MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2d2937fd6d4d4f77051673cc6059240ea57c0b19d02ae49adf02ca622af67db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments

SHA256 hash: f2d2937fd6d4d4f77051673cc6059240ea57c0b19d02ae49adf02ca622af67db
SHA3-384 hash: 318addee273f7871341433b72153f1c442fa051d25175cf5ea5feba1e419596d3961177bc7fa4ae99dc4be716f9d0879
SHA1 hash: a2cee7e37d6e5fa3f5fb62607771df989eaae367
MD5 hash: 75763eb8c6da42333797605c9f669982
humanhash: victor-johnny-purple-undress
File name:U2MP3.exe
Download: download sample
File size:87'507'038 bytes
First seen:2025-12-31 08:09:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dcaf48c1f10b0efa0a4472200f3850ed (238 x Efimer, 60 x BlankGrabber, 22 x NetSupport)
ssdeep 1572864:yEWa9Il1txjfJCz+2e7/uY0YlFAkSu/ISTey6NSS6jj5bpSS1MI33XiIyZzfNtPp:yEWaWXtxlCzQ/EaF1Riy6NMjjRpSo13q
TLSH T1681833E947D2892BF9F10C7A82B6D3BBD415FD0E8F5A4009BF9E71911FBB2850471A09
TrID 66.6% (.EXE) InstallShield setup (43053/19/16)
16.2% (.EXE) Win64 Executable (generic) (10522/11/4)
7.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.1% (.EXE) OS/2 Executable (generic) (2029/13)
3.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
dhash icon 9e23332b2933338e
Reporter 5kidRoot
Tags:exe SpyEyes spyware trojan


Avatar
5kidRoot
The following sample was obtained from the following website: https://v2mp3[.]com

Intelligence


File Origin
# of uploads :
1
# of downloads :
345
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
U2MP3.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-31 08:12:14 UTC
Tags:
pyinstaller python

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expand installer-heuristic lolbin microsoft_visual_cc overlay overlay packed pyinstaller unsafe
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-23T19:05:00Z UTC
Last seen:
2026-01-01T18:32:00Z UTC
Hits:
~100
Detections:
Trojan-Spy.Win32.SpyEyes Trojan-PSW.Win32.Stealer.sb BSS:Trojan.Win32.Generic Trojan-Spy.Win32.SpyEyes.btsa
Gathering data
Threat name:
Win64.Trojan.Generic
Status:
Suspicious
First seen:
2025-10-24 04:56:32 UTC
File Type:
PE+ (Exe)
Extracted files:
4299
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery pyinstaller
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Time Discovery
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f2d2937fd6d4d4f77051673cc6059240ea57c0b19d02ae49adf02ca622af67db

(this sample)

  
Delivery method
Distributed via web download

Comments