MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 4 File information Comments

SHA256 hash:	39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6
SHA3-384 hash:	e8577131ee5734f7b64ef73f5b607af2d99757d0221a3464317feddb908ad185b05f06288ee5d567d867fb574c79d8d2
SHA1 hash:	9b497c7e5be4c0e46ce0740f42819d6733785b77
MD5 hash:	9c8a71c0fced9505459444c9b0f475d0
humanhash:	two-ack-hotel-charlie
File name:	SecuriteInfo.com.Trojan.GenericKDZ.111786.955.3480
Download:	download sample
File size:	298'377 bytes
First seen:	2025-06-07 22:34:04 UTC
Last seen:	2025-06-08 00:05:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	78c54cf27f80186f2ec7bd8323b3ec0f
ssdeep	6144:U1NUcZ9gfSMlOnTEKb6tYf2a+npMFlxiWMhxmODq34mdUQk/A/tTRZbS3R5nXqtb:CicLslsl6za+nSYWMh7mdsAB3ShBX6
TLSH	T119548D49A69E0BCDCDA4B2F8267149AB17D31B630813E467EB3C5B87362313DFA47464
TrID	45.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.3% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

470

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan.GenericKDZ.111786.955.3480

Verdict:

No threats detected

Analysis date:

2025-06-07 22:51:44 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e4b61a48-dd5b-4f80-b683-ed9e71bead3a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/7944/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.111786.955.3480.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6844c06607b5e8c1cfe5816c

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

adaptive-context overlay overlay packed packed packed packer_detected upx

Link:

https://www.filescan.io/uploads/6844bef4fd02ed5e059d8cac/reports/3d0edd9d-e3cf-4d64-9cc0-ed9a583babea/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/39d37989-c56a-47eb-9378-e772d5deb055

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1709075

Signature

Contains functionality to check for running processes (XOR)

Found direct / indirect Syscall (likely to bypass EDR)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6/

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2025-06-07 22:36:20 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 24 (66.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hfbs7i6wwbmcyaszmzpg5ltfy364yf4tyubyjkefhd5t5z3gblla._file

Result

Malware family:

n/a

Score:

5/10

Tags:

upx

Link:

https://tria.ge/reports/250607-2jcwbagm9s/

Behaviour

Suspicious use of AdjustPrivilegeToken

UPX packed file

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/3b3ee541-aea0-4fc0-a502-94ca9cdc0355

Unpacked files

SH256 hash:

39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6

MD5 hash:

9c8a71c0fced9505459444c9b0f475d0

SHA1 hash:

9b497c7e5be4c0e46ce0740f42819d6733785b77

Link:

https://www.unpac.me/results/44b0c1c2-53d0-4a3a-937c-5f530890b583/

SH256 hash:

6a2173883c8a3027ce4e7e1c22dd9e2a105a2206102665694e2a3ff1bbd87a83

MD5 hash:

9d60793453b1059984f17bd7c3d7057a

SHA1 hash:

bbb2ba86d9addd52dc0afe58408a1404d68421ef

Link:

https://www.unpac.me/results/44b0c1c2-53d0-4a3a-937c-5f530890b583/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/39432fa3d6b0582c0259665e6eae65c6fdcc1793c50384a88538fb3ee7660ad6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	upx_largefile Create hunting rule
Author:	k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/7944/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample