MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 2 File information Comments

SHA256 hash:	097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb
SHA3-384 hash:	a2d20d8de45a5e3776cf8ced4b4153fe4a67c3087585a2aeaf0efa58ed8bd1ce35cb75855a4663ccb47f4f31ee1524d6
SHA1 hash:	685f0f729f21b0b4fdea6a05448980ee2d8d9239
MD5 hash:	f92af47aef5e48867dd2d166cd77b5c5
humanhash:	seven-friend-xray-ack
File name:	netutils.dll
Download:	download sample
File size:	139'024 bytes
First seen:	2026-05-28 10:43:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:ujdaJe79xJHKsinr638TFXs0ZvdFSlNc9eU:De79/HKsad5Xs0ZvjsW
Threatray	29 similar samples on MalwareBazaar
TLSH	T137D3028738A45059C80BCD76F1C9D560CBEA77FA8F962A916C17D63C8CE33E2464C54B
TrID	44.6% (.EXE) Win64 Executable (generic) (6522/11/2) 14.0% (.ICL) Windows Icons Library (generic) (2059/9) 13.8% (.EXE) OS/2 Executable (generic) (2029/13) 13.7% (.EXE) Generic Win/DOS Executable (2002/3) 13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	dll exe signed Spam-ITA Vertex-Global-Solutions

Code Signing Certificate

Organisation:	Take-Two Interactive Software, Inc.
Issuer:	VeriSign Class 3 Code Signing 2010 CA
Algorithm:	sha1WithRSAEncryption
Valid from:	2011-09-21T00:00:00Z
Valid to:	2013-09-20T23:59:59Z
Serial number:	695043d68f15550fd5db370fa8817b04
Intelligence:	21 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	5d269a2e2102e52ecbbae4d3dd27cf260fd6b1edf83887802f05a9411efa8c44
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb.dll

Verdict:

No threats detected

Analysis date:

2026-05-28 10:43:43 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/39e09409-4ffb-4c66-872f-aec30c33e2d6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68263/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.25754459.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a181c5e33dfa243d40a6076

Tags:

injection obfusc virus

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

expired-cert explorer lolbin masquerade packed signed

Link:

https://www.filescan.io/uploads/6a181c44099ef368af084024/reports/01711aa9-0ca0-42c9-9c20-8b67696cd8a1/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb

Verdict:

Malicious

File Type:

dll x64

First seen:

2026-05-27T12:11:00Z UTC

Last seen:

2026-05-28T05:42:00Z UTC

Hits:

~100

Detections:

VHO:Trojan.Win32.Inject.gen Trojan.Win32.Inject.sb Trojan.Win32.Agent.xcecgf Trojan.Win32.Agent.sb Trojan-Downloader.Agent.HTTP.C&C HackTool.Win64.HiddenTask.sb

Link:

https://opentip.kaspersky.com/097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d8f27caa-c877-44ce-b844-4141227c0312

Score:

23%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb/

Verdict:

Malicious

Threat:

VHO:Trojan.Win32.Inject

Link:

https://tip.neiki.dev/file/097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bf6vqc2ihf76wrml5vl6z3vprg3obxx7k6hx4kqtecxnvdey5c5q._file

Verdict:

malicious

Label(s):

zuqrastealer

08aa478ed2cefa279f779c5612d0238b82dc92018772fae7116065d93710781b

1c0e141488525ac4770cdb6c47a401b886e5e6fac2b51e740b834a1f597bf7d0

276490a44e77ee07d521f0dced9767bb2a56dc45d8674ec13c14bab422af3c0b

690bfb9bcd652da2ecf606536a64be7400d6c14b56d6d5dce34cd6602ec0ac6a

aed99fb5d11cc20a5889cd8b7ee060986265dffc4690e4ed450975562b6e673e

c39ce6becf3908bcacd5bbe22a6339a1a9c9082c8e7af82b11daec1fc9344a1c

c82a875a0ee65d52f62cf3d5f7c7aee739d5b94e4053beb896e8796a03830674

d5d1888adc5de0a55f8f591960d0bbdde79df2f6b2260c15191d4ff85c02e971

eb854d319ec7513b09c40c432ac3606449c1d1be661bcc771d751a49c0e97b89

error

+ 19 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence

Link:

https://tria.ge/reports/260528-msd3eaex6z/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Drops file in System32 directory

Looks up external IP address via web service

Executes dropped EXE

Downloads MZ/PE file

Unpacked files

SH256 hash:

097d580b48397feb458bed57eceeaf89b6e0deff578f7e2a1320aeda8c98e8bb

MD5 hash:

f92af47aef5e48867dd2d166cd77b5c5

SHA1 hash:

685f0f729f21b0b4fdea6a05448980ee2d8d9239

Link:

https://www.unpac.me/results/4c0294e5-1736-4ab8-a7e9-7d2e953eb216/

Malware family:

ChromElevator

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/097d580b4839/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/68263/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample