MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53
SHA3-384 hash:	5e59a45b335caf000aa27a12706a0f6c3c3cd076a28ac7c9f08d6748583fa308b84a2c224b100acc5534454c161eb934
SHA1 hash:	846b600d779edc8cafdb91ebca5b01f6faa4b97c
MD5 hash:	feef71c9299c0b6f7313074260fae590
humanhash:	echo-march-lithium-pasta
File name:	Prizm.exe
Download:	download sample
File size:	8'704 bytes
First seen:	2026-05-14 23:19:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	105732f0c6968ac8bea2b4476eda4263
ssdeep	96:nPAdoVXslAZmdwRMFNBJulbLQDzMa9wrfj3mG+xQHMWXguj8WKNy+laD:n4oYamduGNBqg39wrShxQH9gq8WlMa
TLSH	T1B9026CBD01206713F3EB917B72E2BAEB7234C9255F6F470C4B083A5264E604494B2F62
TrID	34.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 23.4% (.EXE) Win32 Executable (generic) (4504/4/1) 10.8% (.EXE) Win16/32 Executable Delphi generic (2072/23) 10.5% (.EXE) OS/2 Executable (generic) (2029/13) 10.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	BKHlovesgt7
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

116

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

https://dro.pm/2

Verdict:

Malicious activity

Analysis date:

2024-11-02 14:36:43 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/daadbc9d-22bd-40f3-97b3-80af2dbe62ba

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/65944/

Detection(s):

Win.Trojan.W-364

SecuriteInfo.com.W95.Argos.12191.2014.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a0658de46d6967b3d90600e

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed virus

Link:

https://www.filescan.io/uploads/6a0658cf86e92bda70309dd6/reports/d706ac18-b08f-40c3-85e7-c74754b87670/overview

Verdict:

Malicious

Labled as:

Win95.Prizm

Link:

https://www.hybrid-analysis.com/sample/96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53

Verdict:

Malicious

File Type:

exe x32

First seen:

2012-06-19T19:33:00Z UTC

Last seen:

2026-05-16T00:38:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/244660bc-7019-49b1-9e0b-3707df3edb21

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/feef71c9299c0b6f7313074260fae590

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53/

Threat name:

Win32.Virus.Prizm

Status:

Malicious

First seen:

2011-05-28 08:39:00 UTC

File Type:

PE (Exe)

AV detection:

28 of 36 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s3jov72d2wah52gflzvmtkgtfbkrtdodx6bte53g4u7e46ui75jq._file

Gathering data

Unpacked files

SH256 hash:

96d2eaff43d5807ee8c55e6ac9a8d32855198dc3bf83327766e53e4e7a88ff53

MD5 hash:

feef71c9299c0b6f7313074260fae590

SHA1 hash:

846b600d779edc8cafdb91ebca5b01f6faa4b97c

Link:

https://www.unpac.me/results/304e6227-842a-4426-ab3e-61cddcbc11e8/

SH256 hash:

cfde758a56784173521adfb5a28b62a09c6d049fc5c43c1da1777b0fbe893ec5

MD5 hash:

f27c0e6d1e3c860c8402601f8eb695c2

SHA1 hash:

f3dbf084d749ec407a370423b2bdde3614e76201

Link:

https://www.unpac.me/results/304e6227-842a-4426-ab3e-61cddcbc11e8/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/65944/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample