MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1
SHA3-384 hash:	1b0df84ad20f56387a55d64a051ec5c241f84f2fb26a819ea5457256c3c5d9037d029f2f3e36b52da96afcd5bdcee972
SHA1 hash:	ed9b67eb2aa040987d33f1b9276af999e3ef633a
MD5 hash:	0db84a1f2a01e3ad518e4175f15deebc
humanhash:	fillet-wisconsin-autumn-london
File name:	58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1.bat
Download:	download sample
File size:	2'054 bytes
First seen:	2026-04-14 18:23:32 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	48:C70ldUDxSppgiCC0eGsTtR0pmpyjmtRkmL6b:a0DFngG3Z5QmtG
Threatray	128 similar samples on MalwareBazaar
TLSH	T152418E56210227684D35746475B246C3DE07E88F2FA0F2C57988653C2F1AF954BABCBE
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	batch
Reporter	JAMESWT_WT
Tags:	195-177-94-94 bat

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

Certificado.zip

Verdict:

Malicious activity

Analysis date:

2026-01-16 04:03:57 UTC

Tags:

auto generic arch-exec arch-doc susp-powershell emmenhtal hijackloader stealer delphi loader amsi-bypass

Link:

https://app.any.run/tasks/dcdfb1ef-f1ee-4862-872c-83d4722ad0a4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/61587/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69de8649f68adfe10039d130

Tags:

obfuscate xtreme shell

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the process to interact with network services

Launching a process

Creating a file

DNS request

Connecting to a non-recommended domain

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Creating a process from a recently created file

Creating a window

Сreating synchronization primitives

Modifying a system file

Creating a file in the Windows subdirectories

Creating a file in the %temp% subdirectories

Creating a file in the %AppData% subdirectories

Using the Windows Management Instrumentation requests

Unauthorized injection to a recently created process by context flags manipulation

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 lolbin msiexec net obfuscated powershell

Link:

https://www.filescan.io/uploads/69de8636fd15f1ca1ccfe059/reports/232c679a-cdd5-49ec-827a-9f5a07c6d7dd/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-01-15T10:27:00Z UTC

Last seen:

2026-04-15T08:37:00Z UTC

Hits:

~10

Detections:

Trojan.APosT.UDP.C&C HEUR:Trojan.BAT.Alien.gen

Link:

https://opentip.kaspersky.com/58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1/results?tab=lookup

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1/

Verdict:

Malicious

Threat:

Family.HIJACKLOADER

Link:

https://tip.neiki.dev/file/58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ld5s3tfxqy2ag3w7nurhvehtd6ut5rq5d4esu7xpljtkfzxszdiq._file

Verdict:

malicious

Label(s):

gpugate

hijackloader

82122b18d10214149197264e486929ce6f38eaeb17058c8bd3b16b0133c7efc4

9007661e48e9d4b325029b08a941aa99d315e33be6496380dacf238f0b95ccf3

918b54f56f26837fa477b8b3b00d3281fc273338083a9e27e52ff34868cff1be

92bf8858f323d9d335729cfde6cad182d3f6285b59b31ef11e15448813890a4e

d6963c17bc9dde332e827a313e697f9fdc6de7af58859b4c364c2fffa5b3f909

error

f1d05b94e929dcb423c30d28bdd3394feeb221b30d2e0af3ab8631521af34852

+ 118 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

defense_evasion execution

Link:

https://tria.ge/reports/260414-w1wf4acx91/

Behaviour

Delays execution with timeout.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/58fb2dccb78634036edf6d227a90f31fa93ec61d1f092a7eef5a66a2e6f2c8d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution

Rule name:	obfuscated_BAT Create hunting rule
Author:	@warz_s
Description:	Identifies obfuscated BAT files
Reference:	https://github.com/secwarz/YaraRules

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/61587/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample