53636c80d43a3c461dc8a3d2a2f2d4e1
Hash
- MD5: 53636c80d43a3c461dc8a3d2a2f2d4e1
- SHA1: ec14f0d7f8621517d6541757cf03e255aad2f8ce
- SHA256: dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a
- First Seen: 2026-05-21
- Last Seen: 2026-05-21
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a",
"sha3_384_hash": "e5ff7eb4ffb376509033988f080acd6698eb79c2a8f0719034330290a0909c37beb832c88ea9ed175e82a2f7544b9d7b",
"sha1_hash": "ec14f0d7f8621517d6541757cf03e255aad2f8ce",
"md5_hash": "53636c80d43a3c461dc8a3d2a2f2d4e1",
"first_seen": "2026-05-08 12:30:26",
"last_seen": null,
"file_name": "dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a",
"file_size": 1899008,
"file_type_mime": "application/x-dosexec",
"file_type": "exe",
"file_format": "PE",
"file_arch": "I386",
"reporter": "adrian__luca",
"origin_country": "HU",
"anonymous": 0,
"signature": null,
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
"tlsh": "T1E2951214725BDE02C9A60B7459F0E33007F46D95E422C3576FE67DDBBA3AB922984383",
"telfhash": null,
"gimphash": null,
"ssdeep": "49152:PjNDSStH6BmGMBdRb8GaHKNXoJf8xEjUeU/TSANSPCIqUw:bUStH31BLbeqFoaxEjUeUuAirw",
"magika": "pebin",
"dhash_icon": null,
"trid": [
"73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)",
"6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)",
"6.6% (.EXE) Win64 Executable (generic) (6522/11/2)",
"4.5% (.EXE) Win32 Executable (generic) (4504/4/1)",
"2.0% (.ICL) Windows Icons Library (generic) (2059/9)"
],
"comment": null,
"archive_pw": null,
"tags": [
"exe"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": [
"SecuriteInfo.com.Trojan.PackedNET.389-2.UNOFFICIAL",
"Win.Packed.Malwarex-10059921-0"
],
"downloads": "47",
"uploads": "1",
"mail": null
},
"file_information": [
{
"context": "cape",
"value": "https://www.capesandbox.com/analysis/65016/"
}
],
"ole_information": [],
"yara_rules": [
{
"rule_name": "NET",
"author": "malware-lu",
"description": null,
"reference": null
},
{
"rule_name": "pe_imphash",
"author": null,
"description": null,
"reference": null
},
{
"rule_name": "Skystars_Malware_Imphash",
"author": "Skystars LightDefender",
"description": "imphash",
"reference": null
}
],
"vendor_intel": {
"ANY.RUN": [
{
"malware_family": null,
"verdict": "No threats detected",
"file_name": "Commercial Invoice and PL#ZCOO170.zip",
"date": "2026-04-02 04:54:57",
"analysis_url": "https://app.any.run/tasks/97277d03-25cd-4f74-ba46-9bf4d50eb058",
"tags": []
}
],
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "0.84"
},
"vxCube": {
"verdict": "malware2",
"maliciousness": "100",
"behaviour": [
{
"threat_level": "malicious",
"rule": "Adding an exclusion to Microsoft Defender"
},
{
"threat_level": "malicious",
"rule": "Enabling autorun by creating a file"
},
{
"threat_level": "neutral",
"rule": "Creating a window"
},
{
"threat_level": "neutral",
"rule": "Sending a custom TCP request"
},
{
"threat_level": "neutral",
"rule": "Creating a process with a hidden window"
},
{
"threat_level": "neutral",
"rule": "Creating a file in the %AppData% directory"
},
{
"threat_level": "neutral",
"rule": "Enabling the 'hidden' option for recently created files"
},
{
"threat_level": "neutral",
"rule": "Adding an access-denied ACE"
},
{
"threat_level": "neutral",
"rule": "Creating a file in the %temp% directory"
},
{
