MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9
SHA3-384 hash: eb340ae4eb268ab4302265d07caf7990ba80a3acfc20fc71156c7bfabaa0ce9dcc8e641a4354fe37b09e6a2453e2b8d4
SHA1 hash: e067cb73e7f2afe34ccab65b4fcba4d4aae648d5
MD5 hash: 15d094229f14933b08da2693576e8be2
humanhash: nuts-winner-jig-princess
File name:file
Download: download sample
File size:2'909'296 bytes
First seen:2026-01-22 18:58:02 UTC
Last seen:2026-01-22 19:53:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1b79c38de366e44c09fe4f1759407f73
ssdeep 49152:PGu38nVM9J1DG6ptUoPCFsIT0jSzxO1kazpq6N+6:uy8V8A6ptUoPeiOzxYf3+6
TLSH T1DCD5E112266D71E3E96952F2C86034063FB8FE784BE5405D7BC4742D4C3A9693F2F1AA
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 signed

Code Signing Certificate

Organisation:SynthLabs&Holdings
Issuer:SynthLabs&Holdings
Algorithm:sha256WithRSAEncryption
Valid from:2026-01-21T18:52:52Z
Valid to:2028-01-22T18:52:52Z
Serial number: 78fc9c87085d81db
Thumbprint Algorithm:SHA256
Thumbprint: ed3c776cd23b7b8ae264f56ac5694c62b34fbcc28da0fcc94acf9a0b2263383f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Bitsight
url: http://130.12.180.43/files/8428202012/guOuqJC.exe

Intelligence

File Origin
# of uploads :
11
# of downloads :
107
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2026-01-22 19:01:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/55b8df31-5c15-4db5-9204-5b3e710f741c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49797/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69727365f3cf908ba5077378
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug installer-heuristic packed signed
Link:
https://www.filescan.io/uploads/6972735a5db9ae47708e29e8/reports/04020467-38b8-45a2-bd7f-06c2879965fa/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9
Result
Gathering data
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/64ff5d4b-bc37-48ba-a531-d3cd91749354
Score:
79%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/15d094229f14933b08da2693576e8be2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyqwmohqd6tvcr5kllsmhiiy35wo7cxetlo52hjrxzf7u2jefhuq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/260122-xmszgsdt3d/
Behaviour
Accesses cryptocurrency files/wallets, possible credential harvesting
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9
MD5 hash:
15d094229f14933b08da2693576e8be2
SHA1 hash:
e067cb73e7f2afe34ccab65b4fcba4d4aae648d5
Link:
https://www.unpac.me/results/8435a5ed-8600-440a-88fe-d4b903e49576/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c6216638f01f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.17
Link:
https://yomi.yoroi.company/submissions/c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c6216638f01fa75147aa5ae4c3a118df6cef8ae49adddd1d31be4bfa692429e9

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3762125/
Cape
Cape
https://www.capesandbox.com/analysis/49797/

Comments