MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08
SHA3-384 hash:	0ab2840b554ea21309ea944d0cdace56ef671300644160971864823b76417f3bc77e9e34d9efde1c9cc8ada70d404285
SHA1 hash:	510c5094566b25396ec910cdc614904653157404
MD5 hash:	d8198cf0af7882df18c8ef1db9557b36
humanhash:	iowa-violet-west-thirteen
File name:	EURO9009389380.PDF.JS
Download:	download sample
File size:	4'107'515 bytes
First seen:	2026-06-23 08:03:23 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	98304:ugjPp29N3NL3kZfvIWmvQvriF1BVoF71q4jg2ICq:ugjBczYZfvIWmvZss
TLSH	T19A163C404830B3CB1890D776D81F7FE67B5E54BB6A78DD85366F8C2C9848F8A35212A7
Magika	javascript
Reporter	abuse_ch
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

150

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.31320.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a3a3ec186bc95245bf8d752

Tags:

shellcode autorun sage blic

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug dropper evasive lolbin obfuscated obfuscated packed persistence repaired schtasks

Link:

https://www.filescan.io/uploads/6a3a3e6a90632a45f7351838/reports/febe085d-b3a8-4792-9535-aaeb5e74c968/overview

Verdict:

Malicious

Labled as:

JS/TrojanDropper.Agent

Link:

https://www.hybrid-analysis.com/sample/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08

Verdict:

Malicious

File Type:

First seen:

2026-06-22T02:16:00Z UTC

Last seen:

2026-06-25T01:51:00Z UTC

Hits:

~100

Detections:

HEUR:Trojan.Script.Generic HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan-Downloader.Script.Generic BSS:Trojan.Win32.Generic Trojan.JS.SAgent.sb HEUR:Trojan.Script.Lubfus.gen

Link:

https://opentip.kaspersky.com/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1932409

Signature

Antivirus / Scanner detection for submitted sample

Found potential dummy code loops (likely to delay analysis)

JavaScript source code contains functionality to generate code involving a shell, file or stream

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Uses an obfuscated file name to hide its real file extension (double extension)

Behaviour

Behavior Graph:

Download SVG

Score:

93%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08/

Verdict:

Malicious

Threat:

Trojan.Script.Lubfus

Link:

https://tip.neiki.dev/file/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08

Threat name:

Win32.Trojan.Leonem

Status:

Malicious

First seen:

2026-06-23 02:24:25 UTC

File Type:

Text (JavaScript)

AV detection:

13 of 38 (34.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4nvuglqzwysqtmbzathgqd6ma4zxzbcz2ew7yybuhel574y57uea._file

Result

Malware family:

n/a

Score:

7/10

Tags:

execution persistence

Link:

https://tria.ge/reports/260623-jyswzabs3m/

Behaviour

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Checks computer location settings

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e36b432e19b62509b03904ce680fcc07337c8459d12dfc60343917dff31dfd08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample