Open-source atomic malware analysis

Analyze another

Virus.Hijack_Gen.Trojan.ShellObject.m0Z@ae3yXvm_24_1.vir

PE
Verdict: SUSPICIOUS
SHA256: b271f15120e69ae544c096b528961dcb21eb06dab1044973bce2628b2b9e2eaa
Mal-ecule
K₂O₆(C₅As₆Er₂EuI₂S)H₇(Cm₄Cr₂Db₄FHfPoU)Md₃(Bi₈Bk₂Si)
Size 325.6 KB download
First seen 56 days ago
Analyzed 44 days ago
Ecosystem datamaliciousorder

Objectives

suspicious severity, 88% confident.
command-and-control/channel XOR-encrypted UDP broadcast peer chat
baseline severity, 100% confident.
anti-static/obfuscation WININET.DLL absent from PE import table
baseline severity, 90% confident.
evasion/indicator-removal Export timestamp is absent
component severity, 100% confident.
command-and-control/dropper/staging Binary contains high-entropy data regions

Micro-behaviors

notable severity, 85% confident.
communications/socket UDP broadcast peer-to-peer communication
notable severity, 85% confident.
crypto/symmetric/xor XOR message encryption .NET method
notable severity, 70% confident.
data/db LINQ query operations
notable severity, 92% confident.
data/embedded/payload .NET resource bitmap pixel readback
baseline severity, 80% confident.
data/encode/image Pixel operation symbols family A

Metadata

notable severity, 100% confident.
binary PE binary has trailing overlay data
notable severity, 85% confident.
binary/metrics High code section entropy
notable severity, 100% confident.
build PE manifest version != VERSIONINFO product version
notable severity, 100% confident.
signed Binary is not digitally signed
baseline severity, 95% confident.
binary/anomaly PE compile timestamp far in future
baseline severity, 90% confident.
binary/section PE .reloc section presence
baseline severity, 100% confident.
dotnet .NET assembly detected via BSJB CLR metadata signature
baseline severity, 95% confident.
dylib::mscoree links mscoree.dll (CorExeMain)
baseline severity, 100% confident.
hardening DEP / NX enabled (NX_COMPAT)
baseline severity, 90% confident.
lang/compiler mscorlib reference
baseline severity, 70% confident.
package PE InternalName metadata field

20 of 42 traits shown

Identity

SHA-256 b271f15120e69ae544c096b528961dcb21eb06dab1044973bce2628b2b9e2eaa
Filename Virus.Hijack_Gen.Trojan.ShellObject.m0Z@ae3yXvm_24_1.vir

Origin

Source harvest
Feed datasets
Ecosystem datamaliciousorder

Timeline

First seen 24 Apr 2026 16:14 UTC
Last analyzed 7 May 2026 03:08 UTC
Last updated 7 May 2026 03:08 UTC

Labeling

Label bad
Label source harvest
Traits version 7f26a