MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1
SHA3-384 hash: cea6e3b49307f07e626609e969b79af6fcf644360450fb16cea3af976f6650e585edc3768ceb86c8b2dc6f9604b7ae90
SHA1 hash: 259e856dd1ed26599d161137c144ccf5bf0a97f1
MD5 hash: f243b8dbb34d7691597e9073c81f13ef
humanhash: sweet-violet-neptune-summer
File name:iivngcyivchj.exe
Download: download sample
File size:88'299'841 bytes
First seen:2026-05-15 19:30:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (575 x GuLoader, 128 x RemcosRAT, 82 x EpsilonStealer)
ssdeep 1572864:8t9IKPbzO9Y2iC/ORWYLe3FW4D8YOOmM8VoI21X3JbsT9sdIThkKe3XA42Se7:8UK/QitRWOe3FfmfM8VO1XZbEsCyKee7
TLSH T10218332040A0C2B7CF7FA6B718931D37FB9493FB05B5671EEB4571117BA62891820AB7
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon cc32e8c4d469338c
Reporter burger
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/d8f8983f-b944-439d-9377-ca1818f35b09/
Malware family:
n/a
ID:
1
File name:
iivngcyivchj.exe
Verdict:
Suspicious activity
Analysis date:
2026-05-15 19:29:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/732134b3-85f0-4620-b266-c3b0db510362

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0773f9953bbcef1c90871b
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm base64 crypto evasive expand expired-cert fingerprint fingerprint hacktool installer installer installer-heuristic lolbin microsoft_visual_cc nsis obfuscated packed reconnaissance wiper
Link:
https://www.filescan.io/uploads/6a07746a861ee596e6377a84/reports/6f656a4c-d30c-459a-ada5-831d3c12985e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1914241
Signature
Drops large PE files
Unusual module load detection (module proxying)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 1914241 Sample: iivngcyivchj.exe Startdate: 15/05/2026 Architecture: WINDOWS Score: 48 8 iivngcyivchj.exe 179 2->8         started        file3 29 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 8->29 dropped 31 C:\Users\user\AppData\Local\...\System.dll, PE32 8->31 dropped 33 C:\Users\user\AppData\Local\...\vulkan-1.dll, PE32+ 8->33 dropped 35 12 other files (none is malicious) 8->35 dropped 37 Drops large PE files 8->37 12 lujidofDesk.exe 56 8->12         started        signatures4 process5 signatures6 39 Unusual module load detection (module proxying) 12->39 15 cmd.exe 1 12->15         started        17 lujidofDesk.exe 1 12->17         started        19 lujidofDesk.exe 10 12->19         started        21 2 other processes 12->21 process7 process8 23 net.exe 1 15->23         started        25 conhost.exe 15->25         started        process9 27 net1.exe 1 23->27         started       
Score:
79%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1
Gathering data
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/a5c65174e4401b2effd1206ff34f99ab384ec88c8b265552c9cdfcbbfc54ccf1
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-15 01:09:01 UTC
File Type:
PE (Exe)
Extracted files:
161
AV detection:
3 of 36 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uxdfc5heians576rebx7gt4zvm4e5semrmtfkuwjzx6lx7cuztyq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments