MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e
SHA3-384 hash:	fde647e20d47b4a7947cabe6fbedc2a56d08ca8b861536ca18c33b7c9d7fd0b8b5d1d3d0f48f588bd71349f2212226eb
SHA1 hash:	51e424abaefaf73e5279cf4e5372fbc75a2b20c9
MD5 hash:	09304d0746da42935b7a0e62d2044dbc
humanhash:	queen-finch-jig-spring
File name:	09304d0746da42935b7a0e62d2044dbc.js
Download:	download sample
File size:	1'180'491 bytes
First seen:	2026-02-17 07:18:36 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	192:cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk:ki0veR
TLSH	T17F45FD99218BDA8C907ECC41A159612FC4173EA23F65AA8A8CC3D2CFF5335954F1B43B
Magika	javascript
Reporter	abuse_ch
Tags:	js

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

SE

Vendor Threat Intelligence

ACCE Unknown

No detections

CyberFortress Malicious

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=699416860d0369ff997a248b

Tags:

autorun virus shell sage

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-vm base64 evasive fingerprint obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/6994167f930564ff3ca51e6d/reports/d2e81581-6507-43ee-8d9e-58a6b6a4417c/overview

Hybrid Analysis HEUR_Trojan_Script_Generic

Verdict:

Malicious

Labled as:

HEUR_Trojan_Script_Generic

Link:

https://www.hybrid-analysis.com/sample/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

js

Detections:

HEUR:Trojan.Script.Generic Trojan-Downloader.MSIL.Agent.c Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb Backdoor.Agent.TCP.C&C Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic

Link:

https://opentip.kaspersky.com/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e/results?tab=lookup

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1870284

Signature

Antivirus detection for URL or domain

Creates processes via WMI

Found suspicious powershell code related to unpacking or dynamic code loading

JavaScript source code contains functionality to generate code involving a shell, file or stream

Joe Sandbox ML detected suspicious sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Sigma detected: WScript or CScript Dropper

Sigma detected: WScript or CScript Dropper - File

Suspicious execution chain found

Suspicious powershell command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Susipicious

Score:

48%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e

Malva.RE inconclusive

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/09304d0746da42935b7a0e62d2044dbc

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e/

Neiki Family.REVERSELOADER

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e

ReversingLabs TitaniumCloud Script-JS.Trojan.Generic

Threat name:

Script-JS.Trojan.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2026-02-16 20:15:30 UTC

File Type:

Binary

AV detection:

7 of 24 (29.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=voyvlpvjj4fkwbwz7w5jtpzp2sfbtnec5f52h7urgtj7qc4jkcha._file

Hatching Triage Malicious

Result

Malware family:

n/a

Score:

  10/10

Tags:

execution

Link:

https://tria.ge/reports/260217-h5pbpaa16f/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://uniworldrivercruises-co.uk/optimized_MSI.png

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/abb155bea94f0aab06d9fdba99bf2fd48a19b482e97ba3fe9134d3f80b89508e

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

commented on 2026-02-17 08:12:17 UTC

Payload URL:
https://uniworldrivercruises-co.uk/optimized_MSI.png