MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ValleyRAT

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6
SHA3-384 hash:	80e22b4fce54334f473b0e03d0b716e9930c2a96da044c1742dde2e4a082349ed0b662cc4f497998aebe7a38825dcc44
SHA1 hash:	a7801e5cad62c0fa74e6437931c8a08b3cd555bc
MD5 hash:	d59c1a3e481d96b53f3f39b969fbf27d
humanhash:	red-football-north-december
File name:	Notepad++.exe
Download:	download sample
Signature	ValleyRAT Create hunting rule
File size:	18'829'506 bytes
First seen:	2025-12-31 02:39:08 UTC
Last seen:	2025-12-31 11:23:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d221b1dc8c3a08622f6512e7876527c8 (3 x ZhongStealer, 3 x ValleyRAT, 1 x CoinMiner)
ssdeep	393216:YcZgSOIRP6OPsfJqqRrXkd75Q6Cbl9gLFWvpt4WwELve:hmXIP5qRrUd757ePcFWhtJwEL2
TLSH	T14E17331463EE82BBE5904AB77D405FD29CEE9ADB275DC8123872F532520BC2588D16F3
TrID	40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 12.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.0% (.EXE) Win32 Executable (generic) (4504/4/1) 5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	GDHJDSYDH1
Tags:	backdoor dropper exe FakeApp SilverFox ValleyRAT

Intelligence

File Origin

# of uploads :

# of downloads :

137

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

Notepad.exe

Verdict:

Malicious activity

Analysis date:

2025-12-31 02:29:00 UTC

Tags:

auto generic

Link:

https://app.any.run/tasks/aa18c004-2b89-4ede-98e4-3f99b47e9829

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/46626/

Detection(s):

SecuriteInfo.com.TR.Dldr.Adload.DM.UNOFFICIAL

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69548a6cd2357cccc3de11ec

Tags:

vmdetect fakeapp

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm fakeapp installer installer installer-heuristic microsoft_visual_cc overlay overlay packed

Link:

https://www.filescan.io/uploads/69548cd68d1aa9829e27b1f6/reports/345bcd81-8021-48f1-abfb-35733741dcc9/overview

Verdict:

Malicious

Labled as:

UDS_Trojan_Win32_DLLhijack_gen

Link:

https://www.hybrid-analysis.com/sample/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-12-21T21:52:00Z UTC

Last seen:

2025-12-31T14:47:00Z UTC

Hits:

~10

Detections:

UDS:DangerousObject.Multi.Generic Trojan.Win32.DLLhijack.sb HEUR:Trojan.Win32.DLLhijack.gen

Link:

https://opentip.kaspersky.com/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6/results?tab=lookup

Score:

19%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/d59c1a3e481d96b53f3f39b969fbf27d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6/

Verdict:

Malicious

Threat:

Trojan.Win32.DLLhijack

Link:

https://tip.neiki.dev/file/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gkmoad7r2p5ckwywtf54rieoalrsrcmbacvxla3yxy5nip52jpla._file

Gathering data

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1949eb51-b0d5-4c81-ba6f-fb977e5e5408

Unpacked files

SH256 hash:

3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6

MD5 hash:

d59c1a3e481d96b53f3f39b969fbf27d

SHA1 hash:

a7801e5cad62c0fa74e6437931c8a08b3cd555bc

Link:

https://www.unpac.me/results/c5ba0467-02d1-49fa-b259-65f7bda8092d/

SH256 hash:

64a27f9f48c0bc4efd5179f51271d34bc521039d3f972ec50cf0a0499381f7e9

MD5 hash:

4e22cb18192cd7804496511a0561f56e

SHA1 hash:

c0f71633167a94f5fb39b7f7d7b8c77fe1942c05

Link:

https://www.unpac.me/results/c5ba0467-02d1-49fa-b259-65f7bda8092d/

SH256 hash:

005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa

MD5 hash:

d3f8c0334c19198a109e44d074dac5fd

SHA1 hash:

167716989a62b25e9fcf8e20d78e390a52e12077

Link:

https://www.unpac.me/results/c5ba0467-02d1-49fa-b259-65f7bda8092d/

SH256 hash:

d6f3429b8ffe80e1bc023de22bc23d9b4d384d89a9b22db51aa27c804581642d

MD5 hash:

7b97f7a822f0f4f54c54b8ef92aaf09a

SHA1 hash:

d0916590b36d8e0507b6722449d7ffd2187498a6

Link:

https://www.unpac.me/results/c5ba0467-02d1-49fa-b259-65f7bda8092d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3298e00ff1d3fa255b16997bc8a08e02e328898100ab758378be3ad43fba4bd6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.