MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 5 File information Comments

SHA256 hash:	d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7
SHA3-384 hash:	056c5fc89d7666fda6e635551ec0b2fa83d91791c06ee414bbd4bb5d0f05be681815b8565d0ac50dfdac0f0d4d479662
SHA1 hash:	a12032a48117e1e276b7e083563bfb92092e16a5
MD5 hash:	b67530ef2420d45ff61b27e609d1e6cf
humanhash:	september-mockingbird-pip-asparagus
File name:	d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7
Download:	download sample
File size:	110'592 bytes
First seen:	2026-02-27 08:07:25 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3ef10934d629fc28c006784a1ca1e57e
ssdeep	3072:RZZ1MJnaZ4TAcbF/als3tDvwnhrzR6QAyJy:cZaZ4P/UKjwnhnR6QAyJ
TLSH	T136B33C1637E1447FE4AC9A31D422D3D0017E775A6B933F0B92424E910EBDB85DA28BF6
TrID	22.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 22.7% (.EXE) Win64 Executable (generic) (6522/11/2) 17.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.7% (.EXE) Win32 Executable (generic) (4504/4/1) 7.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	185-82-202-150 exe

Intelligence

File Origin

# of uploads :

# of downloads :

156

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

jalaiyt.rar

Verdict:

Malicious activity

Analysis date:

2026-02-24 06:45:47 UTC

Tags:

susp-lnk arch-exec arch-doc

Link:

https://app.any.run/tasks/cbc4488d-f63b-4be7-ac44-631888401428

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/54837/

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.47185576.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a150f6c950ab5d9ab208ee

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

microsoft_visual_cc obfuscated

Link:

https://www.filescan.io/uploads/69a150f69eaae84659401f1e/reports/e566e5be-229e-484d-8a9f-126d216da0c2/overview

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7

Verdict:

Clean

File Type:

exe x32

First seen:

2026-01-29T03:56:00Z UTC

Last seen:

2026-02-13T00:47:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/71bd226b-776b-43d7-872f-6e5d8dad17ae

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1874094

Signature

Found suspicious powershell code related to unpacking or dynamic code loading

Joe Sandbox ML detected suspicious sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Reads the Security eventlog

Reads the System eventlog

Sigma detected: System File Execution Location Anomaly

Yara detected Powershell decode and execute

Behaviour

Behavior Graph:

Download SVG

Score:

68%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7

Threat name:

Win32.Infostealer.Tinba

Status:

Malicious

First seen:

2026-02-24 12:09:59 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

17 of 38 (44.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2j6z6gvrg4zv4md2fhsl2vya7x6cw2kpwtue2t6z44wdmonpp3dq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260227-j1q56ahv3f/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7

MD5 hash:

b67530ef2420d45ff61b27e609d1e6cf

SHA1 hash:

a12032a48117e1e276b7e083563bfb92092e16a5

Link:

https://www.unpac.me/results/c6fc6c0e-533c-4fb1-9193-99d28166bcb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d27d9f1ab137335e307a29e4bd5700fdfc2b694fb4e84d4fd9e72c3639af7ec7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CAS_Malware_Hunting Create hunting rule
Author:	Michael Reinprecht
Description:	DEMO CAS YARA Rules for sample2.exe

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	NET Create hunting rule
Author:	malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/54837/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample