MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NodeLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5
SHA3-384 hash: 8c38cc9d2b5cc136bf9dfb18cdeca806877e9be5bda524ca8ff8d092611bc5e70e68241ee954b384fb73b7bb159fc379
SHA1 hash: 51e27637bde7fcc9c22ca290cda41fc8cec82521
MD5 hash: 420cb142ffc5ac984eeb491b4229f1b5
humanhash: five-thirteen-vermont-victor
File name:Setup.exe
Download: download sample
Signature NodeLoader
Create hunting rule
File size:85'599'583 bytes
First seen:2025-11-08 14:57:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b2a86e8b314318c5db2758c4f1f28af9 (11 x NodeLoader)
ssdeep 786432:AL+hSlolv5GrGaFcWAdQN45ctgPdBsUrD:ACQo15GtL4Vft
TLSH T10A188C4263EA05D5E9FB9A3489E65213D633BC063F3086DF324C176A2F736E09976721
TrID 61.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
15.5% (.EXE) Win64 Executable (generic) (10522/11/4)
7.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.6% (.EXE) Win32 Executable (generic) (4504/4/1)
2.9% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter aachum
Tags:exe NodeLoader softhub-live


Avatar
iamaachum
https://softhub.live/download.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'209
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup.exe
Verdict:
Suspicious activity
Analysis date:
2025-11-08 15:09:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7e37803b-1d7f-4e83-ac66-6d847cc446a5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690f5aa630bacec888c9df0c
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto expand fingerprint installer-heuristic lolbin microsoft_visual_cc nexe overlay overlay packed
Link:
https://www.filescan.io/uploads/690f5a8f2b74ec26eb6bacd1/reports/0703a919-d8b0-4170-9e22-1d3bedf80978/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5
Verdict:
Clean
File Type:
exe x64
First seen:
2025-11-08T11:37:00Z UTC
Last seen:
2025-11-08T12:06:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1810602
Signature
Yara detected NexeCompiled Binary
Behaviour
Behavior Graph:
Download SVG
Score:
82%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-08 14:22:23 UTC
File Type:
PE+ (Exe)
Extracted files:
19
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wtpm7uea3l5zgiuwutwkjygyx2st76vzs3qweicmewemyopyussq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251108-sccsaswrhy/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ff7f6eb3-3a3b-4306-8d90-4b1251ae9ca9
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NodeLoader

Executable exe b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5

(this sample)

  
Delivery method
Distributed via web download

Comments