MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc
SHA3-384 hash:	e8fe5290c62360db9db327b1c77382cee1b8bd0eecc72b60c4c299246dc80702cabf0cca377793a5a71e74dc8fd0d563
SHA1 hash:	8c008f3bd006fb94fa76881f5598df7e87a66a05
MD5 hash:	fe2468f7870683aacbd1d9bf06515f16
humanhash:	yankee-video-oven-saturn
File name:	fsdf6456ffghfg4234dfgdfg343g3cvbhf544h4dfgd34343676hfgh45.vbe
Download:	download sample
File size:	3'263'228 bytes
First seen:	2025-11-29 10:43:07 UTC
Last seen:	Never
File type:	vbe
MIME type:	application/octet-stream
ssdeep	24576:2W5Lt5sUX3ZIuD+RYRs4fxg/M9OwbfoINDDCGnMKLALcdzJHccjR31t39gc7gyJd:RJqSfVfJDTMET
TLSH	T1EFE5D15D84B05CD26014FE74F685FBD7CCEA53852A2B07520FE4858A3352C83FAA77A6
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	txt
Reporter	juroots
Tags:	vbe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

31

Origin country :

CH

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.VBS.Encrypted.Gen.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=692ace646657e34332823054

Tags:

obfuscate xtreme shell

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

anti-vm

Link:

https://www.filescan.io/uploads/692ace4dd0d5e7288b505816/reports/35ff35dd-9cca-480f-b7da-2fec1f9c6530/overview

Hybrid Analysis Unknown

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc

InQuest

Result

Gathering data

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

vbe

First seen:

2025-11-27T08:19:00Z UTC

Last seen:

2025-11-27T13:19:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc/results?tab=lookup

Malva.RE Malware

Verdict:

Malware

YARA:

1 match(es)

Tags:

Obfuscated Schedule.Service Scripting.FileSystemObject VBScript Encoded WScript.Shell

Link:

https://app.malva.re/file/fe2468f7870683aacbd1d9bf06515f16

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc/

Neiki Trojan-Downloader.JS.SLoad

Verdict:

Malicious

Threat:

Trojan-Downloader.JS.SLoad

Link:

https://tip.neiki.dev/file/20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc

ReversingLabs TitaniumCloud Script.Trojan.Heuristic

Threat name:

Script.Trojan.Heuristic

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-11-27 12:52:04 UTC

File Type:

Text

AV detection:

6 of 36 (16.67%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=edaw5d6gecpijka2y5hioxpg5efrwqdpchb3v7rlgn2pbcxg7tga._file

Hatching Triage Malicious

Result

Malware family:

n/a

Score:

  8/10

Tags:

discovery execution persistence

Link:

https://tria.ge/reports/251129-msw8zsyjbr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Checks computer location settings

Command and Scripting Interpreter: PowerShell

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc