MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9
SHA3-384 hash: 0320a8883e55b9a51f44eddd91b6abac3ead2003b68518a69fae6daed6c40415ac0eb65e9306b85aeb71d777f2c42104
SHA1 hash: 9eb238138043027136e81a207de4e09585d31057
MD5 hash: 82c1ede52d87eb345226ff7667fef282
humanhash: coffee-oranges-sierra-virginia
File name:SecuriteInfo.com.Win64.Evo-gen.86737763
Download: download sample
File size:71'415'296 bytes
First seen:2026-02-27 17:42:12 UTC
Last seen:2026-02-27 18:36:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 772ec87d3452991a9933a3ba0d9963a9
ssdeep 393216:Pn1XQgPR2k3m5C507G9ITEc5eAlkLbQurxMWhAsIyNOPS0B4AycWsCYaxFzwW/tL:P1XR7AsxYqt2oRGj5rs3wb8/
TLSH T114F7594262EA05C4F9F7DA358AE65217D673BC166F3081CF325C172A1F736E08976B22
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9933982b-c0b5-415a-a082-bed0292bf5e1/
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.Evo-gen.86737763
Verdict:
Malicious activity
Analysis date:
2026-02-27 18:24:21 UTC
Tags:
etherhiding stealer
Link:
https://app.any.run/tasks/0771ac64-ee0f-45a3-9682-5f2b80e2b37a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a1d7c0c950ab5d9ab22fd2
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69a1d7b2d967dbda74ef505e/reports/196d43ae-de80-452c-88c3-82acc714b80a/overview
Verdict:
Suspicious
Labled as:
Win64/Kryptik.GLN trojan
Link:
https://www.hybrid-analysis.com/sample/c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9
Result
Gathering data
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9
Gathering data
Verdict:
Malicious
Threat:
Trojan-PSW.Win64.Stealer
Link:
https://tip.neiki.dev/file/c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrdgb2ujyigwtz3vdvnbtphih2qgq3ics6ocuq3ndu3zt43foheq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/260227-wancssc13g/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads WinSCP keys stored on the system
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c44660ea89c20d69e7751d5a19bce83ea0686d02979c2a436d1d3799f36571c9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3786938/
  
Delivery method
Distributed via web download

Comments