MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 14

Intelligence 14 IOCs YARA 4 File information Comments

SHA256 hash:	de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae
SHA3-384 hash:	3284da5ca7b058ebc450b739be384266806cf09787f67edd96fd70e6ef90c0199b2c086f4efe71f80268e58ea1e5a28b
SHA1 hash:	39b903cb6b3ac30ccdc09e0ff58caab43768db6b
MD5 hash:	6d0ccc2aa5de2b7ac8031414673ad4e0
humanhash:	march-friend-coffee-mango
File name:	Quotation-3378856.exe
Download:	download sample
File size:	1'321'472 bytes
First seen:	2026-03-09 09:20:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'843 x AgentTesla, 19'775 x Formbook, 12'297 x SnakeKeylogger)
ssdeep	12288:+umbhgtS2tNnR1NMabvxniAfP2X3572uEW3NbPBkGOELpUBjicWZwXVEWG:+RWD5VbvcIP23572uR9NLywcWZ
TLSH	T1F055D0102E82160CE66D2B78C262C47C27F0DC276597D72B2EEC2DB77ABEB82DD05455
TrID	73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win64 Executable (generic) (6522/11/2) 4.5% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

DeepSea

Details

DeepSea

DeepSea decrypted strings

Link:

https://research.acce.ciphertechsolutions.com/results/d9058f27-1405-42c2-a425-c8ebe9c7a64d/

Malware family:

n/a

ID:

File name:

Quotation-3378856.rar

Verdict:

Suspicious activity

Analysis date:

2026-03-05 10:21:41 UTC

Tags:

arch-exec netreactor

Link:

https://app.any.run/tasks/0321fcb4-68b8-4ff0-891d-fa832d372521

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/56759/

Detection(s):

SecuriteInfo.com.IL.Trojan.MSILZilla.160854.31105.12932.UNOFFICIAL

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69ae911be5dc8e2b2c31705c

Tags:

virus micro msil

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

formbook obfuscated obfuscated packed vbnet

Link:

https://www.filescan.io/uploads/69ae911097feb4afd677144f/reports/712f1b48-680b-44ec-95b3-262dfb88b8f4/overview

Verdict:

Malicious

Labled as:

IL:Trojan.MSILZilla

Link:

https://www.hybrid-analysis.com/sample/de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

Verdict:

Malicious

File Type:

exe x32

Link:

https://opentip.kaspersky.com/de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae/results?tab=lookup

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7bc8c5dc-0b36-47b7-a60f-27feb0c0015a

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

Verdict:

inconclusive

YARA:

10 match(es)

Tags:

.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.84 Win 32 Exe x86

Link:

https://app.malva.re/file/6d0ccc2aa5de2b7ac8031414673ad4e0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae/

Threat name:

ByteCode-MSIL.Trojan.PureLogStealer

Status:

Malicious

First seen:

2026-03-05 04:48:56 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3zaunlxe7un7n7dikakqek4zghfg52wz2qwuidprm3qv2uqxikxa._file

Verdict:

malicious

Label(s):

purecrypter

Similar samples:

error

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/260309-lbgarscy8q/

Behaviour

System Location Discovery: System Language Discovery

.NET Reactor proctector

Unpacked files

SH256 hash:

de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

MD5 hash:

6d0ccc2aa5de2b7ac8031414673ad4e0

SHA1 hash:

39b903cb6b3ac30ccdc09e0ff58caab43768db6b

Link:

https://www.unpac.me/results/b0099bea-f791-4f09-95a7-8231e69725e3/

SH256 hash:

c47ada3392dd20199b6d259e6afa093674a2a829051ddf30b38dd34d1fcebd29

MD5 hash:

2c8ba1fe8e140fc5c280a79b47372139

SHA1 hash:

ed2d31b2b3bd622d3c3b65d4117007145a28d81d

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

INDICATOR_EXE_Packed_DotNetReactor

Link:

https://www.unpac.me/results/b0099bea-f791-4f09-95a7-8231e69725e3/

Parent samples :

1439e036d8b04775d5462e7dbbb6e0b90e7668545f7ca5dae2aac74e84b184aa
3fedec832e464055478f1f221aa42fe894b227f168c59bb5ba9e8f2eefdd53cb
238441c6a05dd55e6cee3b33c991a8d91302c9e687e4607f2b33ca74dc850ea5
9992e4177343a1227f6a60f77f6556f5df92b30ce35b5521ee4156bb4fabb844
95a769c7e3b0b372e3e4d9534127d61fdeef9186ccc99ed88cba00423178da29
3246fdc5c32e6b265880c004ebee3d7aa2d9bcb0c01874c03616e2b736f9e825
018f85786e3cbf158c1a9d44c0d82bdd8d86958e7f8eb9e8dc74e3293f42c068
de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe de4146aee4fd1bf6fc685015022b9931ca6eead9d42d440df166e15d521742ae

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/56759/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample