MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f
SHA3-384 hash: e12fd5d9d79e92327a0588862202fc7239257913185a927ec484b415f1672f0e2da39f6a2de9fdb39f15abdf2c1bbcc4
SHA1 hash: d8ca0a9ae6765387a8ce9a4906c1726998974026
MD5 hash: ace319a6212d37265b86968b764d835e
humanhash: kitten-venus-white-hamper
File name:点击安装中文语音包.EXE
Download: download sample
File size:2'931'200 bytes
First seen:2026-04-13 22:04:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 48251428bbf8085cc52686e104f31d73
ssdeep 49152:QshaBzZ9C4sch4JMv+Stlo2OZPcYRgMWHlMClYK8mtU37cARRFlPM723U8UC6gCa:5a2rdMYAHBx+7cARt3K
TLSH T132D55B9F77B841E4D1668175C8468A8BD3F2B4921B3183DF10A1879F1FB76E24C3A762
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Ling
Tags:exe Malgent Trojan:Win32/Malgent!MSR


Avatar
CNGaoLing
This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win32/Malgent!MSR)

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
点击安装中文语音包.EXE
Verdict:
No threats detected
Analysis date:
2026-04-13 15:32:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4263ee77-e61e-4809-86ab-a73baa3cf528

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/61451/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69dd0caef68adfe100396ed4
Tags:
injection obfusc
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug base64 expand explorer fingerprint keylogger lolbin microsoft_visual_cc overlay
Link:
https://www.filescan.io/uploads/69dd68bc5ea31bc68a27967e/reports/2ca26c5d-005c-4bb5-ac88-153638190b9f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f
Verdict:
Clean
File Type:
exe x64
First seen:
2026-04-14T03:59:00Z UTC
Last seen:
2026-04-15T05:19:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1f92c575-9eee-4f59-a88e-31c21fd68bdc
Score:
67%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-13 15:33:08 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t2yipedzaeqbenkxdnowx4cmdatay3zbt4z53yngj6vgc2o3i6hq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260413-1zwspab12v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f
MD5 hash:
ace319a6212d37265b86968b764d835e
SHA1 hash:
d8ca0a9ae6765387a8ce9a4906c1726998974026
Link:
https://www.unpac.me/results/ffa486fa-265c-49f1-ab4d-ed5b9cd4cb0c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9eb087907901201235571b5d6bf04c18260c6f219f33dde1a64faa6169db478f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/61451/

Comments