URLhaus Database

You are currently viewing the URLhaus database entry for http://176.46.158.8/files/7002513081/HMWI3He.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3590813
URL:	http://176.46.158.8/files/7002513081/HMWI3He.exe
URL Status:	Offline
Host:	176.46.158.8
Date added:	2025-07-27 15:44:10 UTC
Last online:	2025-07-30 17:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-07-27 15:45:13 UTC to luke[dot]ross{at}mnttr[dot]com)
Takedown time:	3 days, 1 hours, 41 minutes (down since 2025-07-30 17:26:38 UTC)
Tags:	CoinMiner

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-07-29	HMWI3He.exe	exe	cd1b933186de9887c871bebdf8dcea3133ae253a2f6033d09d787413f68131cc	n/a		CoinMiner
2025-07-29	HMWI3He.exe	exe	f1bcf3ea11516342d69848088d603f16c682f31992e8f9213dd8accb30dc53ab	n/a		CoinMiner
2025-07-29	HMWI3He.exe	exe	45e540c12ad8e1dafb5449b9149a2fe96ee969efd6317a8291bbe805c14e2fcb	n/a		CoinMiner
2025-07-29	HMWI3He.exe	exe	ce62399673fe4b99511e0b833ea5b96c518a8a4c81f72b60a0f0d64b953ec314	n/a		CoinMiner
2025-07-29	HMWI3He.exe	exe	141983348ee276089926ce1188c3b175e47124cb19ab832bd2410aa143f717cf	n/a		CoinMiner
2025-07-28	HMWI3He.exe	exe	6efc2ed311633933d25312e34cfb56f52f2cf5d2d733070ecc64b49e7c8d6028	n/a
2025-07-27	HMWI3He.exe	exe	104087ebefb67b32867ea5e8aba88df4d206ade3da18ab95dbf08887cd02a7c4	42.25%		CoinMiner
2025-07-27	HMWI3He.exe	exe	36aea3a1c1ed3b15a0685523ea1c2624c5a4bbc2e6c6f2ad727fc9f5c339e6cd	34.72%		CoinMiner