MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ee7da2bc52fa3b794ad34788e87a0aa76dca6f43805fb9cf636f02ac87ebe0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 2ee7da2bc52fa3b794ad34788e87a0aa76dca6f43805fb9cf636f02ac87ebe0b
SHA3-384 hash: 0212177fead0e9bcd2ba3d619746cc4005dc0e32ab28792670e29b9a665c490baf3ad0c4f0a6160e6adf18db9207307f
SHA1 hash: c389c56b97072ffe0b9e039cebd4817df27c5d16
MD5 hash: 61d2fd1ec45a1ce7cc0d3f7aac9362a0
humanhash: single-lamp-ohio-bluebird
File name:obf - Copy.js
Download: download sample
File size:12'896 bytes
First seen:2026-06-30 17:47:33 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 384:Zy1cZOjFQAybwka0UoV86wWBuArHlQUYey:ZYcZORQAybXKoOKuADCUY
TLSH T124426B8A3C43FCF513A53A83EEEF24F2EC16985549AA4545486FF7310229BC62C176E7
Magika javascript
Reporter James_inthe_box
Tags:exe js

Intelligence


File Origin
# of uploads :
1
# of downloads :
175
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Tags:
trojan shell agent
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
base64 repaired
Verdict:
Malicious
File Type:
js
First seen:
2026-06-30T14:57:00Z UTC
Last seen:
2026-07-01T05:42:00Z UTC
Hits:
~100
Detections:
PDM:Trojan.Win32.Generic Trojan.Win32.Agent.sb HEUR:Trojan.Script.Generic Trojan.Win32.Garvi.a NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C
Gathering data
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware discovery execution persistence spyware
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Time Discovery
Drops file in Windows directory
Adds Run key to start application
Checks computer location settings
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments