MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | 20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc |
|---|---|
| SHA3-384 hash: | e8fe5290c62360db9db327b1c77382cee1b8bd0eecc72b60c4c299246dc80702cabf0cca377793a5a71e74dc8fd0d563 |
| SHA1 hash: | 8c008f3bd006fb94fa76881f5598df7e87a66a05 |
| MD5 hash: | fe2468f7870683aacbd1d9bf06515f16 |
| humanhash: | yankee-video-oven-saturn |
| File name: | fsdf6456ffghfg4234dfgdfg343g3cvbhf544h4dfgd34343676hfgh45.vbe |
| Download: | download sample |
| File size: | 3'263'228 bytes |
| First seen: | 2025-11-29 10:43:07 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/octet-stream |
| ssdeep | 24576:2W5Lt5sUX3ZIuD+RYRs4fxg/M9OwbfoINDDCGnMKLALcdzJHccjR31t39gc7gyJd:RJqSfVfJDTMET |
| TLSH | T1EFE5D15D84B05CD26014FE74F685FBD7CCEA53852A2B07520FE4858A3352C83FAA77A6 |
| TrID | 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1) |
| Magika | txt |
| Reporter | |
| Tags: | vbe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
31
Origin country :
CHVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Score:
99.1%
Tags:
obfuscate xtreme shell
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
anti-vm
Result
Gathering data
Verdict:
Malicious
File Type:
vbe
First seen:
2025-11-27T08:19:00Z UTC
Last seen:
2025-11-27T13:19:00Z UTC
Hits:
~10
Verdict:
Malware
YARA:
1 match(es)
Tags:
Obfuscated Schedule.Service Scripting.FileSystemObject VBScript Encoded WScript.Shell
Verdict:
Malicious
Threat:
Trojan-Downloader.JS.SLoad
Threat name:
Script.Trojan.Heuristic
Status:
Malicious
First seen:
2025-11-27 12:52:04 UTC
File Type:
Text
AV detection:
6 of 36 (16.67%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
discovery execution persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
vbe 20c16e8fc6209e84a81ac74e875de6e90b1b406f11c3bafe2b3374f08ae6fccc
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.