MB-6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d
high
📛 Threat Title
Unknown: remotepe_2023-10-17_6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.bin
Description
File type: exe. Size: 553030 bytes. Tags: exe, Lazarus, RemotePE. Reporter: foxit_srt. First seen: 2026-05-22 15:48:43.
Remediations (10)
-
web:4sysops.com
The April 2026 Patch Tuesday updates add anti-phishing protection to the Windows Remote Desktop client (mstsc.exe). The change — assigned CVE-2026-26151 — means that opening an .rdp file now triggers a security dialog that lists all requested resource-sharing settings, each disabled by default. Files without a verifiable publisher show a red "Caution: Unknown remote connection" banner. The ...
-
web:access.redhat.com
Get product support and knowledge from the open source experts. You are here
-
web:askubuntu.com
9 Update: Kernel 6.8.-117.117 is released now and features a kernel-level fix for CVE-2026-31431. While the website may be down, the security email list continues to work apparently and they have emailed about a mitigation there in an email from 30.04.2026 18:06 CET. The issue should be mitigated for now thanks to USN-8226-1 and USN-8226-2.
-
web:cert.europa.eu
CERT-EU - High Vulnerability in the Linux Kernel ("Copy Fail") As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed ...
-
web:learn.microsoft.com
Starting with the April 2026 security update, the Remote Desktop Connection app shows new security warnings when you open RDP files. This article explains what these warnings mean and how to respond to them safely.
-
web:ubuntu.com
A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated cryptographic functions: algif_aead. The vulnerab […]
-
web:woshub.com
The Encryption Oracle Remediation policy provides 3 levels of mitigation for the CredSSP vulnerability: Force Updated Clients - the most secure mode, which blocks vulnerable computer connections. If this option is enabled on the RDP host, it will block RDP connections from client computers with a vulnerable version of CredSSP.
-
web:www.cisa.gov
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
-
web:www.systemcenterdudes.com
Leave remediation empty. Assign the script to a group Create an Intune policy for Secure Boot Certificate Go to the Intune portal Browse to Devices / Configurations and create a new policy Select Windows 10 or later and Settings catalog Provide the name of the policy Click on Add settings and search for Secure boot Pick the 3 Secure boot settings.
-
web:www.windowsdigitals.com
Can't install or run an app from unknown publisher? Here's how to allow unknown publisher in Windows 11/ 10 , and how to disable the warning.
Indicators of Compromise (4)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
hash_sha256
6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d
VT 38 / 75
IOC database
- Type
- hash_sha256
- Value
6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- Unknown
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 38 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887722 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.bc89f999 |
| alibabacloud | malicious | Trojan[downloader]:Win/Yomal.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win64.Agent |
| Arcabit | malicious | Trojan.Generic.D4C76C11 |
| Avira | malicious | TR/W64.Agent |
| BitDefender | malicious | Trojan.GenericKD.80178193 |
| Bkav | malicious | W32.Malware.EDBA006C |
| CAT-QuickHeal | malicious | Backdoor.Win64 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.generic |
| Cylance | malicious | Unsafe |
| Cynet | malicious | Malicious (score: 100) |
| DeepInstinct | malicious | MALICIOUS |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178193 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| GData | malicious | Trojan.GenericKD.80178193 |
| huorong | malicious | Trojan/Generic!7540411227B27C5B |
| K7AntiVirus | malicious | Trojan-Downloader ( 005e40721 ) |
| K7GW | malicious | Trojan-Downloader ( 005e40721 ) |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!6B33D2019626 |
| Microsoft | malicious | Trojan:Win32/Yomal!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178193 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Sangfor | malicious | Downloader.Win64.Remotepe.Vc67 |
| Sophos | malicious | Mal/Generic-S |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ckjl |
| TrendMicro | malicious | Trojan.Win32.ZYX.USBLEO26 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEO26 |
| Varist | malicious | W64/ABmRisk.SXTX-8597 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178193 |
| ViRobot | malicious | Trojan.Win.S.Downloader.553030 |
Details From VirusTotal
Basic Properties
| MD5 | ac468b5536a0b3f8c6b88968a7f3761f |
| SHA-1 | 111904fcc3e2f0fba7b24913a8f54d2b3fd9de06 |
| SHA-256 | 6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d |
| VHash | 155066655d15551550b3z22z79hz1035zaaz1 |
| SSDEEP | 12288:c9UtuqMzrKMjkQm/WqTYSN5Bfs2qT+Q6oNH:E4udPVjkQG5TLH0Tj6m |
| TLSH | T1FDC45B0AB6B513F5D4BAC0388993652FF97278A603709BDB53D09A5B1F23BE4653E340 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 540.1 KB |
History
| Creation date | 2023-10-17 02:48 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-25 05:35 UTC |
| Last analysis | 2026-06-10 11:02 UTC |
| Last modified on VirusTotal | 2026-06-10 13:09 UTC |
Known Names
remotepe_2023-10-17_6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.bintc2px.dll6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.exetc2px.exe
hash_sha1
111904fcc3e2f0fba7b24913a8f54d2b3fd9de06
VT 38 / 75
IOC database
- Type
- hash_sha1
- Value
111904fcc3e2f0fba7b24913a8f54d2b3fd9de06- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- SHA1 of 6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 38 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887722 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.bc89f999 |
| alibabacloud | malicious | Trojan[downloader]:Win/Yomal.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win64.Agent |
| Arcabit | malicious | Trojan.Generic.D4C76C11 |
| Avira | malicious | TR/W64.Agent |
| BitDefender | malicious | Trojan.GenericKD.80178193 |
| Bkav | malicious | W32.Malware.EDBA006C |
| CAT-QuickHeal | malicious | Backdoor.Win64 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.generic |
| Cylance | malicious | Unsafe |
| Cynet | malicious | Malicious (score: 100) |
| DeepInstinct | malicious | MALICIOUS |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178193 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| GData | malicious | Trojan.GenericKD.80178193 |
| huorong | malicious | Trojan/Generic!7540411227B27C5B |
| K7AntiVirus | malicious | Trojan-Downloader ( 005e40721 ) |
| K7GW | malicious | Trojan-Downloader ( 005e40721 ) |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!6B33D2019626 |
| Microsoft | malicious | Trojan:Win32/Yomal!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178193 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Sangfor | malicious | Downloader.Win64.Remotepe.Vc67 |
| Sophos | malicious | Mal/Generic-S |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ckjl |
| TrendMicro | malicious | Trojan.Win32.ZYX.USBLEO26 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEO26 |
| Varist | malicious | W64/ABmRisk.SXTX-8597 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178193 |
| ViRobot | malicious | Trojan.Win.S.Downloader.553030 |
Details From VirusTotal
Basic Properties
| MD5 | ac468b5536a0b3f8c6b88968a7f3761f |
| SHA-1 | 111904fcc3e2f0fba7b24913a8f54d2b3fd9de06 |
| SHA-256 | 6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d |
| VHash | 155066655d15551550b3z22z79hz1035zaaz1 |
| SSDEEP | 12288:c9UtuqMzrKMjkQm/WqTYSN5Bfs2qT+Q6oNH:E4udPVjkQG5TLH0Tj6m |
| TLSH | T1FDC45B0AB6B513F5D4BAC0388993652FF97278A603709BDB53D09A5B1F23BE4653E340 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 540.1 KB |
History
| Creation date | 2023-10-17 02:48 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-25 05:35 UTC |
| Last analysis | 2026-06-10 11:02 UTC |
| Last modified on VirusTotal | 2026-06-10 13:09 UTC |
Known Names
remotepe_2023-10-17_6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.bintc2px.dll6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.exetc2px.exe
hash_md5
ac468b5536a0b3f8c6b88968a7f3761f
VT 38 / 75
IOC database
- Type
- hash_md5
- Value
ac468b5536a0b3f8c6b88968a7f3761f- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- MD5 of 6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 38 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887722 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.bc89f999 |
| alibabacloud | malicious | Trojan[downloader]:Win/Yomal.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win64.Agent |
| Arcabit | malicious | Trojan.Generic.D4C76C11 |
| Avira | malicious | TR/W64.Agent |
| BitDefender | malicious | Trojan.GenericKD.80178193 |
| Bkav | malicious | W32.Malware.EDBA006C |
| CAT-QuickHeal | malicious | Backdoor.Win64 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.generic |
| Cylance | malicious | Unsafe |
| Cynet | malicious | Malicious (score: 100) |
| DeepInstinct | malicious | MALICIOUS |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178193 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| GData | malicious | Trojan.GenericKD.80178193 |
| huorong | malicious | Trojan/Generic!7540411227B27C5B |
| K7AntiVirus | malicious | Trojan-Downloader ( 005e40721 ) |
| K7GW | malicious | Trojan-Downloader ( 005e40721 ) |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!6B33D2019626 |
| Microsoft | malicious | Trojan:Win32/Yomal!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178193 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Sangfor | malicious | Downloader.Win64.Remotepe.Vc67 |
| Sophos | malicious | Mal/Generic-S |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ckjl |
| TrendMicro | malicious | Trojan.Win32.ZYX.USBLEO26 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEO26 |
| Varist | malicious | W64/ABmRisk.SXTX-8597 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178193 |
| ViRobot | malicious | Trojan.Win.S.Downloader.553030 |
Details From VirusTotal
Basic Properties
| MD5 | ac468b5536a0b3f8c6b88968a7f3761f |
| SHA-1 | 111904fcc3e2f0fba7b24913a8f54d2b3fd9de06 |
| SHA-256 | 6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d |
| VHash | 155066655d15551550b3z22z79hz1035zaaz1 |
| SSDEEP | 12288:c9UtuqMzrKMjkQm/WqTYSN5Bfs2qT+Q6oNH:E4udPVjkQG5TLH0Tj6m |
| TLSH | T1FDC45B0AB6B513F5D4BAC0388993652FF97278A603709BDB53D09A5B1F23BE4653E340 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 540.1 KB |
History
| Creation date | 2023-10-17 02:48 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-25 05:35 UTC |
| Last analysis | 2026-06-10 11:02 UTC |
| Last modified on VirusTotal | 2026-06-10 13:09 UTC |
Known Names
remotepe_2023-10-17_6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.bintc2px.dll6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8d.exetc2px.exe
hash_imphash
7d1603f1c5c7a1b38e8dd1babbb4c032
IOC database
- Type
- hash_imphash
- Value
7d1603f1c5c7a1b38e8dd1babbb4c032- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
References (1)
-
MalwareBazaar sample page
Abuse.ch
File type: exe. Size: 553030 bytes. Tags: exe, Lazarus, RemotePE. Reporter: foxit_srt. First seen: 2026-05-22 15:48:43.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.