MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HijackLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1
SHA3-384 hash: 2b74b1893ce3a0c132f565f93c465ea1f806497f9386274971fcb00d847e3e5511255eaec04d0c7c52c42d8a2b6cbdb3
SHA1 hash: eebb091db3af6fd4e81e8590f52b2d1d49648347
MD5 hash: 78f69b0a4fee11f613e2c76e3090073b
humanhash: finch-london-hawaii-gee
File name:OHKJZRUM.msi
Download: download sample
Signature HijackLoader
Create hunting rule
File size:8'413'184 bytes
First seen:2025-11-09 17:02:38 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 196608:QiubkYQGixjtnjDGty9eNTTrRjT7Mb3LQWX0Wch1Qqd:wXrwjtnjBENTTrRPM3rnch1z
Threatray 31 similar samples on MalwareBazaar
TLSH T1F786335E9DE60FAAC1208F7E4171352C44DADF93F267C47B484ABD2DA47B1225CA3B18
TrID 68.9% (.MST) Windows SDK Setup Transform script (61000/1/5)
22.0% (.WPS) Kingsoft WPS Office document (alt.) (19502/3/2)
9.0% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter JAMESWT_WT
Tags:booking HIjackLoader msi naskkr-com Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
IT IT
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/36611/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6910c978ac1ae236e178bd38
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug expired-cert fingerprint installer installer wix
Link:
https://www.filescan.io/uploads/6910c9528938e2fe22196305/reports/6813de2b-918a-4baa-a055-adacb664adf2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1
Verdict:
Malicious
File Type:
msi
First seen:
2025-11-09T14:15:00Z UTC
Last seen:
2025-11-10T04:34:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.OLE2.Alien.gen Trojan.Win32.Strab.sb Trojan.Win32.Penguish.sb
Link:
https://opentip.kaspersky.com/65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1/results?tab=lookup
Score:
8%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1
Verdict:
Malware
YARA:
4 match(es)
Tags:
CAB:COMPRESSION:LZX Corrupted Executable Office Document PDB Path PE (Portable Executable) PE File Layout
Link:
https://app.malva.re/file/78f69b0a4fee11f613e2c76e3090073b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1/
Verdict:
Malicious
Threat:
Family.HIJACKLOADER
Link:
https://tip.neiki.dev/file/65a44df3f521f11fef1138c8fb32ad16749f12830025eeea925f9fb19f32edf1
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mwse347vehyr73yrhdepwmvncz2j6eudaas652usl6p3dhzs5xyq._file
Verdict:
malicious
Label(s):
hijackloader
Create hunting rule
Similar samples:
057ab7dcbd03786d234543ced23a4fe58f2d0d29d2aa28ad8f73b78270d5c5e6
HijackLoader
6dd552765a28ec262d26a77e8838acf422b504d59c8c74ccc98c3680b8914134
HijackLoader
a78ffd85baef5049b36b9e694d41509aa3c9308a1ec5294c0ab5ae97eb95b18d
HijackLoader
a8a4d5359e832c8d0c8068f84e94d373ada45e8f3590ba02931000bcf37d3b11
HijackLoader
d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc
HijackLoader
da2d70296366c0de38701eb844e7ba52b6e7f7ee700c9854af05421fa75973e6
HijackLoader
df605aa20e6a2d09ceefd7db62e7ff24c6495007f5dc2a453e66a6dc8090b1d7
HijackLoader
e61a0c457a57eb941199d4461934f73a88db58ee64b74a28373f28c85d757c84
HijackLoader
ec9a9dbe295a2d36ee807934a1acdd00fb7de1befa3bdda7cae45d3d659dff1a
HijackLoader
error
HijackLoader
+ 21 additional samples on MalwareBazaar
Result
Malware family:
hijackloader
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader discovery loader persistence privilege_escalation ransomware spyware stealer
Link:
https://tria.ge/reports/251109-vksvla1kfm/
Behaviour
Checks SCSI registry key(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Event Triggered Execution: Installer Packages
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Enumerates connected drives
Detects HijackLoader (aka IDAT Loader)
HijackLoader
Hijackloader family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d2f3b451-bdea-464d-bce1-8cd6ab1deb35
Malware family:
IDATLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/65a44df3f521/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/36611/

Comments