9fe43e08c8f446554340f972dac8a68c
Hash
- MD5: 9fe43e08c8f446554340f972dac8a68c
- SHA1: 30b4a111ca13426054fd46834a9c6583cf344197
- SHA256: 8b10ac9520a1ef24cf2269ec9ee4554b14d3617051f7650a948a03f534bec0d1
- First Seen: 2026-05-14
- Last Seen: 2026-05-14
-
2
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "8b10ac9520a1ef24cf2269ec9ee4554b14d3617051f7650a948a03f534bec0d1",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/8b10ac9520a1ef24cf2269ec9ee4554b14d3617051f7650a948a03f534bec0d1"
},
"attributes": {
"type_extension": "txt",
"tlsh": "T10A25D031B4F3EE5E56982FB798553BD4AC3432E288DC80FB1664E937F132542D32A916",
"popular_threat_classification": {
"suggested_threat_label": "trojan.kimsuky/bluj",
"popular_threat_category": [
{
"count": 20,
"value": "trojan"
},
{
"count": 1,
"value": "dropper"
}
],
"popular_threat_name": [
{
"count": 9,
"value": "kimsuky"
},
{
"count": 2,
"value": "bluj"
},
{
"count": 2,
"value": "malgent"
}
]
},
"sha1": "30b4a111ca13426054fd46834a9c6583cf344197",
"first_seen_itw_date": 1765644566,
"times_submitted": 3,
"last_analysis_date": 1780318459,
"size": 1043153,
"total_votes": {
"harmless": 0,
"malicious": 1
},
"sigma_analysis_summary": {
"Sigma Integrated Rule Set (GitHub)": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0
}
},
"last_submission_date": 1770714187,
"type_description": "Text",
"filecondis": {
"raw_md5": "3cfa02ee112381259182be9315c71370",
"dhash": "d2f298904086c382"
},
"first_submission_date": 1765705992,
"sigma_analysis_stats": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0
},
"crowdsourced_ids_results": [
{
"rule_category": "Misc activity",
"alert_severity": "low",
"rule_msg": "ET INFO Observed DNS Query to VSCode Hosting Domain (vscode .download .prss .microsoft .com)",
"rule_id": "1:2064184",
"rule_source": "Proofpoint Emerging Threats Open",
"rule_url": "https://rules.emergingthreats.net/",
"rule_raw": "alert dns $HOME_NET any -> any any (msg:\"ET INFO Observed DNS Query to VSCode Hosting Domain (vscode .download .prss .microsoft .com)\"; dns.query; bsize:34; content:\"vscode.download.prss.microsoft.com\"; nocase; classtype:misc-activity; sid:2064184; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_08_27, deployment Perimeter, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_08_27;)",
"alert_context": [
{
"dest_ip": "8.8.8.8",
"dest_port": 53
}
]
},
{
"rule_category": "Misc activity",
"alert_severity": "low",
"rule_msg": "ET INFO Observed VSCode Hosting Domain (vscode .download .prss .microsoft .com in TLS SNI)",
"rule_id": "1:2064185",
"rule_source": "Proofpoint Emerging Threats Open",
"rule_url": "https://rules.emergingthreats.net/",
"rule_raw": "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:\"ET INFO Observed VSCode Hosting Domain (vscode .download .prss .microsoft .com in TLS SNI)\"; flow:established,to_server; tls.sni; bsize:34; content:\"vscode.download.prss.microsoft.com\"; fast_pattern; classtype:misc-activity; sid:2064185; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_08_27, deployment Perimeter, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_08_27;)",
"alert_context": [
{
"dest_ip": "199.232.210.172",
"dest_port": 443,
"ja3": [
"3c293bdf2a25c07559b560ba86debc77"
],
"ja3s": [
"f4febc55ea12b31ae17cfb7e614afda8"
]
}
]
}
],
"magic": "ASCII text, with very long lines (65536u), with no line terminators",
"last_modification_date": 1780325682,
"tags": [
"obfuscated",
"long-sleeps",
"executes-dropped-file",
"detect-debug-environment",
"text",
"calls-wmi"
],
"unique_sources": 3,
"ssdeep": "24576:o/YAQwH7+/YAQwH7YO/YAQwH7x/YAQwH7T/YAQwH7H/YAQwH7q/YAQwH70/YAQwV:VwH7TwH7YDwH7MwH7ewH7qwH7XwH7pwV",
"last_analysis_stats": {
"malicious": 34,
"suspicious": 0,
"undetected": 27,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 0,
"type-unsupported": 14
},
"sha256": "8b10ac9520a1ef24cf2269ec9ee4554b14d3617051f7650a948a03f534bec0d1",
"sigma_analysis_results": [
{
"rule_level": "high",
"rule_id": "8d980d509aaf7ca8f2c6cd9dd23e8ea6eb18328ca64711cb6e059ecec024fe0a",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Outbound Network Connection Initiated By Script Interpreter",
"rule_description": "Detects a script interpreter wscript/cscript opening a network connection to a non-local network. Adversaries may use script to download malicious payloads.",
