_APIPerforms GUI Actionsuser32.dll::ActivateKeyboardLayout
user32.dll::CreateMenu
user32.dll::EmptyClipboard
user32.dll::FindWindowA
user32.dll::OpenClipboard
user32.dll::PeekMessageA

Comments