MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1145e36db0b83afac59e0949e16fee00a65a6fd40ebcb4dc5f20e7690f3dec8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
XWorm
Vendor detections: 6
| SHA256 hash: | 1145e36db0b83afac59e0949e16fee00a65a6fd40ebcb4dc5f20e7690f3dec8c |
|---|---|
| SHA3-384 hash: | 9007e4a71ac4bc326b2e4532ebb80f1006d64ef52ccfe9224d807d1cf9188ac50f79f78d639ebe0d76491f04dc19bbf9 |
| SHA1 hash: | d9d0e6c215f10c7a4b8f8622b0d74cfe74c480bf |
| MD5 hash: | a9ce90d57ed01ac752d9f85be87041ff |
| humanhash: | batman-lithium-nitrogen-oklahoma |
| File name: | SCAN_DOC_FILE_PR_0001000265.rar |
| Download: | download sample |
| Signature | XWorm |
| File size: | 882'254 bytes |
| First seen: | 2026-07-03 18:03:14 UTC |
| Last seen: | 2026-07-03 18:03:24 UTC |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 24576:34vdXZdosi48s57a+bcZr4fe9pa6p3ZjIUcC9+RMf75:34VXZCd1s57a+Krf4eIcwS1 |
| TLSH | T1901523D58721D603C85155FE9DF8B09E80AE5EBBF90C0844D476A3AFDF39618A99C23C |
| TrID | 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1) 41.6% (.RAR) RAR compressed archive (gen) (5000/1) |
| Magika | rar |
| Reporter | |
| Tags: | rar xworm |
Intelligence
File Origin
# of uploads :
2
# of downloads :
58
Origin country :
CHFile Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | SCAN DOC FILE PR 0001000265.JS |
|---|---|
| File size: | 4'186'364 bytes |
| SHA256 hash: | ddfbf3db2b7e15b8202b71e1e97a180a54a3b248cbc9347d044b338862086d09 |
| MD5 hash: | 74a5fb2edb6d0cdde2751397f5c97b42 |
| MIME type: | text/plain |
| Signature | XWorm |
Vendor Threat Intelligence
Detection(s):
Verdict:
Clean
Score:
70%
Tags:
n/a
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
anti-debug downloader dropper evasive obfuscated obfuscated packed repaired xloader
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-30T07:58:00Z UTC
Last seen:
2026-07-03T05:56:00Z UTC
Hits:
~10
Gathering data
Threat name:
Script-JS.Trojan.Heuristic
Status:
Malicious
First seen:
2026-07-01 14:06:00 UTC
AV detection:
10 of 24 (41.67%)
Threat level:
2/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
XWorm
rar 1145e36db0b83afac59e0949e16fee00a65a6fd40ebcb4dc5f20e7690f3dec8c
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.