MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567
SHA3-384 hash:	46b8cc94781f2fdf4f3c75044339be667e737f8a719767dd72afe92d21b11a57f3ced2c8f0c27cc10f004c2d02c74cbf
SHA1 hash:	2e52ecc74845b57f7aa9febc22c786e924b2f7a4
MD5 hash:	7231f64a94f6708f0120c883af9d24b1
humanhash:	sierra-early-table-low
File name:	taskhostw.exe
Download:	download sample
File size:	83'321'291 bytes
First seen:	2026-02-01 17:56:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dcaf48c1f10b0efa0a4472200f3850ed (51 x BlankGrabber, 26 x Efimer, 22 x NetSupport)
ssdeep	1572864:ITbci+8PkxEWArWC0izXUb9jETHPQmMpnx9luHY7otnq/2caiI2qoeTZkhmqZSg7:SbUqkEWAGjcvPOn36uwGeTgps
TLSH	T1450833C86B414C5EEDA8423A46A6DD1C5E99F0CED3EC080BBBF458661D8F3C9DA7D601
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

Vendor Threat Intelligence

Gathering data

Malware family:

n/a

ID:

File name:

_97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567.exe

Verdict:

Malicious activity

Analysis date:

2026-02-01 18:00:15 UTC

Tags:

pyinstaller python anti-evasion pastebin auto-sch

Link:

https://app.any.run/tasks/76a15988-3cc9-43ac-8320-a4705eed147e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=697f9417848d0f834c8c7af6

Tags:

autorun extens shell sage

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

adaptive-context expand installer-heuristic lolbin microsoft_visual_cc overlay packed pyinstaller

Link:

https://www.filescan.io/uploads/697f940b2ffccda0976566d4/reports/68006a0a-88ee-42eb-b174-e6485107ddce/overview

Verdict:

Malicious

Labled as:

Trojan.Agent

Link:

https://www.hybrid-analysis.com/sample/97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-02-01T15:08:00Z UTC

Last seen:

2026-02-01T18:19:00Z UTC

Hits:

~100

Detections:

Trojan.Win32.Agent.sb HEUR:Trojan.Python.Pytr.g HEUR:Trojan.Python.Agent.gen

Link:

https://opentip.kaspersky.com/97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567

Gathering data

Verdict:

Malicious

Threat:

Trojan.Python.Pytr

Link:

https://tip.neiki.dev/file/97ec87ee7a7524fca040dba89ded6cb931124268b6ad6ba1e49bfdda9d39e567

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2026-02-01 17:57:49 UTC

File Type:

PE+ (Exe)

Extracted files:

3482

AV detection:

10 of 24 (41.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s7wip3t2ouspzica3ouj33lmxeyreqtiw2wwxipetp65vhjz4vtq._file

Result

Malware family:

n/a

Score:

10/10

Tags:

defense_evasion execution persistence pyinstaller trojan

Link:

https://tria.ge/reports/260201-wjv41aa12g/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System policy modification

Uses Task Scheduler COM API

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates physical storage devices

Drops file in Windows directory

Checks whether UAC is enabled

Contacts third-party web service commonly abused for C2

Indicator Removal: Clear Persistence

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

UAC bypass

Windows security bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample