MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743
SHA3-384 hash: 1e9450eaa60a9cc7b357509c7283b0f2abeff6b96315e6c7b31bafbfde50672f6f21237786b2a027a42700f57110ac1b
SHA1 hash: be7b3577c6e3a280e5106a9e9db5b3775931cefc
MD5 hash: b2edd0e4a7a7be9d157c0da0ef65b1bc
humanhash: black-golf-nitrogen-east
File name:nssm-2.24.zip
Download: download sample
File size:351'793 bytes
First seen:2025-11-24 07:08:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:JaQne3bPF+ym7+JV8FYmGfkqNBWp/bR/PekMrv25QhUzt/01dQd:JaaXCJkFIgZPmhUztM3G
TLSH T1547423D6CE484403C62E97329D03865B9C50F146A5E1723B1CB4C6BBB5D17CDCBB2AAB
Magika zip
Reporter juroots
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
IL IL
File Archive Information

This file archive contains 33 file(s), sorted by their relevance:

File name:nssm.exe
File size:331'264 bytes
SHA256 hash: f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97
MD5 hash: beceae2fdc4f7729a93e94ac2ccd78cc
MIME type:application/x-dosexec
File name:version.cmd
File size:1'734 bytes
SHA256 hash: 15b426e1c03c0976c9b133f82553da5c7e9cf3320dbb3b5cf269854afc80b548
MD5 hash: 3e67b67b2ecb2d3042dfaa7d216883b1
MIME type:text/x-msdos-batch
File name:settings.cpp
File size:41'110 bytes
SHA256 hash: c3b31df15e843f3ead4da350df11b44edb459adc61755401063ac45be8bfae41
MD5 hash: 762c0ac39328c797aecef896a1319877
MIME type:text/x-c
File name:gui.h
File size:405 bytes
SHA256 hash: 8a5a6eab80d9b438079c9b63d5a31b9d1e956b4fe3e943f85e8f343356050d4b
MD5 hash: a015f901e2ece542ec8da0d62a2dec91
MIME type:text/x-c
File name:imports.h
File size:881 bytes
SHA256 hash: db7201264790564137c3c6bd1637cb293e65113d468f5fd046d6c2fb542751dd
MD5 hash: bea805fc9bd24e29f911b4c8af2e1c67
MIME type:text/x-c
File name:registry.h
File size:2'919 bytes
SHA256 hash: 9ee3e2280e324d08742af61201e97d30dae9fe852664807a3d3c0bf90b055a17
MD5 hash: 12766774bade41953ca460ae72168f1b
MIME type:text/x-c
File name:gui.cpp
File size:49'516 bytes
SHA256 hash: eacd9efbfc9b60eb48ec347142209fb550900eab5253e1fbadcdcb411a038961
MD5 hash: 87a2c4762f8f544056f223315f6f8a90
MIME type:text/x-c
File name:console.cpp
File size:5'637 bytes
SHA256 hash: 716f31e1cc91bfe4d0e4cbe12283e0ce620778b2cf5bc2620f1d618d0dd0cfb3
MD5 hash: 2b504e046dc126e68bfc90056b2c9e60
MIME type:text/x-c
File name:service.cpp
File size:71'167 bytes
SHA256 hash: 0be1aeb4b92b809afda822b2e8cb595d89d60fa7a0030772fc2b4e57cf061bee
MD5 hash: 95fb7517f1606492a69d3b3ddec9c01d
MIME type:text/x-c
File name:env.h
File size:329 bytes
SHA256 hash: 61f3dc855bad66160dcd471c77613b764d43ebaa5b5e996854edd33a8b5a4a5d
MD5 hash: f3c5c5ec2aeafa00ff4c2fbe5622521c
MIME type:text/x-c
File name:registry.cpp
File size:30'316 bytes
SHA256 hash: 8735af229cf646ec8463020e618c37779d8a94d853035511d1bd19a2cefe09b0
MD5 hash: 445b79bfc0a559c5cf4c048c54218566
MIME type:text/x-c
File name:nssm.cpp
File size:6'994 bytes
SHA256 hash: 90144249f8e33d84800efa955d9df875522b406fce5c3a6da7510f26acc5f678
MD5 hash: 4c6d4f21f01d8ea96856b9be08819006
MIME type:text/x-c
File name:nssm.sln
File size:1'243 bytes
SHA256 hash: f9294df18b664b6517132b48943567181bd4a89973fdb1e827b9da5485b2a5d4
MD5 hash: f779189b1586dfa1d64f9279ad8e23ec
MIME type:text/plain
File name:event.h
File size:284 bytes
SHA256 hash: 2925727fca57a08928ee07edee3ff7131ffe9aacbb1a66edc065d56afed2537f
MD5 hash: bd2d50fa5fbbb97285f9984e6cd1e4d4
MIME type:text/x-c
File name:messages.mc
File size:149'764 bytes
SHA256 hash: ef490a1386454f42e2b3ad2da0bbaa625e385df4b1d5de0d221d552713cbedf7
MD5 hash: 8ce6dc904adf43a36cc1874b56fe10e5
MIME type:text/plain
File name:nssm.h
File size:4'161 bytes
SHA256 hash: aee6f546fdd28e0c1e27db3eb21cd552f6a23c706f129f5ab3238b54e83f34af
MD5 hash: 489522c3667de3baf5f28a66dd684005
MIME type:text/x-c
File name:console.h
File size:105 bytes
SHA256 hash: f0f05bacc7371bd6503daee2ce04c7ba3f03711cb54542d9922f134e9ef7fd8d
