MB-62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119
high
📛 Threat Title
Unknown: remotepe_2024-04-18_62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.bin
Description
File type: exe. Size: 531456 bytes. Tags: exe, Lazarus, RemotePE. Reporter: foxit_srt. First seen: 2026-05-22 15:48:33.
Remediations (9)
-
web:4sysops.com
The April 2026 Patch Tuesday updates add anti-phishing protection to the Windows Remote Desktop client (mstsc.exe). The change — assigned CVE-2026-26151 — means that opening an .rdp file now triggers a security dialog that lists all requested resource-sharing settings, each disabled by default. Files without a verifiable publisher show a red "Caution: Unknown remote connection" banner. The ...
-
web:askubuntu.com
9 Update: Kernel 6.8.-117.117 is released now and features a kernel-level fix for CVE-2026-31431. While the website may be down, the security email list continues to work apparently and they have emailed about a mitigation there in an email from 30. 04 .2026 18:06 CET. The issue should be mitigated for now thanks to USN-8226-1 and USN-8226-2.
-
web:gemini.google.com
Get assistance with writing, planning, learning, and more from Google AI.
-
web:isgovern.com
At times you will find that some applications and/or services are not configured correctly, and when performing a vulnerability scan on your machine you may see a vulnerability listed as "Microsoft Windows Unquoted Service Path". This can also pop up if you are going for a Cyber Essentials Plus certification. So what does this vulnerability
-
web:ubuntu.com
A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated cryptographic functions: algif_aead. The vulnerab […]
-
web:woshub.com
The Encryption Oracle Remediation policy provides 3 levels of mitigation for the CredSSP vulnerability: Force Updated Clients - the most secure mode, which blocks vulnerable computer connections. If this option is enabled on the RDP host, it will block RDP connections from client computers with a vulnerable version of CredSSP.
-
web:www.fortiguard.com
1- For FortiManager versions 7.0.12 or above, 7.2.5 or above, 7.4.3 or above (but not 7.6.0), prevent unknown devices to attempt to register: config system global (global)# set fgfm-deny- unknown enable (global)# end Note: This is the only workaround recommended for use in FortiManager Cloud.
-
web:www.kodemsecurity.com
CVE-2026-31431, the Copy Fail Linux kernel LPE, lets authenticated users gain root. See affected kernels, exploit details, IOCs and patches.
-
web:www.microsoft.com
A high-severity Linux vulnerability, "Copy Fail" (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working exploit already in the wild, organizations should act quickly to detect, mitigate, and reduce risk.
Indicators of Compromise (4)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
hash_sha256
62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119
VT 43 / 75
IOC database
- Type
- hash_sha256
- Value
62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- Unknown
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 43 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887706 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.d74f8504 |
| alibabacloud | malicious | Trojan[downloader]:Win/Qwexlafiba.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win32.GenericML |
| Arcabit | malicious | Trojan.Generic.D4C76C0E |
| Avast | malicious | Win64:MalwareX-gen [Drp] |
| AVG | malicious | Win64:MalwareX-gen [Drp] |
| Avira | malicious | DR/W64.MalwareX |
| BitDefender | malicious | Trojan.GenericKD.80178190 |
| Bkav | malicious | W32.Malware.CC2D6A98 |
| CAT-QuickHeal | malicious | Backdoor.Win64 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.malwarex |
| Cynet | malicious | Malicious (score: 100) |
| DrWeb | malicious | BackDoor.Siggen2.5914 |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178190 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| F-Secure | malicious | Dropper.DR/W64.MalwareX |
| Fortinet | malicious | W64/Agent.DCJ!tr.dldr |
| GData | malicious | Trojan.GenericKD.80178190 |
| malicious | Detected |
|
| huorong | malicious | Trojan/Generic!70CB14F52C2BBF5D |
| Kaspersky | malicious | HEUR:Backdoor.Win64.RemotePE.gen |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!62E040A32AAC |
