MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b
SHA3-384 hash: 7ee9439e76968e82d3b3d3ed742da9ac33e4353164c4c11fa588d699f183c7b10fe526879f637b815259c8cf4688a1cb
SHA1 hash: 7519de6a6be735ebf507354a2482b2222fe488d9
MD5 hash: 881b1696cc160acfeb25d9aeb677511c
humanhash: lima-winter-bakerloo-moon
File name:Order # CCI-357911904.js
Download: download sample
File size:302'814 bytes
First seen:2026-04-17 10:59:22 UTC
Last seen:2026-04-17 12:44:56 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:A7giW+6LuqdpytSKh4PhuCAGOYbqd0EUfbrYwh+EIbWz1c2xh:Mgi56LuQpycKAAGOYbquPfXhCyxh
TLSH T1C8541D38ADEA401A7173EE54AED47497E96FB773370E588C20810386472394AFDD963E
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika vba
Reporter lowmal3
Tags:js

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.26700.JsHeur.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e2129ff68adfe1003abbe8
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade repaired
Link:
https://www.filescan.io/uploads/69e21296d920e190440016a8/reports/e88593c1-66f6-464f-a171-0e93cfffae0a/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b
Verdict:
Malicious
File Type:
js
First seen:
2026-04-17T03:00:00Z UTC
Last seen:
2026-04-19T05:02:00Z UTC
Hits:
~1000
Detections:
HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1899993
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b/
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b
Threat name:
Win32.Trojan.Ravartar
Create hunting rule
Status:
Malicious
First seen:
2026-04-17 07:21:13 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=texah7g73eub6wjof5l7uojpcrigggsl243vprade6aakj32oqnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/260417-m3pa5aez3y/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Java Script (JS) js 992e03fcdfd9281f592e2f57fa392f1450631a4bd73757c403278005277a741b

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments