MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e
SHA3-384 hash: eab9d680e9eff4380855e32e4aa2daee21908292f5e852d743f64883ec7a65d984c3a5691d57630eccff0e5b7dd30a28
SHA1 hash: 82cccffdb5139ea33c7cf907782f7936f7fbd144
MD5 hash: eeaaed8dab26729dcc2d4ea71c997668
humanhash: sodium-venus-quiet-eighteen
File name:Installer.exe
Download: download sample
File size:618'888 bytes
First seen:2026-06-21 11:52:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:vvnH8CdhTKv6GsA8Ef9J8DP9yRn9OIXSLen9OIXS9t:vfHD8vFVhlJsPA2ICXIC9t
TLSH T19DD412507BBD872CE6BFABB45A1272427F35FB253135CE6C68CE128C19A17108660B77
TrID 44.6% (.EXE) Win64 Executable (generic) (6522/11/2)
14.0% (.ICL) Windows Icons Library (generic) (2059/9)
13.8% (.EXE) OS/2 Executable (generic) (2029/13)
13.7% (.EXE) Generic Win/DOS Executable (2002/3)
13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon 334d6933334d6933
Reporter alegonzriv
Tags:antivirusshield exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
Installer.exe
Verdict:
Malicious activity
Analysis date:
2026-04-16 11:16:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6c1d4a99-f938-4d01-bc05-ab3eb74a9314

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71418/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a37e1ab86bc95245bf84a88
Tags:
vmdetect emotet
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm bitmap fingerprint installer-heuristic lolbin packed packed reconnaissance sc signed stego
Link:
https://www.filescan.io/uploads/6a37e1a49799578a6c43fc53/reports/a6fd29f3-d510-49ad-880d-d1774bd06579/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-02-22T14:15:00Z UTC
Last seen:
2026-06-21T19:56:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/847421e5-4adb-4dce-8b1c-e725a80ec5fb
Score:
7%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.35 Win 64 Exe x64
Link:
https://app.malva.re/file/eeaaed8dab26729dcc2d4ea71c997668
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nhl5d2q4mj7sf7kjhfmg7ov7zxalw7qsxtudrczhbrs6o7rkwha._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/260621-qbvklsdt6l/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks installed software on the system
Drops file in Program Files directory
Executes dropped EXE
Launches sc.exe
Checks computer location settings
Adds Run key to start application
Creates new service(s)
Unpacked files
SH256 hash:
eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e
MD5 hash:
eeaaed8dab26729dcc2d4ea71c997668
SHA1 hash:
82cccffdb5139ea33c7cf907782f7936f7fbd144
Link:
https://www.unpac.me/results/78e4a15b-5944-43fb-8a57-07df336d4548/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Runtime_Broker_Variant_1
Create hunting rule
Author:Sn0wFr0$t
Description:Detecting malicious Runtime Broker
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe eb4ebe8f50e313f917ea49cac37dd5fe6e05dbf095e741c45938632f3bf1558e

(this sample)

  
Dropping
antivirus
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/71418/

Comments