"rule_author": "frack113, Florian Roth (Nextron Systems)",
"match_context": [
{
"values": {
"SourceIsIpv6": "false",
"DestinationPort": "443",
"DestinationIp": "199.232.210.172",
"Protocol": "tcp",
"SourceIp": "192.168.122.100",
"DestinationIsIpv6": "false",
"EventID": "3",
"Image": "C:\\Windows\\System32\\WScript.exe",
"SourcePort": "49708",
"Initiated": "true"
}
},
{
"values": {
"SourceIsIpv6": "false",
"DestinationPort": "80",
"Initiated": "true",
"Protocol": "tcp",
"SourceIp": "192.168.122.100",
"DestinationIsIpv6": "false",
"EventID": "3",
"SourcePort": "49709",
"Image": "C:\\Windows\\System32\\WScript.exe",
"DestinationIp": "23.60.131.209"
}
}
]
},
{
"rule_level": "medium",
"rule_id": "884b7e21f67a56fc9cb312bdbc27e658c101c449662b2f9e25fd463a75715971",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Registry Tampering by Potentially Suspicious Processes",
"rule_description": "Detects suspicious registry modifications made by suspicious processes such as script engine processes such as WScript, or CScript etc.\nThese processes are rarely used for legitimate registry modifications, and their activity may indicate an attempt to modify the registry\nwithout using standard tools like regedit.exe or reg.exe, potentially for evasion and persistence.\n",
"rule_author": "Swachchhanda Shrawan Poudel (Nextron Systems)",
"match_context": [
{
"values": {
"Details": "DWORD (0x00000001)",
"EventType": "SetValue",
"Image": "C:\\Windows\\System32\\WScript.exe",
"EventID": "13",
"TargetObject": "HKU\\S-1-5-21-1070296143-2877979003-364783958-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass"
}
},
{
"values": {
"EventType": "SetValue",
"Details": "DWORD (0x00000001)",
"Image": "C:\\Windows\\System32\\WScript.exe",
"EventID": "13",
"TargetObject": "HKU\\S-1-5-21-1070296143-2877979003-364783958-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
}
},
{
"values": {
"Details": "DWORD (0x00000001)",
"EventID": "13",
"Image": "C:\\Windows\\System32\\WScript.exe",
"EventType": "SetValue",
"TargetObject": "HKU\\S-1-5-21-1070296143-2877979003-364783958-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet"
}
},
{
"values": {
"Details": "DWORD (0x00000000)",
"EventID": "13",
"Image": "C:\\Windows\\System32\\WScript.exe",
"EventType": "SetValue",
"TargetObject": "HKU\\S-1-5-21-1070296143-2877979003-364783958-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
}
},
{
"values": {
"Details": "(Empty)",
"EventType": "SetValue",
"Image": "C:\\Windows\\System32\\WScript.exe",
"EventID": "13",
"TargetObject": "HKU\\S-1-5-21-1070296143-2877979003-364783958-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CachePrefix"
}
}
]
}
],
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Text.Kimsuky.4!c"
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Kimsuky.13"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260531",
"category": "malicious",
"result": "JS/Agent.mr"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Script.Agent"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260531",
"category": "malicious",
"result": "Trojan.Kimsuky.13"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260529",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59677",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59678",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20230417",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Kimsuky.13"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1218",
"engine_update": "20260529",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Gen.NPE"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260601",
"category": "malicious",
"result": "JS/Kimsuky.I trojan"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260601",
"category": "malicious",
"result": "TROJ_FRS.0NA103BH26"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Other:Malware-gen [Trj]"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260601",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260601",
"category": "malicious",
"result": "HEUR:Trojan.Script.Generic"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Kimsuky.13"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Script.ExpKit.fpdsbh"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260530",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260531",
"category": "malicious",
