MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998
SHA3-384 hash: 3f754b84b0ff264a01feda387ad6a357428990aac169692ca35fa762ad4ad7455f24595098a10747927c0f04f4ecbc75
SHA1 hash: f92a777cf38ef1720171205c2b710c8d60818f36
MD5 hash: 10384cde352ec635214b09dfab837b8a
humanhash: comet-river-romeo-coffee
File name:va.py
Download: download sample
File size:19'625 bytes
First seen:2026-03-31 11:04:14 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 384:5Hze5FnAiE1A7nnnn+7AAU4CJ8FdSUpQ8Gs+ni:5Te5FnAiE1A7nnnn+7AAUx8FdSb8Gs+i
TLSH T17B92FB019D9CE61503738969E502D563F58B170395BA1A3AB7FDC2B82F34238C6E8FE5
Magika python
Reporter JAMESWT_WT
Tags:individually-bangkok-dedicated-static py va-py

Intelligence

File Origin
# of uploads :
1
# of downloads :
1
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cba8183a18a6e1ddeffc31
Tags:
ransomware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
unknown
Link:
https://www.filescan.io/uploads/69cbb96d972c219c8d735a01/reports/1f2ace4b-6a29-4803-9d6e-d800209d24b6/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998/results?tab=lookup
Score:
17%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wow7sw5dtjp3qkwjsnejt7uq5vcppvsckxpjnlqfzleoiz25gma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260331-pbj87shz2p/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments