MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9
SHA3-384 hash:	ff70cd7750f7bc0739b2a45c225353c83b31960d08380908d93719056e0a84f07a6d1c6f729ae767da5b0eabd61e5679
SHA1 hash:	6a4c1ad774338781d5fe8bff9267d3e19aa8ab2d
MD5 hash:	c80dac4694ac29f9029f56b5b2ae8d2d
humanhash:	pizza-potato-ink-asparagus
File name:	2ps1.ps1
Download:	download sample
File size:	2'714 bytes
First seen:	2026-06-18 06:05:11 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	48:0oTy7ytT7WZuWLxUM2WeYkE54ihLcn0SRRB8kURosLN/YNg3Ul:0O7fWJ7pN5x2/qkU2hN8Ul
TLSH	T1945163B1830E1FBED5CD0884D3823247D0FA3C4876D29D467B35A9521D6F2E456E08D9
Magika	powershell
Reporter	JAMESWT_WT
Tags:	ps1 purmed-ro

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.PUA.IA.Suspicious.73249933.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a338aef54a045c3408a1688

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

powershell

Link:

https://www.filescan.io/uploads/6a338aca90632a45f728949a/reports/9e73ae92-a8c8-405b-b4b6-88250e458caf/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9

Verdict:

Clean

File Type:

ps1

Link:

https://opentip.kaspersky.com/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9

Threat name:

Script-PowerShell.Trojan.GuLoader

Status:

Malicious

First seen:

2026-06-18 06:03:09 UTC

File Type:

Text (Batch)

AV detection:

6 of 24 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7oo6prvcxv7jmtzkfsva6digkvv2gkb3kueedixqeuugip6fuheq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

execution

Link:

https://tria.ge/reports/260618-gtq6gafs7q/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fb9de7c6a2bd7e964f2a2caa0f0d06556ba3283b550841a2f02528643fc5a1c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample