6869766741b40825e31fd8bbff688bd3
Hash
- MD5: 6869766741b40825e31fd8bbff688bd3
- SHA1: 2ef17de34b258b13fdbf0974c4b73824323b35cf
- SHA256: 7db1dfb77da7f4790df11e6b753e0a3d71749bec57faeaa68043705a584cc5ec
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "7db1dfb77da7f4790df11e6b753e0a3d71749bec57faeaa68043705a584cc5ec",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/7db1dfb77da7f4790df11e6b753e0a3d71749bec57faeaa68043705a584cc5ec"
},
"attributes": {
"filecondis": {
"dhash": "fedcececca92a544",
"raw_md5": "ee20c7cacbac68ecac8281846cd831d7"
},
"sha1": "2ef17de34b258b13fdbf0974c4b73824323b35cf",
"sigma_analysis_results": [
{
"rule_level": "medium",
"rule_id": "6291f85314c7d9966be831c56d3cdfb30f42c84f599273e73dac5c95e1122abf",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Usage Of Web Request Commands And Cmdlets - ScriptBlock",
"rule_description": "Detects the use of various web request commands with commandline tools and Windows PowerShell cmdlets (including aliases) via PowerShell scriptblock logs",
"rule_author": "James Pemberton / @4A616D6573",
"match_context": [
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "ecb11124-ef11-4fa8-988d-42bc827f3081",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
},
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "64766ba6-71eb-479e-91ac-a0940204eb03",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
}
]
},
{
"rule_level": "medium",
"rule_id": "6e1823de286f8bef414c648f5738bec3bd40700cba3765da26e6500bc2d8e387",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Powershell Detect Virtualization Environment",
"rule_description": "Adversaries may employ various system checks to detect and avoid virtualization and analysis environments.\nThis may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox\n",
"rule_author": "frack113, Duc.Le-GTSC",
"match_context": [
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "ecb11124-ef11-4fa8-988d-42bc827f3081",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
},
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"MessageTotal": "1",
"ScriptBlockId": "64766ba6-71eb-479e-91ac-a0940204eb03",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"EventID": "4104",
"MessageNumber": "1"
}
}
]
},
{
"rule_level": "low",
"rule_id": "80e1441e8251586c742da610b4bceb4d94fbe79f4e8b64b9745b6a11da90d7c1",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "PowerShell Script With File Upload Capabilities",
"rule_description": "Detects PowerShell scripts leveraging the \"Invoke-WebRequest\" cmdlet to send data via either \"PUT\" or \"POST\" method.",
"rule_author": "frack113",
"match_context": [
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "ecb11124-ef11-4fa8-988d-42bc827f3081",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
},
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "64766ba6-71eb-479e-91ac-a0940204eb03",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
}
]
},
{
"rule_level": "low",
"rule_id": "b0d225f3239543a37159ba2855ee1e7972c6bff3c83ce7aed9056599f6ee6314",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Suspicious Process Discovery With Get-Process",
"rule_description": "Get the processes that are running on the local computer.",
"rule_author": "frack113",
"match_context": [
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"MessageTotal": "1",
"ScriptBlockId": "ecb11124-ef11-4fa8-988d-42bc827f3081",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"EventID": "4104",
"MessageNumber": "1"
}
},
{
"values": {
"ScriptBlockText": "$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$sdvbsdvgiiiiiiiiiiiiidesdddd = Join-Path $env:AppData \"Microsoft\";\r\n$fgbdfgdfhdfg= \"asdfdgtrBGONJOUFOAISFAwefsdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$dhfjkg= \"sdjkghjkldshgjkldhsgjkdshgjkhkjfgl;kjkldsgjl;kdjgkeiorgjioejrgjdlksjglkjdsgkdsgkh\";\r\n$CCCCCCscscsc = \"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\"\r\n\r\n$derrhfjkg= \"sdjkdgdgd [TRUNCATED]",
"Path": "C:\\Users\\Bruno\\Desktop\\bpvme.ps1",
"ScriptBlockId": "64766ba6-71eb-479e-91ac-a0940204eb03",
"MessageTotal": "1",
"EventID": "4104",
"MessageNumber": "1"
}
}
]
},
{
"rule_level": "low",
"rule_id": "c085cde9af85b182e783b8d7b42d66d3d0efe08696b4fe7946da3d5d1a2cd51e",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Potential PowerShell Obfuscation Using Alias Cmdlets",
"rule_description": "Detects Set-Alias or New-Alias cmdlet usage. Which can be use as a mean to obfuscate PowerShell scripts",
"rule_author": "frack113",
"match_context": [
{
"values": {
"ScriptBlockText": "Set-Alias -Name ncim -Value New-CimInstance -Option ReadOnly, AllScope -ErrorAction SilentlyContinue",
"Path": "",
"ScriptBlockId": "13e0881d-99b8-4d15-bfad-f652915f8768",
"MessageTotal": "1",
"MessageNumber": "1",
"EventID": "4104"
}
}
]
}
],
"type_extension": "ps1",
"type_tag": "powershell",
"popular_threat_classification": {
"popular_threat_category": [
{
"count": 18,
"value": "trojan"
},
{
"count": 3,
"value": "downloader"
}
],
"popular_threat_name": [
{
"count": 18,
"value": "kimsuky"
},
{
"count": 8,
"value": "powershell"
},
{
"count": 2,
"value": "pwrsh"
}
],
"suggested_threat_label": "trojan.kimsuky/powershell"
},
"vhash": "6e2965b2a61c50e9fa6b8f4e6ae5ced3",
"javascript_info": {
"tags": [
"malformed"
]
},
"first_submission_date": 1773431846,
"tlsh": "T12B51E114B35AC681C056C7B7CEE97D1BA135048EBD005A3880EB5E4CF9B553AC8E61DA",
"type_description": "Powershell",
"tags": [
"powershell",
"long-sleeps",
"calls-wmi",
"url-pattern",
"detect-debug-environment"
],
"times_submitted": 1,
"sigma_analysis_stats": {
"critical": 0,
"high": 0,
"medium": 2,
"low": 3
},
"last_analysis_date": 1779858601,
"magika": "POWERSHELL",
"unique_sources": 1,
"meaningful_name": "bpvme.ps1",
"size": 3001,
"total_votes": {
"harmless": 0,
"malicious": 2
},
"last_analysis_stats": {
"malicious": 29,
"suspicious": 0,
"undetected": 32,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 13
},
"sha256": "7db1dfb77da7f4790df11e6b753e0a3d71749bec57faeaa68043705a584cc5ec",
"last_modification_date": 1779920912,
"powershell_info": {
"cmdlets": [
"convertto-json",
"get-ciminstance",
"get-content",
"get-date",
"get-process",
"get-wmiobject",
"invoke-restmethod",
"join-path",
"new-object",
"out-file",
"remove-item",
"select-object",
"split-path",
"where-object",
"write-output"
],
"ps_variables": [
"$null"
]
},
"names": [
"bpvme.ps1"
],
"md5": "6869766741b40825e31fd8bbff688bd3",
"type_tags": [
"source",
"powershell",
"ps",
"ps1"
],
"sandbox_verdicts": {
"Zenbox": {
"category": "harmless",
"malware_classification": [
"CLEAN"
],
"sandbox_name": "Zenbox",
"confidence": 97
},
"C2AE": {
"category": "undetected",
"malware_classification": [
"UNKNOWN_VERDICT"
],
"sandbox_name": "C2AE"
}
},
"ssdeep": "48:s7Bkj7BFB9BazgI7wA9tc/9EDM9VqWxMT4b+i/se+iNnLF3bXckMxrE7pWd3HmXJ:s7+j7j7iTsA9tc/9DVqWx+4bJ/seJhL5",
"reputation": -2,
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Script.Kimsuky.4!c"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260526",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.PowerShell.Agent"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5608",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.54.59625",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.54.59625",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20230417",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Kimsuky.16"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "3441629:3441629:bcc2753:bcc2753",
"engine_update": "20260526",
"category": "malicious",
"result": "TrojanDownloader/PS.NetLoader.md"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1215",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.PS.Agent.JJN"
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan Horse"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260527",
"category": "malicious",
"result": "PowerShell/Kimsuky.AW trojan"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260527",
"category": "malicious",
"result": "PwrSh:Kimsuky-S [Trj]"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260527",
"category": "malicious",
"result": "UDS:Trojan.PowerShell.Agent"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Kimsuky.16"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Kimsuky.16"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260527",
"category": "malicious",
"result": "Stealer.[Kimsuky]Agent/PS!1.13F30 (CLASSIC)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.TR/Kimsuky.S"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260527",
"category": "malicious",
"result": "PowerShell.DownLoader.2890"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Kimsuky.16"
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260527",
"category": "malicious",
"result": "ti!7DB1DFB77DA7"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260527",
"category": "malicious",
"result": "powershell.trojan.kimsuky"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Kimsuky.16 (B)"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.PowerShell.Kimsuky"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1779854467",
"engine_update": "20260527",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260526",
"category": "malicious",
"result": "TR/Kimsuky.S"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.246.174",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38678",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan:PowerShell/Kimsuky!AMTB"
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107039",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44690AVA:64.31313",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Kimsuky.16"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260527",
"category": "malicious",
"result": "ABTrojan.XDOG-"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260527",
"category": "malicious",
"result": "Downloader/PowerShell.Generic"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-27.01",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260527",
"category": "malicious",
"result": "Win32.Trojan.Kimsuky.Aujl"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260527",
"category": "malicious",
"result": "PwrSh:Kimsuky-S [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Trojan:Win/Kimsuky.AI"
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260526",
"category": "failure",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260526-00",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": null,
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.263",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.782",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
}
},
"magic": "ASCII text",
"last_submission_date": 1773431846,
"sigma_analysis_summary": {
"Sigma Integrated Rule Set (GitHub)": {
"critical": 0,
"high": 0,
"medium": 2,
"low": 3
}
}
}
}
}