Mal-ecule
H(Cm)Md₂(Bi₂Si)
Objectives
component severity, 99% confident.
anti-static/obfuscation/payload
PE version resource text
component severity, 99% confident.
command-and-control/dropper
Office postc2r build-pipeline PDB path
component severity, 94% confident.
command-and-control/dropper/execution
Office msoxmled.exe PDB marker
component severity, 95% confident.
evasion/indicator-removal
Regex component marker
component severity, 97% confident.
evasion/masquerade
Certificate region begins inside embedded PE
component severity, 95% confident.
evasion/masquerade/identity
Regex component marker
component severity, 95% confident.
evasion/masquerade/version-resource
WinWord internal name string
Micro-behaviors
notable severity, 90% confident.
communications/http
URLDownloadToFile API name as string
baseline severity, 95% confident.
data/embedded
Microsoft code-signing certificate chain
baseline severity, 90% confident.
dylib
Windows GetProcAddress API string
baseline severity, 90% confident.
fs/file
CreateFile API string reference
baseline severity, 70% confident.
os/compat
Check if running under WoW64
baseline severity, 100% confident.
os/module
Reference to SHELL32.dll
baseline severity, 85% confident.
os/registry
Query registry value API string
baseline severity, 90% confident.
process/create
Close handle
Metadata
notable severity, 90% confident.
binary
Valid PE/MZ binary found embedded in file
notable severity, 85% confident.
binary/metrics
PE with malformed section layout
notable severity, 100% confident.
signed
Signed by Microsoft Corporation
baseline severity, 100% confident.
hardening
High-entropy ASLR (64-bit)
component severity, 90% confident.
binary/section
Tiny C string section ratio
20 of 28 traits shown
Identity
| SHA-256 | a0378f5c3f4b5af78def7729019600890e2b2d5c38b36d40933123ce7c8b0d8b |
|---|---|
| Filename | VirusShare_96c421b1c978d49ac85b88919c3c9723 |
Timeline
| First seen | 12 May 2026 19:11 UTC |
|---|---|
| Last analyzed | 25 May 2026 19:12 UTC |
Not seeing what you expected? Let us know