MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5
SHA3-384 hash: bfa839307e7cf79de3caf3ac8b023962e917ca9c8e117c666c50cba2efb4363699ee434985ba4c0cd71248dbd1ab3c50
SHA1 hash: ce75a6b54ed178fa0e85e423838eaba67bf8d8f0
MD5 hash: e8ff8edfc784e781a1426cf28540d3ac
humanhash: washington-ceiling-july-indigo
File name:autoIt.chm
Download: download sample
File size:17'123'919 bytes
First seen:2025-12-24 01:45:39 UTC
Last seen:Never
File type:
MIME type:application/vnd.ms-htmlhelp
ssdeep 393216:aF/gpm1VwZ47AAE20iZL0DC/NQSoKoWyb7YHuTK8:Ii2t0ONQSonWybouj
TLSH T157073382660A9D3CECF874738F6F81CD7D9AD09B8C5050410EAF2BF4999B8D558F2E46
Magika chm
Reporter smica83
Tags:chm

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694b45eb038f10550b553d5f
Tags:
vmdetect agent micro sage
Result
Verdict:
Malicious
File Type:
CHM File - Malicious
Link:
https://app.docguard.net/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm obfuscated
Link:
https://www.filescan.io/uploads/694b45e7a7163552ba0469c1/reports/6f6ced82-9b6a-44ef-ae16-37250fefc612/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5
Verdict:
Malicious
File Type:
chm
First seen:
2025-12-20T23:02:00Z UTC
Last seen:
2025-12-20T23:35:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5/
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f7f43qzpjjurpfvfursacd7jgcihgejeni4w3bkgvsh36gbiho2q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/251224-b64z7ssres/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/2fcbcdc32f4a691796a5a464010fe930907311246a396d8546ac8fbf18283bb5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CHM_File_Executes_JS_Via_PowerShell
Create hunting rule
Author:daniyyell
Description:Detects a Microsoft Compiled HTML Help (CHM) file that executes embedded JavaScript to launch a messagebox via PowerShell
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments