Mal-ecule
KO₆(As₉Er₂C₅IP₂S)H₂(FPo₃)Md₅(Bi₆SiPa)
Well-known
hostile severity, 98% confident.
malware/dropper
Chocolatey-mimic dropper with Linux tool decoys
Objectives
suspicious severity, 96% confident.
anti-static/obfuscation
Malformed importless PE stub with embedded payload
notable severity, 82% confident.
evasion/self-delete
cmd /c del argument fragment
Micro-behaviors
notable severity, 80% confident.
data/embedded
Embedded PE/MZ binary
notable severity, 80% confident.
fs/path
References legacy DOS/Windows boot configuration files
notable severity, 95% confident.
process/inject
Dynamic LoadLibraryA resolution for remote injection
Metadata
notable severity, 95% confident.
binary
PE checksum mismatch (modified binary)
notable severity, 90% confident.
encoded-payload
Encoded payload detected: xor
notable severity, 85% confident.
lang/compiler
PE linked with binutils 2.x (MinGW/GCC)
notable severity, 80% confident.
signed::unsigned-pe-executable
PE executable is unsigned
notable severity, 100% confident.
unsigned
Binary is not digitally signed
baseline severity, 95% confident.
binary/section
UPX packed section name
baseline severity, 95% confident.
dylib::kernel32
links KERNEL32.DLL (LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect)
baseline severity, 95% confident.
dylib::mfc42
links MFC42.DLL (ORDINAL 859)
baseline severity, 95% confident.
dylib::msvcrt
links MSVCRT.dll (exit)
baseline severity, 95% confident.
dylib::shell32
links SHELL32.dll (SHChangeNotify)
baseline severity, 100% confident.
hardening
Writable and executable section (W^X violation)
baseline severity, 100% confident.
hardening::no-pie
Binary is not position-independent (fixed load address)
baseline severity, 100% confident.
signed::unsigned
Binary is not digitally signed
binary
notable severity, 90% confident.
embedded
Embedded PE binary at file offset 0x28fa (~69632 bytes)
20 of 47 traits shown
Identity
| SHA-256 | 2da17b93d685d05feb6e9790ae5967abd6becd24663ce37211f679db8aa80e38 |
|---|---|
| Canonical SHA-256 | 090909aec5882d9b423f322fc9acc54753928f0d73511e6162d4ba3ea071e4e2 |
| Filename | Trojan.Danger_Trojan.GenericKD.72677122_6.vir |
Origin
| Source | harvest |
|---|---|
| Feed | datasets |
| Ecosystem | datamaliciousorder |
Timeline
| First seen | 24 Apr 2026 16:15 UTC |
|---|---|
| Last analyzed | 3 May 2026 07:30 UTC |
| Last updated | 3 May 2026 07:30 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
| Traits version | b2c18 |
Not seeing what you expected? Let us know