"result": "JS/Agent-BLUJ"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.TR/Malware"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260601",
"category": "malicious",
"result": "JS.Muldrop.1136"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5611",
"engine_update": "20260529",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260601",
"category": "malicious",
"result": "TROJ_FRS.0NA103BH26"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260601",
"category": "malicious",
"result": "ti!8B10AC9520A1"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260601",
"category": "malicious",
"result": "txt.trojan.kimsuky"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Kimsuky.13 (B)"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "1925a7e:1925a7e:354c4d2:354c4d2",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260531",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780311674",
"engine_update": "20260601",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260601",
"category": "malicious",
"result": "TR/Malware"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38693",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan:JS/Malgent!MSR"
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260601",
"category": "malicious",
"result": "JS.S.Agent.1043153"
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107206",
"engine_update": "20260601",
"category": "malicious",
"result": "JS/Agent-BLUJ"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44752AVA:64.31343",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.Kimsuky.13"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260601",
"category": "malicious",
"result": "JS/Agent.SU!Eldorado"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260601",
"category": "malicious",
"result": "Dropper/JS.Agent"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-01.02",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260601",
"category": "malicious",
"result": "Script.Trojan.Generic.Udkl"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260531",
"category": "malicious",
"result": "JS/Agent.mr"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Trojan.JS.Malgent"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260601",
"category": "malicious",
"result": "Other:Malware-gen [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260601",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Trojan:Multi/Generic.Gen"
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260601-00",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260528",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.783",
"engine_update": "20260528",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": null,
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260601",
"category": "type-unsupported",
"result": null
}
},
"meaningful_name": "2026\ub144 \uc0c1\ubc18\uae30 \uad6d\ub0b4\ub300\ud559\uc6d0 \uc11d\uc0ac\uc57c\uac04\uacfc\uc815 \uc704\ud0c1\uad50\uc721\uc0dd \uc120\ubc1c\uad00\ub828 \uc11c\ub958 (1).hwpx.jse",
"magika": "TXT",
"reputation": -52,
"type_tag": "text",
"names": [
"2026\ub144 \uc0c1\ubc18\uae30 \uad6d\ub0b4\ub300\ud559\uc6d0 \uc11d\uc0ac\uc57c\uac04\uacfc\uc815 \uc704\ud0c1\uad50\uc721\uc0dd \uc120\ubc1c\uad00\ub828 \uc11c\ub958 (1).hwpx.jse"
],
"type_tags": [
"text"
],
"crowdsourced_ids_stats": {
"high": 0,
"medium": 0,
"low": 2,
"info": 0
},
"crowdsourced_yara_results": [
{
"ruleset_id": "0122bae1e9",
"ruleset_version": "0122bae1e9|589bbefc22847193cac455858fa15e627d671918",
"ruleset_name": "Base64_Encoded_URL",
"rule_name": "Base64_Encoded_URL",
"match_date": 1780318484,
"description": "This signature fires on the presence of Base64 encoded URI prefixes (http:// and https://) across any file. The simple presence of such strings is not inherently an indicator of malicious content, but is worth further investigation.",
"author": "InQuest Labs",
"source": "https://github.com/InQuest/yara-rules-vt"
}
],
"md5": "9fe43e08c8f446554340f972dac8a68c",
"sandbox_verdicts": {
"Zenbox": {
"category": "malicious",
"malware_classification": [
"MALWARE",
"EVADER"
],
"sandbox_name": "Zenbox",
"confidence": 80
},
"Dr.Web vxCube": {
"category": "malicious",
"malware_classification": [
"MALWARE"
],
"sandbox_name": "Dr.Web vxCube"
}
}
}
}
}
Related Reports
2026-05-14
Kaspersky