MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 4 File information Comments

SHA256 hash:	e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7
SHA3-384 hash:	675c3875ef8b3b1dd625bc160e39de1c4d0fc22d35eae3b4e8625cc82e73995fda84a05793327f50dd087d056c6f2b6f
SHA1 hash:	99123247bdbdf7796161b78dd6e7f07790fef67a
MD5 hash:	23814045e304c167a1d5e52354e4cacb
humanhash:	green-venus-mango-winner
File name:	order#2_W43550970351.exe
Download:	download sample
File size:	1'104'896 bytes
First seen:	2025-08-25 13:34:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	24576:iYISA9Gkws9QVrY8yAmtWt5UOQaDiU2hDKBAS7Ai4:EAbsKrYgmgtp45W7A
Threatray	526 similar samples on MalwareBazaar
TLSH	T1EA351211528ADA07E2A243B90C92E3F13B39DD5D6122D31B4FE57DEB3D3EB0529542B2
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

order#2_W43550970351.exe

Verdict:

No threats detected

Analysis date:

2025-08-25 13:37:44 UTC

Tags:

netreactor

Link:

https://app.any.run/tasks/4b967978-f81f-43d1-98f7-0089d68c0880

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/23450/

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ac66bf3e988eb6ab82b1c6

Tags:

virus msil

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Restart of the analyzed sample

Searching for synchronization primitives

Creating a file

Launching the default Windows debugger (dwwin.exe)

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 bitmap lolbin masquerade msbuild obfuscated packed packed reconnaissance regsvcs rezer0 roboski schtasks stego vbc vbnet

Link:

https://www.filescan.io/uploads/68ac66c07137d684583b8a56/reports/1dd8fd4a-7d20-4a31-a8d7-1110d0deab4a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-08-24T22:29:00Z UTC

Last seen:

2025-08-24T22:29:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/6cef2718-d04f-4d0c-a51a-cebe5dceb438

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.28 Win 64 Exe x64

Link:

https://app.malva.re/file/23814045e304c167a1d5e52354e4cacb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7/

Threat name:

ByteCode-MSIL.Trojan.SnakeKeylogger

Status:

Malicious

First seen:

2025-08-25 04:46:45 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5alqwgd3vcy5qpppwbzknmmoml52pg4anqgbhnuaqjbe2davexdq._file

Verdict:

malicious

Label(s):

unc_loader_037

3565d0d4f2dffdf569be2801736b63029b67352669c69944b22cf73b3515e4a3

8dcb4d425919ced69671cb2f6aa8e304f34a4dfa2c0c2ec7161bd19dd0ae5b09

d9b561166f1a4217a18c9af81de9dbf9df53a86747993a7c931535761df37f42

e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7

error

fb0e6001dc8c00fd0768162baf0af2786ad2ba8da5f0d6a470cbfdf8bf5238e6

+ 516 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/250825-qv4bvsxn17/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/805d216c-3237-4eb8-bcf4-43bbd7e86ce4

Unpacked files

SH256 hash:

e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7

MD5 hash:

23814045e304c167a1d5e52354e4cacb

SHA1 hash:

99123247bdbdf7796161b78dd6e7f07790fef67a

Link:

https://www.unpac.me/results/a71c7f03-1949-48f2-9d8f-136b50dad42c/

Malware family:

zgRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/e8170b187ba8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.91

Link:

https://yomi.yoroi.company/submissions/e8170b187ba8b1d83defb072a6b18e62fba79b806c0c13b68082424d0c1525c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/23450/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample