MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 2 File information Comments

SHA256 hash:	db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a
SHA3-384 hash:	706a8278b02b5644e4384d75ecad4ed55bb6a2bcc9aefbdc4f401c38e81e5aa6d11347eee142ffb8becc0dfb5d3fc0ac
SHA1 hash:	09277993e858e04bb7f94dff37757ddcdf093e7c
MD5 hash:	10fdc469222762be86798d6aeb7b63ca
humanhash:	enemy-victor-potato-neptune
File name:	SecuriteInfo.com.Win64.MalwareX-gen.48466563
Download:	download sample
File size:	61'952 bytes
First seen:	2025-11-28 20:43:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6e70ce4ddc0f1fdc65bf5260cadbc277
ssdeep	768:rvOrYLKKT+Br2yKm/JgS/hUQ0uQu0hseXFRxULUlB9eXDpuv11bexRG0f/yheN:rOrI5yKCJhKPrBcYlgDEv1Wo0fV
TLSH	T183532B1B734354ECD61AD5B486AFAB33B672B8A30631AF3F12E4E7701E10E605F2A515
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10522/11/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	abuse_ch
Tags:	exe upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	29'696 bytes
File size (de-compressed) :	61'952 bytes
Format:	win64/pe
Packed file:	13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

_db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a.exe

Verdict:

Suspicious activity

Analysis date:

2025-11-28 20:44:26 UTC

Tags:

auto-startup

Link:

https://app.any.run/tasks/7a123365-71cf-4578-b283-969ea4e31b5e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/41744/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=692a09a76657e3433281f2b8

Tags:

autorun

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a custom TCP request

DNS request

Enabling autorun by creating a file

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

Result

Gathering data

Verdict:

Malicious

File Type:

exe x64

Detections:

Trojan.Win32.Reconyc.sb HEUR:Trojan.Win64.Generic

Link:

https://opentip.kaspersky.com/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/9e0c2ed2-75c5-4f36-aa4d-b5a78a591c23

Result

Threat name:

DDOS Bot

Detection:

malicious

Classification:

troj.adwa.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1822509

Signature

Drops PE files to the startup folder

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: System File Execution Location Anomaly

System process connects to network (likely due to code injection or exploit)

Yara detected DDOS Bot

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/10fdc469222762be86798d6aeb7b63ca

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a/

Verdict:

Malicious

Threat:

Trojan.Win32.Reconyc

Link:

https://tip.neiki.dev/file/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2025-11-28 20:44:21 UTC

File Type:

PE+ (Exe)

AV detection:

13 of 36 (36.11%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3omxv2thxuvryrazoyi243lznxxkwselskznfrqubztowbqee4va._file

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/251128-zh94bawre1/

Behaviour

Drops startup file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2ac6fda3-b0f0-4a94-a2d2-1f23c0063e9c

Unpacked files

SH256 hash:

db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

MD5 hash:

10fdc469222762be86798d6aeb7b63ca

SHA1 hash:

09277993e858e04bb7f94dff37757ddcdf093e7c

Link:

https://www.unpac.me/results/0abe78ab-3c8e-4cc0-a918-38143539d302/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.56

Link:

https://yomi.yoroi.company/submissions/db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.