MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5
SHA3-384 hash: ac95af360c35ee2fd4c870858c3af5b986f8035697c91e9995fdb63f862f33eaf388bf81e38e7f8b8e0ab0fdebf12ffe
SHA1 hash: 39a9341fc1844001307e6260bfe5b85df0080715
MD5 hash: d734c58b82ee422642b839180ca0a741
humanhash: north-single-east-romeo
File name:9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5
Download: download sample
File size:81'324'354 bytes
First seen:2026-03-01 09:07:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 957d237db44af201299a1e8ffc6df035
ssdeep 786432:6B5zM31we2iBrxDvIEMwHVCgPiOvBURVpiWV1CVuEwoz3fa7s9BRWYF3eKyaPpvr:6rA1wejHtJBURVpiK1CHPOstO61D
TLSH T18C08E00663E116AAD577D2388AAB6503EB73B4071330C7EB329C43652F63AE45D7E760
TrID 38.2% (.EXE) Win64 Executable (generic) (6522/11/2)
26.4% (.EXE) Win32 Executable (generic) (4504/4/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.7% (.EXE) Generic Win/DOS Executable (2002/3)
11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe kurdishmyth

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
IT IT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/681cb11a-49be-4204-a6c0-01f05e5fc03d/
Malware family:
n/a
ID:
1
File name:
_9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5.exe
Verdict:
Malicious activity
Analysis date:
2026-03-01 09:11:05 UTC
Tags:
nodejs anti-evasion discord
Link:
https://app.any.run/tasks/bc37cdb8-3729-4545-b7c5-80bb5180dc16

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a4026c8fffa866e3b39a59
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
expand lolbin microsoft_visual_cc overlay packed pkg
Link:
https://www.filescan.io/uploads/69a4020c10e80629d4f731e6/reports/3cbbb9d6-5172-4670-9bdf-1cbdf21d2c4f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5
Verdict:
Malicious
File Type:
exe x64
Detections:
Trojan.Win64.Agent.smfply
Link:
https://opentip.kaspersky.com/9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5/results?tab=lookup
Score:
89%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/9aaf4a4d7091004dc347bcfa0b2bc1e5630be307633316f2100b6f0e3e2f32e5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tkxuutlqseae3q2hxt5awk6b4vrqxyyhmmzrn4qqbnxq4prpglsq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion execution spyware stealer
Link:
https://tria.ge/reports/260301-k341gag12b/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Contacts third-party web service commonly abused for C2
Loads dropped DLL
Reads user/profile data of web browsers
Checks BIOS information in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments