MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b
SHA3-384 hash: 4b4373a38610fab6b5614e3223dcf512db3ba64d9fb86a3bcfc9f66233c14076c80301f15317f922b9117d609878d7be
SHA1 hash: 813cd8a638b4d5cde58bdf8df7c02260a404802c
MD5 hash: 03713176e7f0d9f3b37ac6eb644d90bb
humanhash: chicken-utah-comet-robert
File name:SecuriteInfo.com.Win64.MalwareX-gen.81778835
Download: download sample
File size:4'012'032 bytes
First seen:2026-05-16 21:40:19 UTC
Last seen:2026-05-16 22:27:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e5e1c7bf79d9e27780f9dccbb11ab144
ssdeep 49152:Ig5ampeO03NvTEh5/wWT8qpQ/fnlhyBm5SKsj1WPAX0QHF:IWIC18nlfSKsj1W8
Threatray 17 similar samples on MalwareBazaar
TLSH T1C9063B2BD26244ACC167C130DF9BD2B2AA31BC1C02F4757F2588DBE17E56D20779EA94
TrID 45.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
18.0% (.EXE) Win64 Executable (generic) (6522/11/2)
13.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.6% (.ICL) Windows Icons Library (generic) (2059/9)
5.6% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/66154/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.81778835.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a08e45846d6967b3d90c4ac
Tags:
virus
Verdict:
Malicious
Labled as:
Win64/Agent.JFQ trojan
Link:
https://www.hybrid-analysis.com/sample/d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b
Verdict:
Malicious
File Type:
dll x64
First seen:
2026-05-16T17:47:00Z UTC
Last seen:
2026-05-17T18:22:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b/results?tab=lookup
Malware family:
Cactus Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/817d3efe-f0b7-42e2-818b-b55453c93620
Score:
60%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/03713176e7f0d9f3b37ac6eb644d90bb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b/
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-05-16 21:40:59 UTC
File Type:
PE+ (Dll)
AV detection:
20 of 38 (52.63%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xpktji3tbf6tv72o3r6r74jz64xym2ze4zr5druropoe2ihbqnq._file
Verdict:
suspicious
Label(s):
venomloader
Create hunting rule
Similar samples:
41aa04782e436345ef45dc159321d5c0e0e5cba300e55a4d1d3194e5c7c5fd97
45c8cbaeb5c7708e7b8030e701747c65203958e82eddc41f39e0ca93bd36c114
5d585f2b24503a96011bbe928f42b1b663946e822b309f8496573c66b5ee834c
6c7619c34497f430c4f7618cfefe07d1defacfae48f6730c20f52e7a7344faa9
9a2d714ddd5c48722c35df8a70e97f12d46bcde05dc79b7242a7e692bd346826
d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b
error
+ 7 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b
MD5 hash:
03713176e7f0d9f3b37ac6eb644d90bb
SHA1 hash:
813cd8a638b4d5cde58bdf8df7c02260a404802c
Link:
https://www.unpac.me/results/d8b8e2bf-cb7c-4a46-a528-cf7dd82cbcb6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d5dea9a51b984be9d7fa76e3e8ff89cfb97c335927331e8e348b9ee269070c1b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/66154/
  
URLhaus
https://urlhaus.abuse.ch/url/3848298/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3848301/
  
URLhaus
https://urlhaus.abuse.ch/url/3848304/
  
URLhaus
https://urlhaus.abuse.ch/url/3848305/
  
URLhaus
https://urlhaus.abuse.ch/url/3848335/
  
URLhaus
https://urlhaus.abuse.ch/url/3848355/

Comments