2c1a77d61944974dc2bec5aaf0ec5d0f
Hash
- MD5: 2c1a77d61944974dc2bec5aaf0ec5d0f
- SHA1: f860fe894f11455edc4a10dce7779825a3888517
- SHA256: 9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239
- First Seen: 2026-05-01
- Last Seen: 2026-05-01
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239"
},
"attributes": {
"last_analysis_stats": {
"malicious": 21,
"suspicious": 0,
"undetected": 36,
"harmless": 0,
"timeout": 2,
"confirmed-timeout": 0,
"failure": 3,
"type-unsupported": 13
},
"tags": [
"gzip",
"tar-bundle",
"contains-pe"
],
"magic": "POSIX tar archive (gzip compressed data, was \"result.tar\", last modified: Thu Apr 23 18:32:08 2026, max compression)",
"times_submitted": 2,
"trid": [
{
"file_type": "ReproZip (GZipped)",
"probability": 66.6
},
{
"file_type": "GZipped data",
"probability": 33.3
}
],
"popular_threat_classification": {
"popular_threat_category": [
{
"value": "trojan",
"count": 9
}
],
"popular_threat_name": [
{
"value": "python",
"count": 3
},
{
"value": "deceptivedevelopment",
"count": 2
},
{
"value": "pyagent",
"count": 2
}
],
"suggested_threat_label": "trojan.python/deceptivedevelopment"
},
"bundle_info": {
"highest_datetime": "2026-04-23 18:27:08",
"lowest_datetime": "2021-10-04 23:12:04",
"num_children": 1000,
"extensions": {
"vbs": 1,
"bat": 2,
"exe": 2,
"ico": 6,
"zip": 1,
"whl": 2,
"cat": 3,
"py": 611,
"dll": 14,
"pyw": 1,
"sample": 1,
"gif": 9,
"html": 1,
"ctypes": 1,
"png": 4,
"rst": 2,
"txt": 13,
"pyc": 214,
"pyd": 42,
"def": 4
},
"file_types": {
"ZIP": 2,
"script": 7,
"unknown": 879,
"Portable Executable": 40,
"GIF": 9,
"PNG": 4
},
"type": "GZIP",
"uncompressed_size": 31019802
},
"ssdeep": "786432:J9oMHoWnLz14CknEudVikgbzVNHAqcEPpb0hWgEX/d:J9oMI8Lz14CCrhgbzHgqlPpbkNEXV",
"total_votes": {
"harmless": 0,
"malicious": 0
},
"type_tags": [
"compressed",
"gzip"
],
"last_submission_date": 1778165176,
"last_modification_date": 1780328841,
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Application.Generic.5015262"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260601",
"category": "malicious",
"result": "gz.trojan.python"
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5611",
"engine_update": "20260529",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260529",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59678",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59677",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1219",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260601",
"category": "malicious",
"result": "VBS/DeceptiveDevelopment.A trojan"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260601",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Other:Malware-gen [Trj]"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260601",
"category": "malicious",
"result": "Backdoor.Python.Agent.hg"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260601",
"category": "malicious",
"result": "Application.Generic.5015262"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260531",
"category": "malicious",
"result": "Troj/PyAgent-AP"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.TR/Malware"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260531",
"category": "malicious",
"result": "Application.Generic.5015262"
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260601",
"category": "malicious",
"result": "ti!9EC622624F5F"
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260601",
"category": "malicious",
"result": "Application.Generic.5015262 (B)"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "1925a7e:1925a7e:354c4d2:354c4d2",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44754AVA:64.31344",
"engine_update": "20260601",
"category": "malicious",
"result": "Application.Generic.4850251"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260601",
"category": "malicious",
"result": "TR/Malware"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38693",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260601",
"category": "malicious",
"result": "Application.Generic.D4C86DE [many]"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260530",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107206",
"engine_update": "20260601",
"category": "malicious",
"result": "Troj/PyAgent-AP"
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan:Win32/Ravartar!rfn"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260601",
"category": "malicious",
"result": "PY/Agent.BD"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-01.02",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260601",
"category": "malicious",
"result": "Win32.Trojan.Agent.Tnkl"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Other:Malware-gen [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Trojan:Python/DeceptiveDevelopment.PV"
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": null,
"engine_update": "20260531",
"category": "timeout",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260601",
"category": "timeout",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260601",
"category": "failure",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780320688",
"engine_update": "20260601",
"category": "failure",
"result": null
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.5.4.0",
"engine_update": "20260601",
"category": "failure",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260601-00",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260528",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.783",
"engine_update": "20260528",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
}
},
"size": 28381555,
"md5": "2c1a77d61944974dc2bec5aaf0ec5d0f",
"unique_sources": 2,
"magika": "GZIP",
"sha256": "9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239",
"reputation": 0,
"type_extension": "gzip",
"type_tag": "gzip",
"meaningful_name": "nvidiaRelease.tar.gz",
"type_description": "GZIP",
"tlsh": "T10357337D713899A350FCE6C834E877C2DC2A94E961B2E4B99F9E0418BC53DE6173612C",
"sha1": "f860fe894f11455edc4a10dce7779825a3888517",
"last_analysis_date": 1780321506,
"vhash": "ded3590e9cd5c34367b36b9872f77af9",
"filecondis": {
"raw_md5": "aae0ed89054a1507db23b62ce7c853b3",
"dhash": "0000000000000100"
},
"names": [
"nvidiaRelease.tar.gz",
"payload"
],
"first_submission_date": 1777647673,
"crowdsourced_ai_results": [
{
"source": "palm",
"analysis": "Package: PythonForWindows\r (pypi)\nVersion: 1.0.1\r\nDescription: A codebase aimed to make interaction with Windows and native execution easier\r\n\nThe package contains auxiliary files (`config.py`, `api.py`, `update.vbs`) that implement key functionalities of a sophisticated malware payload. Specifically, the package implements a custom Command and Control (C2) protocol using RC4 encryption and MD5 checksums for payload obfuscation and remote communication (targeting 187.127.248.20:8080). It includes logic for capturing Chrome extension IDs (`EXTENSION0825ARRAY`) and setting up Windows persistence (`REG0825PATH`, `REG0825KEY`). The VBScript file (`update.vbs`) executes an obfuscated command via `cmd.exe` to likely launch the main payload (`chost.exe audiodriver.py`). Furthermore, the `windows/native_exec` component provides functionality for executing raw machine code (x86/x64 assembly), a highly suspicious capability often utilized for arbitrary code injection. The package's internal file naming conventions (`0825` suffix) suggest intent to obfuscate components associated with the malicious payload.",
"verdict": "malicious",
"category": "code_insight",
"id": "9ec622624f5f07c5d86e6048f2710de1e9c5ac7c6a6fad4fcb31121bb67c0239-file-palm"
}
]
}
}
}