MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371
SHA3-384 hash:	c503c31a79b974e93f55f74bf14ba95ac71c5effd86b4866b66e1a3c55e1a8f2bd8cce42a5abbe3b7c42225fe5063a74
SHA1 hash:	95b2f6aea33220592bf0d58382552ae60cde3080
MD5 hash:	ef8c6109a4dfdb95539cde030bde3cee
humanhash:	freddie-mountain-zulu-hot
File name:	RFQ#W40.js
Download:	download sample
File size:	458'948 bytes
First seen:	2026-04-14 06:55:59 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	12288:GJZ34Bwrt8gJXHEav0J6950Dno0PYIC+JFHrLuTf:Etc3HI
TLSH	T1D8A42E38A9FA101AB173EF54AEE47493E92FB773370E585D1081038A4723946EDE563E
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	vba
Reporter	abuse_ch
Tags:	js

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

101

Origin country :

SE

Vendor Threat Intelligence

ACCE Unknown

No detections

ClamAV Detected

Detection(s):

Sanesecurity.Malware.26700.JsHeur.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Clean

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69dde53045787c53e5397dd0

Tags:

n/a

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

obfuscated repaired

Link:

https://www.filescan.io/uploads/69dde524799d5bf325fd193b/reports/a488a8d0-5efc-499c-8e1f-e56118f7b966/overview

Hybrid Analysis Unknown

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

js

First seen:

2026-04-13T23:44:00Z UTC

Last seen:

2026-04-16T05:11:00Z UTC

Hits:

~1000

Detections:

HEUR:Trojan.Script.Generic PDM:Trojan.Win32.Generic

Link:

https://opentip.kaspersky.com/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371/results?tab=lookup

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1897840

Signature

Bypasses PowerShell execution policy

Joe Sandbox ML detected suspicious sample

JScript performs obfuscated calls to suspicious functions

Malicious sample detected (through community Yara rule)

Sigma detected: Suspicious PowerShell Parameter Substring

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

WScript reads language and country specific registry keys (likely country aware script)

Yara detected Powershell decode and execute

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371

Malva.RE

Gathering data

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371/

Neiki Trojan.Win32

Verdict:

Malicious

Threat:

Trojan.Win32

Link:

https://tip.neiki.dev/file/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371

ReversingLabs TitaniumCloud Win32.Trojan.Generic

Threat name:

Win32.Trojan.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2026-04-14 03:46:39 UTC

File Type:

Text (JavaScript)

AV detection:

6 of 38 (15.79%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pro74nx7wdkd23d5uedghqikri6ri67chm45jgp4s2oesxy42nyq._file

Hatching Triage Malicious

Result

Malware family:

n/a

Score:

  8/10

Tags:

execution

Link:

https://tria.ge/reports/260414-hqlx1sgy7t/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Badlisted process makes network request

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7c5dfe36ffb0d43d6c7da10663c10a8a3d147be23b39d499fc969c495f1cd371

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

commented on 2026-04-14 11:53:18 UTC

Payload URL:
https://domister.online/woow.dat