MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DonutLoader

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5
SHA3-384 hash:	c489ed7285fed861dd02cd96a4fbacfec5d02f3e82523ca8937c013292ca4f6cabaf7aedb040ad1a78e1b5e4a45a63ca
SHA1 hash:	ca245d8e40f4b7e55634504560cb5e0a99705fbe
MD5 hash:	772b6e97fd281ac5cbebb7d17290749a
humanhash:	fish-twenty-carpet-glucose
File name:	copia de transferencia.JS
Download:	download sample
Signature	DonutLoader Create hunting rule
File size:	3'461'945 bytes
First seen:	2026-06-22 15:19:59 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	98304:JvDihHnuRLIKWo4Act4Ya1qjZPBqDpGAAlD5QKwH5HRp4oF4:JLEH0LAow+YdjLqIn4NpJ4
TLSH	T1BDF55D405B18A4B07A2ED73CD537BFB4458E20072198DF2E79795258B792E1B2B8E4F3
Magika	javascript
Reporter	abuse_ch
Tags:	donutloader ESP geo js

Intelligence

File Origin

# of uploads :

# of downloads :

115

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.31320.UNOFFICIAL

Verdict:

Clean

Score:

89.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a3953c31548daf709f8e6f1

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug base64 dropper evasive obfuscated obfuscated packed repaired

Link:

https://www.filescan.io/uploads/6a3953c49799578a6c46193c/reports/afa2d487-a52a-4dfe-bcce-64e86ccbd305/overview

Verdict:

Malicious

Labled as:

JS/TrojanDropper.Agent

Link:

https://www.hybrid-analysis.com/sample/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5

Verdict:

Malicious

File Type:

First seen:

2026-06-22T05:18:00Z UTC

Last seen:

2026-06-23T13:56:00Z UTC

Hits:

~1000

Detections:

Trojan-Downloader.JS.Cryptoload.sb PDM:Trojan.Win32.Generic HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan.Script.Lubfus.gen HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic

Link:

https://opentip.kaspersky.com/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5/results?tab=lookup

Result

Threat name:

DonutLoader

Detection:

malicious

Classification:

evad.troj

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1931965

Signature

Benign windows process drops PE files

Drops PE files to the document folder of the user

Drops PE files with a suspicious file extension

Hides threads from debuggers

Joe Sandbox ML detected suspicious sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Unusual module load detection (module proxying)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

WScript reads language and country specific registry keys (likely country aware script)

Yara detected DonutLoader

Behaviour

Behavior Graph:

Download SVG

Score:

94%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5/

Verdict:

Malicious

Threat:

Family.DONUTLOADER

Link:

https://tip.neiki.dev/file/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5

Threat name:

Script-JS.Trojan.Heuristic

Status:

Malicious

First seen:

2026-06-22 08:38:56 UTC

File Type:

Text (JavaScript)

AV detection:

12 of 24 (50.00%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uroqibgnmp6o2whvrglkfsd4i7xtm774tiy54dkvyrgql35qc7cq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260622-stfkhsdz8y/

Behaviour

Modifies registry class

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

Executes dropped EXE

Malware family:

DonutLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a45d0404cd63/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/a45d0404cd63fced58f58996a2c87c47ef367ffc9a31de0d55c44d05efb017c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample