MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452
SHA3-384 hash:	5259f6f7ad03f8d24ab96432904802ba7ff8d9396c7efc168420d9be14ea3e78855c1f378a01f0028684e770a6948fd3
SHA1 hash:	1e52eb899030415b6e94d545c898c596db17978c
MD5 hash:	269181136d456c2cf5b1a95bb17d0e18
humanhash:	zulu-cola-maryland-purple
File name:	New Order FT25294C7O7F_PDF.js
Download:	download sample
File size:	1'148'567 bytes
First seen:	2026-02-03 20:41:20 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:wWzbNB4UMDC+R4UvXmyLzECk+4UfQLfbQB4qGfBc0D:F
Threatray	1'958 similar samples on MalwareBazaar
TLSH	T16435179A4CA6D4BE790EFC2D0A91D902CFCD026433135F7BC6231EADB415610B9E657B
Magika	javascript
Reporter	Anonymous
Tags:	js

Intelligence

File Origin

# of uploads :

1

# of downloads :

110

Origin country :

US

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69825db96b1af47db72c8bdd

Tags:

obfuscate xtreme virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint masquerade obfuscated obfuscated overlay powershell repaired

Link:

https://www.filescan.io/uploads/69825db1930564ff3c87c9a8/reports/712b8fa1-85b5-48d8-913c-529e49e03c69/overview

Verdict:

Malicious

Labled as:

JS/Agent.DGD7

Link:

https://www.hybrid-analysis.com/sample/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452

Verdict:

Malicious

File Type:

js

First seen:

2026-02-03T06:13:00Z UTC

Last seen:

2026-02-03T09:19:00Z UTC

Hits:

~100

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452/results?tab=lookup

Score:

12%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jrjlsxpdqoe6yvs7wccmyeb36i5bfawapqhhb3iaiczffoxyarja._file

Verdict:

malicious

Label(s):

novastealer

Similar samples:

009391083b79de327fc9b8b66f7ff3dac490adfb18c89727d6298090fc5a0e60

10d96a57b4a446b30816229307984a151f1d319eb8e25fdffb0b6185055f778a

13602e8578aaf4f286c78ac9f00fd7e53e47cad1145375eb8cfee6ac087853a7

1536e090f45c3abc9414b5005b1153005b40db4a2fc4fddfa00afa78c991a8f8

30347a64996f1516686d0eea67a56eebc43454bcddf0822e4997a35f4761d106

52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236

8019571058646e96e886875801a1711842d8974f24b413ff8b620c05aa08b59a

c401d6ac6b29539dc104f23d19ff4bf752578bc11fa6f558d026f7d59b7bf787

+ 1'948 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/260203-zg8h4ah18b/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://res.cloudinary.com/dy6a9cqng/image/upload/v1770082509/optimized_MSI_dkcy4m.jpg

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/4c52b95de38389ec565fb084cc103bf23a1282c07c0e70ed0040b252baf80452

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample