MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e79b827b3cc29e940736dc20cc9c25958c0b09c25fc0bc8aacbd6365f38db71f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: e79b827b3cc29e940736dc20cc9c25958c0b09c25fc0bc8aacbd6365f38db71f
SHA3-384 hash: 1078da476f30a3df49dd07b3ee01867754bd71c208d4fb80b8f2cdfb4999fe42e6797469e6a696bf959b0ab02339a9e5
SHA1 hash: 08d11d276ca68834b0d4fbe6d8e9b38e32b9e03f
MD5 hash: 3ce1fe656d1b61005d70dac64366dd2a
humanhash: kilo-crazy-uncle-september
File name:nvidiasdk.exe
Download: download sample
File size:70'233'600 bytes
First seen:2025-09-11 06:57:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b553485ba6ad1c4b82faf005cc2084b
ssdeep 393216:OWHObNM5mr/Wsh3sHGVsVAVmru70vy1Yve25XFQu58EISEhoIaE2FShLlCdlA0XO:OWEJtQQxhgZsVcuthJvxOOxdr
TLSH T13EF75A4267EA04C5F9F7AA3489E65213D673BC067F3081CB325C172A1F736E09976B62
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
dhash icon f89efcf8f971f2e0 (10 x NodeLoader, 9 x FixStealer, 6 x Amadey)
Reporter _O_l_i_v_e_r___
Tags:BeaverTail ContagiousInterview exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
376
Origin country :
AU AU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
nvidiasdk.exe
Verdict:
Malicious activity
Analysis date:
2025-09-11 07:52:42 UTC
Tags:
stealer

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Connection attempt
Launching a process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-07-02T20:10:00Z UTC
Last seen:
2025-07-02T20:10:00Z UTC
Hits:
~1000
Gathering data
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments