MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4
SHA3-384 hash: 9261325f1e23be849f3b960d9d8f48082df92646abc733ac4d706ac611632f5b709d879e1c419030fb1f6640f605cc50
SHA1 hash: fca74549040545767eccc9b34b88cf6faa6e5fef
MD5 hash: 426485b1eaddd6a2c47f106ccfeacdf9
humanhash: william-finch-robin-gee
File name:vvvv.exe
Download: download sample
File size:85'555'130 bytes
First seen:2026-01-25 08:59:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 573bb7b41bc641bd95c0f5eec13c233b (28 x GuLoader, 16 x VIPKeylogger, 13 x RemcosRAT)
ssdeep 1572864:LXf5w+S6vped1Oaq/Mxt3dxyvB5kGnTa2T+Kw6Vo/E+S8SSLpvmv5/7Ow:LXfyWxevOG/NxyvEGn2pEd+0SLZw
Threatray 88 similar samples on MalwareBazaar
TLSH T16A18330006D00407D424C630AFEE95DAE32150A6E96E7AED954163E7E7EBFC5AD8B4CF
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter zhuzhu0009
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
SC SC
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/58515b93-edf3-4da8-b8e8-27bd71cb3d7c/
Malware family:
n/a
ID:
1
File name:
_fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4
Verdict:
No threats detected
Analysis date:
2026-01-25 09:10:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0066f1a7-5976-42c5-9a5f-6285535c47a0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6975dbe8bec9764f452ea08d
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug base64 blackhole fingerprint golang installer installer installer-heuristic microsoft_visual_cc nsis packed soft-404 unsafe
Link:
https://www.filescan.io/uploads/6975dbc5f3c1b7b1fbdc3e27/reports/9857fa64-9632-44dc-8859-f3d9705793a1/overview
Verdict:
Malicious
Labled as:
QD:Trojan.GenericQ
Link:
https://www.hybrid-analysis.com/sample/fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-22T04:05:00Z UTC
Last seen:
2026-01-26T00:39:00Z UTC
Hits:
~100
Detections:
Backdoor.Win32.Agentb.sb Backdoor.Agent.TCP.C&C Trojan.Win64.Agentb.sb Trojan.Win32.Shellcode.sb Trojan.Win32.Shellcode.lcx Trojan.Win32.Agent.xccdpa Trojan.Win32.Agent.sb
Link:
https://opentip.kaspersky.com/fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Shellcode
Link:
https://tip.neiki.dev/file/fc4e73426643c89b7047cb0a427e068960a9f432da8dd231282e30dd29fdc9a4
Threat name:
Win32.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-22 09:30:55 UTC
File Type:
PE (Exe)
Extracted files:
1590
AV detection:
11 of 24 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7rhhgqtgipejw4chzmfee7qgrfqkt5bs3kg5emjifyyn2kp5zgsa._file
Verdict:
malicious
Label(s):
valleyrat
Create hunting rule
Similar samples:
076e5c3ba9b9b940fb4223938698a45387c239db58200d5782283d8414066024
1e4fbfd2d0e55900fa186a07514f75b7acfb7fc04d25fb9f61ba133fc49a49c7
65637e97f6b08780b550ba4d4d66b4aa3f29f2b627953fd9931aff49acd93229
8ecf6f4e3f83fbd0b0a3189f35a01c239d78fc91ed3f3058a6812fcb803674ac
c29adf79264f40c9fb6acb1d9dac6b40d416918314460dfe1cddbfde705d2f67
error
fa49ec614d29893271b15b511a8c36dc3faf8499136cdda1fb8efc220b27491a
+ 78 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery persistence trojan
Link:
https://tria.ge/reports/260125-kysfwae15g/
Behaviour
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Loads dropped DLL
Malware family:
ValleyRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fc4e73426643/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments