MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 12 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5
SHA3-384 hash: 93673ac233a20c4a261953ad739320b7ae98df316761ed2b9cc37039aa0b79f4818959d85f4e14f6cebe1830ea00a90b
SHA1 hash: b9f525ed84413669aa28cef3fedd149f3ecac791
MD5 hash: 9ae589d9981c77180eb537e9075cf2c6
humanhash: sierra-nevada-crazy-river
File name:vsdbg.dll
Download: download sample
File size:3'803'648 bytes
First seen:2026-01-04 14:20:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 05b20b9642c5e7e35437a28b5feaed21
ssdeep 98304:JSgcFGfZSh4JSwcjvvgdSAFUa8vVYitoVsbXvlgC+aVr6U89MnCsj:IgcCEuS7j/ARkYit9XtgCBpf89MCsj
TLSH T11406BF45B3D819E5C527DA35CB14E332C2B1B9224B76D18B1A9AD3062F77A624F3FB01
TrID 66.6% (.EXE) InstallShield setup (43053/19/16)
16.2% (.EXE) Win64 Executable (generic) (10522/11/4)
7.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.1% (.EXE) OS/2 Executable (generic) (2029/13)
3.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter burger
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
vsdbg.dll
Verdict:
No threats detected
Analysis date:
2026-01-04 14:20:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/97a6a607-c241-4441-89c3-e9a20747871a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47594/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695a7713d2357cccc3df59ca
Tags:
emotet
Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypto masquerade microsoft_visual_cc overlay packed
Link:
https://www.filescan.io/uploads/695a775c127d6a14e0cf578b/reports/b42fc554-2a11-4607-816b-e8127dd5462b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5
Verdict:
Malicious
File Type:
dll x64
First seen:
2026-01-04T10:28:00Z UTC
Last seen:
2026-01-05T10:40:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.Win32.Generic HEUR:Trojan.Win64.Generic HEUR:Trojan.Win64.DllHijacking.gen
Link:
https://opentip.kaspersky.com/a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4fe1eca5-a004-4148-8045-449a495c8465
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1844441
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1844441 Sample: vsdbg.dll.exe Startdate: 04/01/2026 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 32 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/9ae589d9981c77180eb537e9075cf2c6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5/
Verdict:
Malicious
Threat:
Trojan.Win64.DllHijacking
Link:
https://tip.neiki.dev/file/a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-04 14:20:05 UTC
File Type:
PE+ (Dll)
AV detection:
11 of 24 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uenjwyelog5mk7o447pznrtxerbzfk6j5zv75zjzltvikby7n3cq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-jdh62axqdy/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ae9dd542-1576-4006-a383-621b206c130b
Unpacked files
SH256 hash:
a11a9b608b71bac57ddce7df96c677244392abc9ee6bfee5395cea85071f6ec5
MD5 hash:
9ae589d9981c77180eb537e9075cf2c6
SHA1 hash:
b9f525ed84413669aa28cef3fedd149f3ecac791
Link:
https://www.unpac.me/results/6199f0bc-cf17-469a-bec3-2d67175aed1f/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/47594/

Comments