MD5 hash: 9e242cce5f18c22854f7e417171e5e67
MIME type:text/x-c
File name:io.cpp
File size:21'612 bytes
SHA256 hash: 9bf02e5af3e3a252f7ea5ec7d283fcda99960e9e4909fbc5156c7608192856e5
MD5 hash: 4a0f774542b30b8d2f89b16a52f4e180
MIME type:text/x-c
File name:nssm.vcproj
File size:17'272 bytes
SHA256 hash: 7b6d86193870aceecc40c7c74a48ef853e80efa4dcf1a9888fd29347f695f907
MD5 hash: 6e6fabd941f67804a55f5d9ee21a7e11
MIME type:text/xml
File name:README.txt
File size:28'414 bytes
SHA256 hash: 56bcec8b58f52e2ad9fd3902ff5cf6d546c425fbc23b9a130885abfce7abdea0
MD5 hash: ed2bc805600c380e85fe240e715abb81
MIME type:text/plain
File name:nssm.rc
File size:64'808 bytes
SHA256 hash: bd4d81e6c420923759fe94ce85d694cf3347222747c15eac8875c96fc995d909
MD5 hash: ffacd065d645999917ff340d7c7e9ee0
MIME type:text/x-c
File name:imports.cpp
File size:3'059 bytes
SHA256 hash: 8dfce860c7c46eb4b11776f9165654660e4ffe03bc0c1d094b61b5df07cf449f
MD5 hash: b3841f61df8eaae6503c4535fffa2678
MIME type:text/x-c
File name:process.cpp
File size:10'745 bytes
SHA256 hash: d2d6fa5e9557c04c3b14301e945b188ac159dfbd0b09b9b93a2b4ac66f23bcd0
MD5 hash: e58e6825766f138869e72b66085c0758
MIME type:text/x-c
File name:settings.h
File size:1'556 bytes
SHA256 hash: 07a1689b79fb36c824c59e41cfb752e06ed1b382e70cda8ed5119ceb64dcb20b
MD5 hash: 92bfcaf191385245df8a907c7dd27e3e
MIME type:text/x-c
File name:resource.h
File size:3'226 bytes
SHA256 hash: 98b7c93df884d3900005641ae9e27cfa8b335a2a5ed0602ebd4dafb475d0b27f
MD5 hash: a06fee0b96d7cd81e1b0a9cb9e359396
MIME type:text/x-c
File name:ChangeLog.txt
File size:8'282 bytes
SHA256 hash: ccfb28344a14b286735b74ab1088650fad3aaf65a8f8ac5c9cd68b5c31b284ac
MD5 hash: 205769831fa302018fb26845d3835962
MIME type:text/plain
File name:io.h
File size:1'387 bytes
SHA256 hash: 324018ef2cb742d9b3225292abe4a31e9eca4cfc9dbe87e1300de2ef649759cc
MD5 hash: d38837b657fd6110f6dfcc464cb5a28a
MIME type:text/x-c
File name:account.h
File size:904 bytes
SHA256 hash: 154941ef6d62170b5a59c35ace05f387f1895d43956a201cefad75fa3a098aa7
MD5 hash: c1b1dcfdce66cb24b458b0f34278c8db
MIME type:text/x-c
File name:event.cpp
File size:3'744 bytes
SHA256 hash: 2554b741fec0902141ab0275e913ac22695b420426338b20e5fd1fe19de2b953
MD5 hash: 53ca1240b593d6277e58a9d3334b537c
MIME type:text/x-c
File name:process.h
File size:635 bytes
SHA256 hash: 272b4495c1c767d804ec44d27acf3ffc65a4b5d69d7dc67449d1908205ed6c42
MD5 hash: 7d2b1a9335864bb2c334273fe40cf732
MIME type:text/x-c
File name:env.cpp
File size:4'540 bytes
SHA256 hash: cbbf1d43e0dcf8a6687bc835eeb9088934a321826c6ef54238046ba295a05f7c
MD5 hash: f49f53d2a1527b35258b33773d048b9c
MIME type:text/x-c
File name:account.cpp
File size:11'351 bytes
SHA256 hash: 661a92dd5892753b64b01ded2b120ce43d869c7c5c9c6769e6a43c47ef977a42
MD5 hash: b432cc0eddb92622e68c16944ef65e98
MIME type:text/x-c
File name:service.h
File size:5'346 bytes
SHA256 hash: 8adebe37420286bbb5cfc17e7c8e141e0f5ce43c2f2b784632449a1a703f23f3
MD5 hash: e317d08fbc98329115c47d8095190d83
MIME type:text/x-c
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692405867d4abc02d4bca422
Tags:
dropper virus shell
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Clean
File Type:
zip
First seen:
2017-02-01T09:32:00Z UTC
Last seen:
2025-11-24T01:43:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743/results?tab=lookup
Score:
59%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/b2edd0e4a7a7be9d157c0da0ef65b1bc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oj6r4qrhlrqf4dyevouybfodrkhb4rw66rj4376oikdjikfkm5bq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251124-jcl7asbq8w/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 727d1e42275c605e0f04aba98095c38a8e1e46def453cdffce42869428aa6743

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3715637/
  
Delivery method
Distributed via web download

Comments