MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb
SHA3-384 hash: ec6a4db93c9038ccb407f99a036d2c0256291f5b98f4ac1d09538109157c396c3a295ba269f99524e747694839599633
SHA1 hash: 3c721e0d059c26a3ac0dd37328d5991f3473a0e6
MD5 hash: d0693cbf0e2632596ae62f26c0a425a0
humanhash: muppet-skylark-avocado-papa
File name:svchost.exe
Download: download sample
File size:93'076 bytes
First seen:2025-11-23 09:24:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cb466204f5c37666fe7d05c000308c29 (3 x Simda)
ssdeep 384:gzZYsFWolFtjJkDH6nvTDw5IfWHc8jFrV6U6nhTt56n:gz6sFp7jzoqf6cKVji
TLSH T1D6939F67D9D066B3C26A14F404FFF849A5F6D66C43126AFBAE446738AC3B1C0083E611
TrID 30.2% (.EXE) Win64 Executable (generic) (10522/11/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4504/4/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter Hexastrike
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
9
Origin country :
IE IE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/40510/
Gathering data
Gathering data
Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug fingerprint overlay
Link:
https://www.filescan.io/uploads/6922d9c0f96b58f0dc80b3e4/reports/e970d422-774e-49f0-94c0-7c11108cc503/overview
Verdict:
Malicious
Labled as:
Trojan.Shiz
Link:
https://www.hybrid-analysis.com/sample/725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb
Result
Gathering data
Score:
70%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE Memory-Mapped (Dump)
Link:
https://app.malva.re/file/d0693cbf0e2632596ae62f26c0a425a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb/
Threat name:
Win32.Infostealer.Simda
Create hunting rule
Status:
Malicious
First seen:
2025-11-22 16:32:21 UTC
File Type:
PE (Exe)
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ojpnvbhvo7sidoyemy6c5yxvczdh7k6iqjxvj3g4gy7lis6cxh5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251123-lw79zsel8x/
Verdict:
Malicious
Tags:
Win.Trojan.Shiz-664
YARA:
n/a
Link:
https://app.threat.zone/submission/03d3e664-a874-4d75-b6e2-c769abf29363
Unpacked files
SH256 hash:
725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb
MD5 hash:
d0693cbf0e2632596ae62f26c0a425a0
SHA1 hash:
3c721e0d059c26a3ac0dd37328d5991f3473a0e6
Link:
https://www.unpac.me/results/42ae998b-5a23-4119-b4f5-d15895b1f0a9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/725eda84f577e481bb04663c2ee2f516467fabc8826f54ecdc363eb44bc2b9fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/40510/

Comments