Malicious batch file reveals full behavior only when it's started by a double-click.

0/64 detections on VirusTotal
as of 04.07.2024

malicious file executes only when it's started by a double-click

The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). 

This batch file reveals its full behavior only when it’s started by a double-click indicating an actual user, or via the command line, in which case it terminates early.

No detections on VirusTotal

0 of 64

HASH: c87215ddba4bbda4ff1c9cf6a8d95012e42d3cecfeb1c22e65f7880e4102388b

a malicious batch file reveals its full behavior only when it's started with a double-click

Dive deeper into the report

See why we think this is malicious in plain language.

See the whole path of the sample’s execution

Map the malicious activities on the MITRE ATT&CK Framework

Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams

Download the IOCs and artifacts to have a clear picture of the threat.

Download the files that the malware downloads, drops or modifies.

Explore how you can use these insights

Tech Insights Deep Dive of April:
Detection Strategies & Operational Excellence

join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:

Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!

Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!