"threat_level": "neutral",
"rule": "Unauthorized injection to a recently created process"
},
{
"threat_level": "neutral",
"rule": "Restart of the analyzed sample"
},
{
"threat_level": "neutral",
"rule": "Creating a file"
}
]
},
"Intezer": {
"verdict": "suspicious",
"family_name": null,
"analysis_url": "https://analyze.intezer.com/analyses/0329261b-ecf3-4179-90d1-c24f804e0da8?utm_source=MalwareBazaar"
},
"CAPE": {
"detection": null,
"link": "https://www.capesandbox.com/analysis/65016/"
},
"Triage": {
"malware_family": null,
"score": "8",
"link": "https://tria.ge/reports/260508-pr1wwsg14z/",
"tags": [
"discovery",
"execution"
],
"signatures": [
{
"signature": "Command and Scripting Interpreter: PowerShell",
"score": "8"
},
{
"signature": ".NET Reactor proctector",
"score": "7"
},
{
"signature": "Checks computer location settings",
"score": "7"
},
{
"signature": "Drops startup file",
"score": "7"
},
{
"signature": "Suspicious use of SetThreadContext",
"score": "5"
},
{
"signature": "Enumerates physical storage devices",
"score": "3"
},
{
"signature": "System Location Discovery: System Language Discovery",
"score": "3"
},
{
"signature": "Suspicious behavior: EnumeratesProcesses",
"score": null
},
{
"signature": "Suspicious use of AdjustPrivilegeToken",
"score": null
},
{
"signature": "Suspicious use of WriteProcessMemory",
"score": null
}
],
"malware_config": []
},
"ReversingLabs": {
"threat_name": "ByteCode-MSIL.Trojan.SnakeKeylogger",
"status": "MALICIOUS",
"first_seen": "2026-04-02 01:46:38",
"scanner_count": "36",
"scanner_match": "25",
"scanner_percent": "69.44"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"UnpacMe": [
{
"sha256_hash": "dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a",
"md5_hash": "53636c80d43a3c461dc8a3d2a2f2d4e1",
"sha1_hash": "ec14f0d7f8621517d6541757cf03e255aad2f8ce",
"detections": [],
"link": "https://www.unpac.me/results/d8bee49c-6113-4351-a24f-4ac9576a9722/"
},
{
"sha256_hash": "ab12e8ad317584f53ab4c082f5f328906122a0510730a56150a45b38029e0efd",
"md5_hash": "9be0b3aef281ca624a14ebc56328cb83",
"sha1_hash": "3d195f9b85a991d06570e277bd535bffdc8e7f04",
"detections": [],
"link": "https://www.unpac.me/results/d8bee49c-6113-4351-a24f-4ac9576a9722/"
},
{
"sha256_hash": "4447fe8d112e6455f2dc2764ef66df2e8b028838c99706f2c565058d08d1bac4",
"md5_hash": "a12cf68b20113c7325bcdefc4dfd9fa0",
"sha1_hash": "a4d8c80cfccf2e0d45299a0de1d59520a7e3ab85",
"detections": [],
"link": "https://www.unpac.me/results/d8bee49c-6113-4351-a24f-4ac9576a9722/"
},
{
"sha256_hash": "860e8496f15898e2b2d04addda2dab1f0a3631b4140752664fb7e5271bc45cb4",
"md5_hash": "c365f86d1032e279e124cfedec6e9bc0",
"sha1_hash": "fa694f1876c62890038fdc03aa60dc434ad5134e",
"detections": [],
"link": "https://www.unpac.me/results/d8bee49c-6113-4351-a24f-4ac9576a9722/"
}
],
"FileScan-IO": {
"verdict": "MALICIOUS",
"threatlevel": "1.0",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69fdd8dedf14f1cb2acdc918/reports/a30d4693-0654-4b62-b3d6-3599497f68db/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "exe x32",
"first_seen": "2026-04-01T22:14:00Z",
"last_seen": "2026-05-10T09:45:00Z",
"hitscount": 10000,
"report_link": "https://opentip.kaspersky.com/dd48995359efa2f7642f520c8882e03c10bc0d1eeb626315479e65a8d164ff8a/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}