| Microsoft | malicious | Trojan:Win32/Qwexlafiba!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178190 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Rising | malicious | Backdoor.RemotePE!8.1DDB2 (KTSE) |
| Sangfor | malicious | Backdoor.Win64.Remotepe.Vi8p |
| Sophos | malicious | Mal/Generic-S |
| Symantec | malicious | Trojan.Gen.MBT |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ogil |
| TrellixENS | malicious | Artemis!6F15A1F78380 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEP26 |
| Varist | malicious | W64/ABTrojan.VQNM-7985 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178190 |
| ViRobot | malicious | Trojan.Win.S.NukeSped.531456 |
Details From VirusTotal
Basic Properties
| MD5 | 6f15a1f78380d204f7f2369749c72b4b |
| SHA-1 | d32753d7dac47032f96542d6120f101a5cadbb39 |
| SHA-256 | 62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119 |
| VHash | 155066655d15551550b3z42z7ajz35zabz |
| SSDEEP | 6144:gR+A5YeWdGy+QxzmG5uvYjbjtiOdLwrqVXgz+fvW6y4QY1lzuwasW4xGu2aiTB0U:8KwgjbQqVXgaXW6y4Qqfs4NiTmQNpoe |
| TLSH | T13AB44A4AB6B513F5D4BAD1388993652FFAB178A203709BCB53D0465B1F23BE0A53E740 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 519.0 KB |
History
| Creation date | 2024-04-18 06:32 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-23 15:35 UTC |
| Last analysis | 2026-06-12 06:02 UTC |
| Last modified on VirusTotal | 2026-06-12 08:08 UTC |
Known Names
remotepe_2024-04-18_62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.bin62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.exedjo31.exe
hash_sha1
d32753d7dac47032f96542d6120f101a5cadbb39
VT 45 / 75
IOC database
- Type
- hash_sha1
- Value
d32753d7dac47032f96542d6120f101a5cadbb39- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- SHA1 of 62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 45 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887706 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.d74f8504 |
| alibabacloud | malicious | Trojan[downloader]:Win/Qwexlafiba.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win32.GenericML |
| Arcabit | malicious | Trojan.Generic.D4C76C0E |
| Avast | malicious | Win64:MalwareX-gen [Drp] |
| AVG | malicious | Win64:MalwareX-gen [Drp] |
| Avira | malicious | DR/W64.MalwareX |
| BitDefender | malicious | Trojan.GenericKD.80178190 |
| Bkav | malicious | W32.Malware.CC2D6A98 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.malwarex |
| Cynet | malicious | Malicious (score: 100) |
| DeepInstinct | malicious | MALICIOUS |
| DrWeb | malicious | BackDoor.Siggen2.5914 |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178190 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| F-Secure | malicious | Dropper.DR/W64.MalwareX |
| Fortinet | malicious | W64/Agent.DCJ!tr.dldr |
| GData | malicious | Trojan.GenericKD.80178190 |
| malicious | Detected |
|
| huorong | malicious | Trojan/Generic!70CB14F52C2BBF5D |
| Kaspersky | malicious | HEUR:Backdoor.Win64.RemotePE.gen |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!62E040A32AAC |
| Microsoft | malicious | Trojan:Win32/Qwexlafiba!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178190 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Rising | malicious | Backdoor.RemotePE!8.1DDB2 (KTSE) |
| Sangfor | malicious | Backdoor.Win64.Remotepe.Vl6s |
| Skyhigh | malicious | BehavesLike.Win64.Dropper.hh |
| Sophos | malicious | Mal/Generic-S |
| Symantec | malicious | Trojan.Gen.MBT |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ogil |
| TrellixENS | malicious | Artemis!6F15A1F78380 |
| TrendMicro | malicious | Trojan.Win32.ZYX.USBLEP26 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEP26 |
| Varist | malicious | W64/ABTrojan.VQNM-7985 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178190 |
| ViRobot | malicious | Trojan.Win.S.NukeSped.531456 |
Details From VirusTotal
Basic Properties
| MD5 | 6f15a1f78380d204f7f2369749c72b4b |
| SHA-1 | d32753d7dac47032f96542d6120f101a5cadbb39 |
| SHA-256 | 62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119 |
| VHash | 155066655d15551550b3z42z7ajz35zabz |
| SSDEEP | 6144:gR+A5YeWdGy+QxzmG5uvYjbjtiOdLwrqVXgz+fvW6y4QY1lzuwasW4xGu2aiTB0U:8KwgjbQqVXgaXW6y4Qqfs4NiTmQNpoe |
| TLSH | T13AB44A4AB6B513F5D4BAD1388993652FFAB178A203709BCB53D0465B1F23BE0A53E740 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 519.0 KB |
History
| Creation date | 2024-04-18 06:32 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-23 15:35 UTC |
| Last analysis | 2026-06-10 11:02 UTC |
| Last modified on VirusTotal | 2026-06-10 13:07 UTC |
Known Names
remotepe_2024-04-18_62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.bin62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.exedjo31.exe
hash_md5
6f15a1f78380d204f7f2369749c72b4b
VT 43 / 75
IOC database
- Type
- hash_md5
- Value
6f15a1f78380d204f7f2369749c72b4b- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
- Description
- MD5 of 62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 43 of 75 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| AhnLab-V3 | malicious | Malware/Win.Generic.C5887706 |
| Alibaba | malicious | Backdoor:Win64/MalwareX.d74f8504 |
| alibabacloud | malicious | Trojan[downloader]:Win/Qwexlafiba.Gen |
| ALYac | malicious | Backdoor.Agent.status |
| Antiy-AVL | malicious | Trojan/Win32.GenericML |
| Arcabit | malicious | Trojan.Generic.D4C76C0E |
| Avast | malicious | Win64:MalwareX-gen [Drp] |
| AVG | malicious | Win64:MalwareX-gen [Drp] |
| Avira | malicious | DR/W64.MalwareX |
| BitDefender | malicious | Trojan.GenericKD.80178190 |
| Bkav | malicious | W32.Malware.CC2D6A98 |
| CAT-QuickHeal | malicious | Backdoor.Win64 |
| CrowdStrike | malicious | win/malicious_confidence_100% (W) |
| CTX | malicious | dll.trojan.malwarex |
| Cynet | malicious | Malicious (score: 100) |
| DrWeb | malicious | BackDoor.Siggen2.5914 |
| Elastic | malicious | malicious (high confidence) |
| Emsisoft | malicious | Trojan.GenericKD.80178190 (B) |
| ESET-NOD32 | malicious | Win64/TrojanDownloader.Agent.DCJ trojan |
| F-Secure | malicious | Dropper.DR/W64.MalwareX |
| Fortinet | malicious | W64/Agent.DCJ!tr.dldr |
| GData | malicious | Trojan.GenericKD.80178190 |
| malicious | Detected |
|
| huorong | malicious | Trojan/Generic!70CB14F52C2BBF5D |
| Kaspersky | malicious | HEUR:Backdoor.Win64.RemotePE.gen |
| Lionic | malicious | Trojan.Win32.RemotePE.m!c |
| Malwarebytes | malicious | Trojan.Downloader |
| McAfeeD | malicious | ti!62E040A32AAC |
| Microsoft | malicious | Trojan:Win32/Qwexlafiba!rfn |
| MicroWorld-eScan | malicious | Trojan.GenericKD.80178190 |
| Paloalto | malicious | generic.ml |
| Panda | malicious | Trj/PhxBzA.A |
| Rising | malicious | Backdoor.RemotePE!8.1DDB2 (KTSE) |
| Sangfor | malicious | Backdoor.Win64.Remotepe.Vi8p |
| Sophos | malicious | Mal/Generic-S |
| Symantec | malicious | Trojan.Gen.MBT |
| Tencent | malicious | Win64.Trojan-Downloader.Oader.Ogil |
| TrellixENS | malicious | Artemis!6F15A1F78380 |
| TrendMicro-HouseCall | malicious | Trojan.Win32.ZYX.USBLEP26 |
| Varist | malicious | W64/ABTrojan.VQNM-7985 |
| VBA32 | malicious | Trojan.Win64.NukeSpeed |
| VIPRE | malicious | Trojan.GenericKD.80178190 |
| ViRobot | malicious | Trojan.Win.S.NukeSped.531456 |
Details From VirusTotal
Basic Properties
| MD5 | 6f15a1f78380d204f7f2369749c72b4b |
| SHA-1 | d32753d7dac47032f96542d6120f101a5cadbb39 |
| SHA-256 | 62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119 |
| VHash | 155066655d15551550b3z42z7ajz35zabz |
| SSDEEP | 6144:gR+A5YeWdGy+QxzmG5uvYjbjtiOdLwrqVXgz+fvW6y4QY1lzuwasW4xGu2aiTB0U:8KwgjbQqVXgaXW6y4Qqfs4NiTmQNpoe |
| TLSH | T13AB44A4AB6B513F5D4BAD1388993652FFAB178A203709BCB53D0465B1F23BE0A53E740 |
| File type | Win32 DLL |
| File type tag | pedll |
| File extension | dll |
| Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| File size | 519.0 KB |
History
| Creation date | 2024-04-18 06:32 UTC |
| First seen on VirusTotal | 2026-05-22 15:07 UTC |
| Last submission | 2026-05-23 15:35 UTC |
| Last analysis | 2026-06-12 06:02 UTC |
| Last modified on VirusTotal | 2026-06-12 08:08 UTC |
Known Names
remotepe_2024-04-18_62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.bin62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119.exedjo31.exe
hash_imphash
3782d1d7433649d874912748e12d55d5
IOC database
- Type
- hash_imphash
- Value
3782d1d7433649d874912748e12d55d5- First seen
- Last seen
- Attached to this threat
- Appears in
- 2 threats
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
References (1)
-
MalwareBazaar sample page
Abuse.ch
File type: exe. Size: 531456 bytes. Tags: exe, Lazarus, RemotePE. Reporter: foxit_srt. First seen: 2026-05-22 15:48:33.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.