MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce
SHA3-384 hash:	2b897de88e81c51ec26c833cd77d55d78448a87023d494a78961a8235d107659459f2810141d699a48d3cf9000cf512c
SHA1 hash:	c62cde8f621e47309960f01ff5a77b0073efd91b
MD5 hash:	7f862073d1d06ee063af6da185ee3b06
humanhash:	cola-west-vermont-mike
File name:	windows.exe
Download:	download sample
File size:	4'609 bytes
First seen:	2025-09-26 13:15:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	80e137dbd57e9295d8184a7d6c03bc24
ssdeep	48:eYxwOZv1wOZGZdPkwOW1wAPFsXEJfmbJuor5BPr:fxwOZv1wOZGZdPkwOW1wAPF+OfmduG5
TLSH	T14D915F27AAA437B3C3EA79300A96606A5CE33CD38E4388D5697C044C27661339AF1F4D
TrID	52.9% (.EXE) Win32 Executable (generic) (4504/4/1) 23.5% (.EXE) Generic Win/DOS Executable (2002/3) 23.5% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	Cat_iscool520
Tags:	exe known

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

windows.exe

Verdict:

Malicious activity

Analysis date:

2025-09-26 13:15:54 UTC

Tags:

eicar-test

Link:

https://app.any.run/tasks/a0667c8e-afd5-44dd-b592-7a96a4d8e898

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/29160/

Detection(s):

PUA.Win.Trojan.Packed-185

Win.Malware.Testsample-9865468-0

Win.Malware.Testsample-9918805-0

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68d69218fb8bc5050e4f129c

Tags:

downloader dropper extens

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending an HTTP GET request

Creating a file

Enabling autorun by creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/68d69214674d5fd6aa0d9fb6/reports/f5c7a92e-3a0c-4861-bdc3-01564a430587/overview

Verdict:

Malicious

Labled as:

Trojan/Astaroth

Link:

https://www.hybrid-analysis.com/sample/7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce

Verdict:

Malicious

File Type:

exe x32

Link:

https://opentip.kaspersky.com/7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/76a8698b-18dd-4e83-ab33-88389f796494

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/7f862073d1d06ee063af6da185ee3b06

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce/

Threat name:

Win32.Trojan.Astaroth

Status:

Malicious

First seen:

2025-09-26 13:17:28 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 38 (73.68%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pxpxkwl3nxow32dzgkj55tqe2y2ove447haitdjmr7q3ka2u4tha._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250926-qhrsasvps9/

Behaviour

System Location Discovery: System Language Discovery

Verdict:

Malicious

Tags:

Win.Malware.Testsample-9865468-0

YARA:

n/a

Link:

https://app.threat.zone/submission/24f07591-8656-4fdb-92c0-7e6bcae5f7d0

Unpacked files

SH256 hash:

7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce

MD5 hash:

7f862073d1d06ee063af6da185ee3b06

SHA1 hash:

c62cde8f621e47309960f01ff5a77b0073efd91b

Link:

https://www.unpac.me/results/583096ad-9da3-4c60-8de4-b32284b28810/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7ddf75597b6ddd6de8793293dece04d634ea939cf9c0898d2c8fe1b50354e4ce

(this sample)

any.run

https://www.fortiguard.com/sample-files

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/29160/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample