MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments

SHA256 hash: bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8
SHA3-384 hash: 8ffdf73b7f3fa82c5107e1dde019debe51cf67887f221c6ef3d067c33f6bbc6741e5c769a32f6ff3a0ce36c01aa601d4
SHA1 hash: 12809654ca28bd7391d820ed34176755eb2561f4
MD5 hash: 53062a067d23ec46fba15b6d2cea672d
humanhash: massachusetts-mike-purple-kansas
File name:vpuuaqjs.dll
Download: download sample
File size:3'584 bytes
First seen:2026-04-23 02:07:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 62 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24:etGSk9OAzEO3h3N0OLggLYVvs/521lyPKFcLtkZf15mosFDst2WI+ycuZhNNakS4:6wj1LggLYpshoc9aJ15mpk91ulNa3Bq
TLSH T13071EB06DBE84127E4BA0774BEF34B566AB0F8A49F73571D09A04329AC713A45D72BA0
TrID 21.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
21.2% (.EXE) Win64 Executable (generic) (6522/11/2)
16.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
14.6% (.EXE) Win32 Executable (generic) (4504/4/1)
6.6% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter BastianHein
Tags:dll

Intelligence


File Origin
# of uploads :
1
# of downloads :
156
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
barys rozena
Verdict:
Malicious
File Type:
executable.pe.32.dll
First seen:
2026-04-22T23:14:00Z UTC
Last seen:
2026-04-23T04:45:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.MSIL.Rozena.gen HEUR:Backdoor.MSIL.Agent.gen
Gathering data
Threat name:
Win32.Trojan.Ravartar
Status:
Malicious
First seen:
2026-04-23 02:12:10 UTC
File Type:
PE (.Net Dll)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Unpacked files
SH256 hash:
bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8
MD5 hash:
53062a067d23ec46fba15b6d2cea672d
SHA1 hash:
12809654ca28bd7391d820ed34176755eb2561f4
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:extracted_at_0x44b
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:NETDLLMicrosoft
Author:malware-lu
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments