MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
SHA3-384 hash: c354d1165b0542f5eb4d04f97a484b5e301cba681faf356b9b7943d08026700cee5d075c9eb4df222e20ff1d826cbc24
SHA1 hash: daa8785fb7e60a52e41ba17aee4d3c8949ab5e02
MD5 hash: 6b3cee28554f2c1a68b3c0188b563931
humanhash: virginia-florida-kentucky-seven
File name:99999.msi
Download: download sample
File size:84'614'144 bytes
First seen:2026-02-12 13:58:44 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1572864:gXouVnBos95DgRC/eFckvh04JvSb58t3JrqM4LY1bO7SpE63/x9P:XuD95UCGSX49SU3JSM167SvJ9
Threatray 705 similar samples on MalwareBazaar
TLSH T1EC083322B15B59A8DA1F233FE0A8EF8845347CA1B31799BBB37C7F6546B158311B1903
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter Ling
Tags:Malgent msi Trojan:Win32/Malgent!MSR


Avatar
CNGaoLing
This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win32/Malgent!MSR)

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/21e15ffa-4f29-4546-b8fb-cdf69936ab6d/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698ddcbf1c4b7b977f65d0b9
Tags:
virus blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug at base64 CAB cmd crypto donut evasive expand expired-cert expired-cert fingerprint installer large-file lolbin lolbin msiexec obfuscated runonce wix
Link:
https://www.filescan.io/uploads/698ddcb3930564ff3c9cdde6/reports/45b7ea1c-65a3-4e8b-b289-59ed31a5de5e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
msi
First seen:
2026-02-11T13:18:00Z UTC
Last seen:
2026-02-13T10:21:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.AutoRun.sb HEUR:Trojan.OLE2.Autorun.gen Trojan.Win32.Shellcode.sb Trojan.Win32.DLLhijack.aeif BSS:Trojan.Win32.Generic Trojan.Win32.Inject.sb Trojan.Win32.Agent.sb Trojan.Win32.DLLhijack.sb Trojan.Win32.DLLhijack.aeie
Link:
https://opentip.kaspersky.com/d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c/results?tab=lookup
Score:
58%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.DLLhijack
Link:
https://tip.neiki.dev/file/d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
Threat name:
Win32.Exploit.DonutMarte
Create hunting rule
Status:
Malicious
First seen:
2026-02-11 19:59:15 UTC
File Type:
Binary (Archive)
Extracted files:
129078
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2yuxlwofnp6pdawsgqohz4a6ub2qhm5abuwytpdxe5gxpglt32oa._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
4410442a1ab1ddb19c40bec809ed78a7183cb28fbf990fa23ea6796c8f44357c
480fc5d1e6a75c460ad7e654600210a2b67a344f3cd4d47a34a22470fbf1ac40
4be9f926d3e4110fde3d85ddf93785ca1477aac137ded1e49e4e7d337fb71252
76d05282f149a1db0581a16696d1a141d432b8f34437f2008591263ba5653cb1
7e90d6ba18a3be40de5d4c65e576b21b037f0ecf89bd5d0e7f2f0dee1c2c42f0
b56f20c51c18c94923000949a1685d72e1b8f692fbfef29f0feea9252955da6b
d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c
error
f6fb51b18c7f3e118798acbaba51fb18f813ae0678dd6f6eba735115bdd8fd88
+ 695 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/260212-rag4kadt4b/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Enumerates connected drives
Loads dropped DLL
Malware family:
DonutLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d62975d9c56b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi d62975d9c56bfcf182d2341c7cf01ea07503b3a00d2d89bc77274d779973de9c

(this sample)

  
Delivery method
Distributed via web download

Comments