Open-source atomic malware analysis

Analyze another

Virus.Hijack_Gen.Trojan.ShellObject.j8Z@a0q1@io_4_1.vir

PE
Verdict: SUSPICIOUS
SHA256: 1fbbc4cfa1d1203aba67e2f7644a8e702f606aff3370c26c465046b8f1359719
Mal-ecule
KO₇(CaEr₅As₇Al₂C₂CoI₂)H₆(CmHfOs₂Po₂DbDs)Md₂(Bi₃)
Size 608.0 KB download
First seen 54 days ago
Analyzed 47 days ago
Ecosystem datamaliciousorder

Objectives

suspicious severity, 85% confident.
credential-access/theft Smart card access with suspicious indicators
suspicious severity, 80% confident.
evasion Randomized or high-entropy export name
notable severity, 90% confident.
anti-static/obfuscation Unusual PE section alignment
notable severity, 84% confident.
anti-static/obfuscation/payload High entropy .data section

Micro-behaviors

notable severity, 90% confident.
communications Encoded external IPv4 address
notable severity, 90% confident.
hardware/smartcard Read smart card attributes
notable severity, 90% confident.
os/random RtlGenRandom export-ordinal alias (SystemFunction036)
notable severity, 95% confident.
process/inject Dynamic LoadLibraryA resolution for remote injection
baseline severity, 92% confident.
fs/enumerate Directory walker using Win32 wide APIs
baseline severity, 95% confident.
mem/protect Extended memory protection modification
baseline severity, 92% confident.
os/module Dynamically resolve own modules and exports
baseline severity, 95% confident.
process/terminate Process termination via TerminateProcess

Metadata

notable severity, 100% confident.
unsigned Binary is not digitally signed
baseline severity, 100% confident.
binary Binary has low average complexity
baseline severity, 90% confident.
binary/section PE .reloc section presence
baseline severity, 95% confident.
dylib::kernel32 links KERNEL32.dll (CreateEventW, GetVersion, FindClose, FindNextFileW, FindFirstFileW, ... +80 more)
baseline severity, 95% confident.
dylib::user32 links USER32.dll (BeginDeferWindowPos, DeferWindowPos, GetPropW, TranslateMessage, UnregisterHotKey, ... +2 more)
baseline severity, 95% confident.
dylib::winscard links WinSCard.dll (SCardLocateCardsByATRW, SCardIsValidContext, SCardLocateCardsA, SCardListReaderGroupsW, SCardReconnect, ... +20 more)
baseline severity, 100% confident.
hardening::no-pie Binary is not position-independent (fixed load address)
baseline severity, 100% confident.
signed::unsigned Binary is not digitally signed

20 of 57 traits shown

Identity

SHA-256 1fbbc4cfa1d1203aba67e2f7644a8e702f606aff3370c26c465046b8f1359719
Filename Virus.Hijack_Gen.Trojan.ShellObject.j8Z@a0q1@io_4_1.vir

Origin

Source harvest
Feed datasets
Ecosystem datamaliciousorder

Timeline

First seen 24 Apr 2026 16:15 UTC
Last analyzed 1 May 2026 13:50 UTC
Last updated 1 May 2026 13:50 UTC

Labeling

Label bad
Label source harvest
Traits version feb13