MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HijackLoader


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
SHA3-384 hash: a8db3f50796a426773fa402ac70b05320057292c7dbc88b88d7e1e88ce413b0cc06b88c708c98f123572cd64c8f71290
SHA1 hash: 05c0eca98ca51cacdea2cc95f4b048bb035c514c
MD5 hash: 109dfa0a7af457748196781ae81a32cb
humanhash: salami-tango-magnesium-pizza
File name:b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
Download: download sample
Signature HijackLoader
Create hunting rule
File size:2'749'718 bytes
First seen:2025-12-23 08:07:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b5a014d7eeb4c2042897567e1288a095 (20 x HijackLoader, 14 x ValleyRAT, 12 x LummaStealer)
ssdeep 49152:+pz3ovWRXpILOjUxGlrBNW4Aopr5nVC74JFB+rbyo8jT+df6VyIbi/iS5IBjJ6M:+pSQpILOIxABNW4lr50sJFB+rzo+56gY
Threatray 125 similar samples on MalwareBazaar
TLSH T185D533817784B9F4DA64C672AF2DDBA99577E36552120F43D288AF522FC31E802036DF
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter JAMESWT_WT
Tags:exe HIjackLoader melasio-com

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
Verdict:
Malicious activity
Analysis date:
2025-12-23 08:10:34 UTC
Tags:
hijackloader loader amsi-bypass rat stealer
Link:
https://app.any.run/tasks/3e6a6213-1c05-46e5-a2be-bf8cadd834df

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45817/
Detection(s):
SecuriteInfo.com.PUA.Win32.CandyOpen.23887.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694a4df3a6c88bb4cc23e963
Tags:
injection dropper virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context fingerprint hijackloader installer installer installer-heuristic microsoft_visual_cc overlay overlay unsafe
Link:
https://www.filescan.io/uploads/694a4df0a7163552ba041ac9/reports/01ea52dc-ceba-4d48-9506-16b1c8edfd53/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-12-04T13:27:00Z UTC
Last seen:
2025-12-11T14:54:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic Trojan-Dropper.Win32.Agent.tkdfpm
Link:
https://opentip.kaspersky.com/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47/results?tab=lookup
Malware family:
Sysinternals
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d94ccf1e-0417-4ddf-a0d4-2f437dcac531
Score:
87%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout SFX 7z Win 32 Exe x86
Link:
https://app.malva.re/file/109dfa0a7af457748196781ae81a32cb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47/
Verdict:
Malicious
Threat:
Family.HIJACKLOADER
Link:
https://tip.neiki.dev/file/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
Threat name:
Win32.Trojan.Hijackloader
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 08:08:20 UTC
File Type:
PE (Exe)
Extracted files:
39
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xfsl7iuzl75eh24y3vxfdi2ux7mwhgyxd6lsqfxqgyb5hbhytvdq._file
Verdict:
malicious
Label(s):
hijackloader
Create hunting rule
Similar samples:
062653518f1b169c714c9053bc932317ce32fc2f415dddd70de5e5550620d61d
HijackLoader
0a5f07bba72afe6d78126f87467ad8c1b6cf086dee17e64bd7734ca60922af2c
HijackLoader
3fb59b7657edcf0b5e2ebb865c8aafe6537246c4d2cf948b1227ba2bb913487d
HijackLoader
45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805
HijackLoader
7f92ce6ddf632dd49b6052f77857bd03e7e00f89965d9d6648c60773847ba6df
HijackLoader
8986d305ceed84c8dbc430ae7caf31b645f22fe5c4c29bca869eaee9abc46585
HijackLoader
ba8f2313b3398187c424d9abed5f735907d01ebc9a11077136d2919e369501d6
HijackLoader
e0faf08ea3b166be17695d6d0de80018bad7509dc3afe8ac4318d5159dd77e4e
HijackLoader
e6e706d5575672d029d9c816c360a0595ebcd4c81b044f81e1e520542c0bcfe7
HijackLoader
error
HijackLoader
+ 115 additional samples on MalwareBazaar
Result
Malware family:
hijackloader
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader discovery loader
Link:
https://tria.ge/reports/251223-j1p8vsynhs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Detects HijackLoader (aka IDAT Loader)
HijackLoader, IDAT loader, Ghostulse,
Hijackloader family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f6edfd98-fe0f-42f8-8203-120db4f9cce2
Unpacked files
SH256 hash:
b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47
MD5 hash:
109dfa0a7af457748196781ae81a32cb
SHA1 hash:
05c0eca98ca51cacdea2cc95f4b048bb035c514c
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
SH256 hash:
0bdca964bd1e5462585e28c1cdb7e2b7c25bf2b568dfe1d3b344ce6af32233ec
MD5 hash:
881ccccef2ac84b734b638a35ff773c0
SHA1 hash:
124e97441b35c77cb01258a5a19133a9c66d6ccd
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
SH256 hash:
5d7685ef8392ebeceb4b3a6b571fca647aea21526d2fe16b9af243ab6ae47c3b
MD5 hash:
5b5cd15e49d8641316ab5cb87c76c6af
SHA1 hash:
247c29534268477d90af23130e28980f017e43a3
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
SH256 hash:
f2bfaa6e1f91b9bfb2ab667b56fa1c17bda92e0b837deed3bf234b105f6eb9ab
MD5 hash:
3ef017e4069f501933263051caea2063
SHA1 hash:
66696634d6dede1b1d1ba6f69b9b80328d8710cc
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
SH256 hash:
9e02bd334b0d93ecc216409b79fd5c31c109591a7d71024206b4c32f9ee0158c
MD5 hash:
a0d345af71e356a1398ed4635ed94be0
SHA1 hash:
7217597362c7cd153e9965929133184381a990d4
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
SH256 hash:
2de36140d7e8b0be25f64e2754bd004bcf5cffa8cee1787f7e9cc24dfa3a8574
MD5 hash:
d63f0f86a2c9d2e6701c6647720334f8
SHA1 hash:
c479ad9787fc017e92478a92fd1a391c414c9c77
Link:
https://www.unpac.me/results/5eaefe20-3c47-4b1d-8d8c-2d9f20d3cc03/
Malware family:
IDATLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b964bfa2995f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b964bfa2995ffa43eb98dd6e51a354bfd9639b171f972816f03603d384f89d47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/45817/

Comments