MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add
SHA3-384 hash: 815880c48254a09e92eef76b1c6bf0f56bf083805cb3df72b654d9dde614b19b8f657de62e8a806f17e3e20e7c82baab
SHA1 hash: 3916d5b7d436ce515ed7beb2c9fc94321fb825c2
MD5 hash: 4e739ab1e0b0e91dda834a21f410a4c4
humanhash: apart-kitten-eleven-colorado
File name:Main.exe
Download: download sample
File size:6'900'720 bytes
First seen:2025-11-20 10:37:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'844 x AgentTesla, 19'775 x Formbook, 12'297 x SnakeKeylogger)
ssdeep 98304:MSQXkP9y9tOM3kCIG7Lc8mtXTkosxx81J0jFXwYcAP1ffgFvLD6ORlENjYkY7PUq:Mklm8i98p5sXnhgAPFfgBf6GlCMk0PUq
TLSH T1896633338E6CB9E7E6A6DB3BCA25DDC7071761038C5547E1A5C63B3C430BED84A592A0
TrID 67.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.7% (.EXE) Win64 Executable (generic) (10522/11/4)
6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter SquiblydooBlog
Tags:exe signed

Code Signing Certificate

Organisation:Beyond Ideas LLC
Issuer:SSL.com EV Code Signing Intermediate CA RSA R3
Algorithm:sha256WithRSAEncryption
Valid from:2025-08-22T08:56:05Z
Valid to:2026-07-24T19:31:05Z
Serial number: 3a2844fba53eed9f3c50390f0fb51f84
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 7d993675e1777962c02a956a2a6a517c0809c3b19f78705680e10fe01f63d9fe
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://installmyapps.com/prc/xvdtp/scaeeo/PrimePDFConvert.exe
Verdict:
Malicious activity
Analysis date:
2025-11-18 17:03:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e17e64f0-8454-48b3-ba18-4f41e5d5b797

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38827/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691eefa78cf6736ec0afa65b
Tags:
injection packed micro
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file in the %temp% subdirectories
Creating a file
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin obfuscated packed schtasks signed
Link:
https://www.filescan.io/uploads/691eefa67da8c9af8f572225/reports/ca6f1be4-ea13-4014-bd2a-725fc4caf010/overview
Verdict:
Suspicious
Labled as:
MSIL/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-12T11:18:00Z UTC
Last seen:
2025-11-21T21:00:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.MSIL.Agent.gen
Link:
https://opentip.kaspersky.com/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/deb7969f-142b-4a22-9b75-69b5f125c9bc
Score:
60%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add
Verdict:
inconclusive
YARA:
11 match(es)
Tags:
.Net Executable Fody/Costura Packer Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.00 SOS: 0.15 SOS: 0.18 SOS: 0.20 SOS: 0.22 SOS: 0.23 SOS: 0.24 SOS: 0.25 SOS: 0.26 SOS: 0.27 Win 32 Exe x86
Link:
https://app.malva.re/file/4e739ab1e0b0e91dda834a21f410a4c4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=whhe5o2rpjcogbpcf34seha3m3b6p6jsp5foab5e4gauj5hzploq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/251120-mplm3sen9z/
Behaviour
System Location Discovery: System Language Discovery
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a930c620-549d-481f-8427-e98198bc077b
Unpacked files
SH256 hash:
b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add
MD5 hash:
4e739ab1e0b0e91dda834a21f410a4c4
SHA1 hash:
3916d5b7d436ce515ed7beb2c9fc94321fb825c2
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
863b7e08b27c07d376b178bdbbeacb1592e0f2a111d50a5ec30468075b13003b
MD5 hash:
48e4f7e43e784a1d3fc78afe05c788b0
SHA1 hash:
58f8644bd83e86a116b537bd81ee869f16486547
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
5a434b1e3b6fe746b2c8484b70b266fb29c2bf860a430ea15de7ee3cf7c3c1d2
MD5 hash:
c7f2fd432c9be9f316383f2ef09d314e
SHA1 hash:
03ee36289ee896b52a9ab9148c3581ce314e0bfe
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
0bc81c15f097d1af9ed8685f140243d9161758ac7b83cc991dab16cf7d43304c
MD5 hash:
1808e789107d6bd591dbe3e74e65644d
SHA1 hash:
0c5fe150703121763e372d70edd8cf8ed429c704
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
d6a24e10353e891ffd287b233f2e48faeb5bb4e7eb596e8210ed51ed3b8d9379
MD5 hash:
bf1f5894e67af36143d2d3d1864bb23c
SHA1 hash:
2451a187cc22f55d69823d8971a36d590af08fa4
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
c8b4266daacc162815e8d392a7b0541c03c1c621e9d54622acac38b8146300f7
MD5 hash:
5ddf627803ca7ceeed9f5b803a427285
SHA1 hash:
54470b9a3f1ca9a6d6b39661619ed894b828db13
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
1764c46b9b21021eb38ba5eeeedcc41dcebb727fe986bf235a931818b2d4c945
MD5 hash:
0b3ea0befa836ec2d35c6bd59c134971
SHA1 hash:
5636bc9dcb8b770e57847008dbfda378c0860f69
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
4599f8153a64f658b214417045a1f3fc057464bb554188eb16d321187608ee87
MD5 hash:
4690f8cfc58f18d7bf6c1d368c9b4063
SHA1 hash:
5d950645554ea8b2e65702bf67e39fdde15820f6
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
73039ba208374c6f8c322766c51792c4655956019a35649287467bb97d82c1b0
MD5 hash:
b87102f4a07cb75687b2141ead7cc3ed
SHA1 hash:
63a28576e08987924c58296509dac1454fe2103d
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
59e430c60edc96095bf38469bcd18d80226b9871d713e0f348550e2e952705bb
MD5 hash:
4a6f001c0b29ff272f69fd0a199703c8
SHA1 hash:
647a2cb9ff03a897e9903e1a9414cd716874adf8
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
7f43a5f3fceadb52717ce7b623ccc8cada34ff07e26189dc7f673ffd054065f9
MD5 hash:
98706a573fa552bf3a774a5ca7736835
SHA1 hash:
6ad6cd19c2eaddf2b800266a67a7d237b22a460c
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
68d7539615d4a2f95d7ebc974ad126d6248d5146aff6a737b4b0ac767cfd592f
MD5 hash:
9c294e074fd44d0b72f9955344e7a81f
SHA1 hash:
6f517b078916975afffa3ae25a3fc3b8aa14a1f6
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
58022599da5838938f8393d54746a2e5fc5e257faa30b8f52b7b32bfe46704ef
MD5 hash:
9cc6a3b38d8bdb102e3246cabfe5f5ae
SHA1 hash:
7b1343e600ff6a8303a52da65856140fb35f4f10
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
f7eafef96d12283de60e22c3d416ff5528c16874518b319f820ed87a5744304e
MD5 hash:
e66bab5e43d4bd203099243b7cdd5511
SHA1 hash:
7dfba4ee86f2ccf579ef1a25a38c306b13ab0d75
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
0cb5b8b06ca1dd120fe812ba85a9b487cd44dc696f984a1fb2f90c1e8ab48546
MD5 hash:
7e35f745a3677efa0cb1d38b0d56bba9
SHA1 hash:
8a635a115676e4322d6ba851cf1cdd55f8128473
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
48092f8fb2acdca3a18df8814386206ead18774a20f51c0a9a2f3e928f0bc38f
MD5 hash:
0d231bb7a265db2382ecbc3679e4bf94
SHA1 hash:
8af7011c24798098315cfe6d24f2492cb97d3c92
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
0650da1d4bf1fb453fc4ab824710fe66fb42d35edd13aed249dde0a21961775c
MD5 hash:
4772d20fd4970795e332dd97416f448c
SHA1 hash:
99b8828106cd4f68498bf981ec8e0e02992e3968
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
a40bd7096931f8d1cea43fed9e87f2ddd144af16d0ea4f9459dae7bca4a506d4
MD5 hash:
c9afb1af8836f235e809d98793497250
SHA1 hash:
ab8c7374460be0f56c7c0656ccb844d9e72957da
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
e233c9e3d49c51cf71e95789bc404f227fad7f659d56712c87a71af771f5f2c2
MD5 hash:
10634b076ed8cd82f63675b6ed23c227
SHA1 hash:
d33cc38141569ac6535ee4d154f7ac965cd87566
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
cc927d8e2ad4718ab95cd000ceb6ff66a5e946e912a1b45f4a5047a920ea7abb
MD5 hash:
345387015bbbdf8d45187868d6ddb6bb
SHA1 hash:
d41dd3e44f4af8c99d5fcb9570ff207f7ccaa296
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
a11f47a9a4b80da61924ef5c7dbdf59456d47848126cc7ddb70a43f660521f2a
MD5 hash:
ba0a3336271344eb707880c589c8653c
SHA1 hash:
e80bad4850ab4c355bf131916a12232dcba97a75
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9
MD5 hash:
0bfef61b203054f6fbf08419ffe3f018
SHA1 hash:
ed9d0418507630996eb2c473ec5daf11d185c2c6
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
SH256 hash:
e6dcaba9a4993d571288f53006fd6ce04d1db5deaf6f5d14e04a9a51cb11e21b
MD5 hash:
c0da97e7655cffbbfceadeca27660c53
SHA1 hash:
f4bae88913fdfabd008c2dbe23b2f7de4841227c
Link:
https://www.unpac.me/results/71a3c0a5-6d27-4185-88c5-cd28573fe3fe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b1ce4ebb517a44e305e22ef9221c1b66c3e7f9327f4ae007a4e18144f4f97add

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_EXE_Packed_Fody
Create hunting rule
Author:ditekSHen
Description:Detects executables manipulated with Fody
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38827/

Comments