MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7
SHA3-384 hash: 56a8cf8ac441f4b8785d3baa55cfa68f2d702610b40782f8958e9396893643ae169a7df0136b4fd6d5bb59a2372fb962
SHA1 hash: 9e6367f1ddb1cb6530e192b1a28886967c023ab2
MD5 hash: 6adb907c6c66a4779c29b6602ad1cf50
humanhash: queen-ten-timing-romeo
File name:PAGO100348895.vbs
Download: download sample
File size:1'117'911 bytes
First seen:2026-02-20 20:22:52 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 384:/fuJ0ziyOsGIH6riiZpyzH9VMfbLLMRxIWf:/fuJ0ziyOsGIH6riiZpyzH9VMfbLLML
TLSH T1893552DDCAD6AA76DE17D2B1FC963F40BBEF113848C5A917A0662C314900CE54AA5F32
Magika toml
Reporter James_inthe_box
Tags:exe vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53947/
Detection(s):
SecuriteInfo.com.VBS.Agent-101.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6998c2b38fffa866e3afe6b1
Tags:
ransomware autorun shell sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6998c2b010e80629d4ebdf03/reports/35cd6daf-3d3f-44f7-b3f2-01a2bbf27f58/overview
Verdict:
Malicious
Labled as:
GT:VB.VBS.Rempi.5
Link:
https://www.hybrid-analysis.com/sample/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7
Verdict:
Malicious
File Type:
vbs
Detections:
Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Win32.Agentb.gen HEUR:Trojan.Script.Generic Trojan.VBS.SAgent.sb Trojan.Agentb.TCP.C&C PDM:Trojan.Win32.Generic Trojan.Win32.Zapchast.bhgd
Link:
https://opentip.kaspersky.com/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7/results?tab=lookup
Score:
33%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7
Threat name:
Script-WScript.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-02-20 20:22:54 UTC
File Type:
Text (VBS)
AV detection:
9 of 23 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijk2grlpbhnpwqggclgehhjookjiavs7ndb2h44a23cyhc4on3dq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/260220-y58ckabz7b/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Drops startup file
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://excellence01.rf.gd/optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4255a3456f09dafb40c612cc439d2e729280565f68c3a3f380d6c5838b8e6ec7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/53947/

Comments