Objectives
suspicious severity, 85% confident.
credential-access/theft
Smart card access with suspicious indicators
suspicious severity, 80% confident.
evasion
Randomized or high-entropy export name
notable severity, 90% confident.
anti-static/obfuscation
Unusual PE section alignment
notable severity, 84% confident.
anti-static/obfuscation/payload
High entropy .data section
Micro-behaviors
notable severity, 90% confident.
communications
Encoded external IPv4 address
notable severity, 90% confident.
hardware/smartcard
Enumerate smart card readers
notable severity, 90% confident.
os/random
RtlGenRandom export-ordinal alias (SystemFunction036)
notable severity, 95% confident.
process/inject
Dynamic LoadLibraryA resolution for remote injection
baseline severity, 92% confident.
fs/enumerate
Directory walker using Win32 wide APIs
baseline severity, 95% confident.
mem/protect
Extended memory protection modification
baseline severity, 92% confident.
os/module
Dynamically resolve own modules and exports
baseline severity, 95% confident.
process/terminate
Process termination via TerminateProcess
Metadata
notable severity, 100% confident.
unsigned
Binary is not digitally signed
baseline severity, 100% confident.
binary
Binary has 1000 or more strings
baseline severity, 90% confident.
binary/section
PE .reloc section presence
baseline severity, 95% confident.
dylib::kernel32
links KERNEL32.dll (CreateEventW, GetVersion, FindClose, FindNextFileW, FindFirstFileW, ... +80 more)
baseline severity, 95% confident.
dylib::user32
links USER32.dll (UnregisterHotKey, BeginDeferWindowPos, TranslateMessage, DeferWindowPos, CreateMenu, ... +2 more)
baseline severity, 95% confident.
dylib::winscard
links WinSCard.dll (SCardIsValidContext, SCardListReaderGroupsW, SCardListReadersW, SCardLocateCardsA, SCardLocateCardsByATRW, ... +20 more)
baseline severity, 100% confident.
hardening::no-pie
Binary is not position-independent (fixed load address)
baseline severity, 100% confident.
signed::unsigned
Binary is not digitally signed
20 of 57 traits shown
Identity
| SHA-256 | 1be6748eddf875f17d4518b4973762eb006121cb3386d3a3bfd1f1c24e90ad85 |
|---|---|
| Filename | Virus.Hijack_Gen.Trojan.ShellObject.j8Z@a0q1@io_1_1.vir |
Origin
| Source | harvest |
|---|---|
| Feed | datasets |
| Ecosystem | datamaliciousorder |
Timeline
| First seen | 24 Apr 2026 16:15 UTC |
|---|---|
| Last analyzed | 30 Apr 2026 15:21 UTC |
| Last updated | 30 Apr 2026 15:21 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
| Traits version | f6cf3 |
Not seeing what you expected? Let us know