MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a64ae64e3061a5b47e565cfffcccc3ce6291df02ca12da669a1358b526ffd24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	6a64ae64e3061a5b47e565cfffcccc3ce6291df02ca12da669a1358b526ffd24
SHA3-384 hash:	59eb122f4965fbf9ae2d43237b540cc5c9a021e9d4cf4f18b4582461e3738fd4dc01f4bf248c370b8bec6c2738c6a260
SHA1 hash:	288197dc118ae816d166197e264292261504cd7f
MD5 hash:	96cf28a8808a020558f50bfd8eb99d01
humanhash:	hydrogen-snake-ceiling-montana
File name:	uocrufcgjdfvbrg.exe
Download:	download sample
Signature	NodeLoader Alert Create hunting rule
File size:	76'419'840 bytes
First seen:	2025-07-18 20:50:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dbbb9f26de9dd48973f779ff3480f357 (1 x NodeLoader)
ssdeep	393216:UUg986LruEsT5NNtYTVvGDyqfw/X7T32N0KXOytE221G098F9mgfAUe/xtojfMDC:UUF6+cyRMgIQ8AwRvxOOxbFO
TLSH	T111F76B46A7EA04C5E9FB9A3489E65213D673BC063F3085DF324C172A1F736E09976722
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
dhash icon	e8f4b4c4ccb4f4e8 (1 x NodeLoader)
Reporter	aachum
Tags:	artemusnetworks-com ClickFix exe FakeCaptcha NodeLoader

iamaachum

https://artemusnetworks.com/blmdjhzojjcmjur/uocrufcgjdfvbrg.exe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

152

Origin country :

ES

Vendor Threat Intelligence

ANY.RUN

Malware family:

n/a

ID:

1

File name:

uocrufcgjdfvbrg.exe

Verdict:

No threats detected

Analysis date:

2025-07-18 20:56:18 UTC

Tags:

python wmi-base64

Link:

https://app.any.run/tasks/734724c1-458a-437f-8b95-cd9054d319c9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CyberFortress Clean

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=687ab3fb2f623871a5efdc40

Tags:

n/a

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

adaptive-context anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc nexe overlay overlay packed

Link:

https://www.filescan.io/uploads/687ab3e512460d69545f4d12/reports/399b110a-9ab1-4c41-add3-1917a9c2652b/overview

Hybrid Analysis Malware/Generic

Verdict:

Suspicious

Labled as:

Malware/Generic

Link:

https://www.hybrid-analysis.com/sample/6a64ae64e3061a5b47e565cfffcccc3ce6291df02ca12da669a1358b526ffd24

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1739838

Signature

Yara detected NexeCompiled Binary

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

92%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/6a64ae64e3061a5b47e565cfffcccc3ce6291df02ca12da669a1358b526ffd24

CERT.PL MWDB

Gathering data

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=njsk4zhdaynfwr7fmxh77tgmhttcshpqfsqs3jtjue2ywutp7usa._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250718-znkevatwf1/

Threat.Zone Suspicious

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/367ddc29-75bb-4070-894c-f5b971863230

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.