MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 23 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e
SHA3-384 hash: ab20674a432ca178e1e4010f0b5c06e0dc0b0f4dac8e3af0d37fdc98e091347e7be39a0abd5e929444aba11686aeeda1
SHA1 hash: c64b3f44013b73c630d1023d262155f9928eb9b0
MD5 hash: 6bbad86913af193dd94cdf9ad18c092d
humanhash: pip-violet-mockingbird-low
File name:antic.zip
Download: download sample
File size:9'551'342 bytes
First seen:2026-03-23 07:27:26 UTC
Last seen:2026-03-23 07:48:18 UTC
File type: zip
MIME type:application/zip
ssdeep 196608:w9bD5+uWL63x+mb2ZYYL+IPVmzOcLqnDXBLmWUYQrpyhGpDHC0dzBGSc96PZ8ms:WML63Mmb21ChOnn7FUNyhGprLz0wh8/
TLSH T196A633E0F1846FC1E121C83153F490A5EADE1CA6B0D3ECB678131B9E6593AF3A79E445
Magika zip
Reporter JAMESWT_WT
Tags:verification-google zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
44
Origin country :
IT IT
File Archive Information

This file archive contains 19 file(s), sorted by their relevance:

File name:vcruntime140_1.dll
File size:49'776 bytes
SHA256 hash: 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
MD5 hash: c0c0b4c611561f94798b62eb43097722
MIME type:application/x-dosexec
File name:_asyncio.pyd
File size:78'680 bytes
SHA256 hash: 0f42466dc4974071a14a6e79257fcd5b3b09b6f826f2ed3a5f18e7f50c267ea0
MD5 hash: 4a46772e8a5da74f7c7243757c3bf880
MIME type:application/x-dosexec
File name:_ctypes.pyd
File size:143'192 bytes
SHA256 hash: 3d96bd2fcceac4b94aa4c39a2c28117b67fdef2efb85e8c70153a42232a993f3
MD5 hash: 4c2b30ea5dde6369c5e2f757ca4a42c1
MIME type:application/x-dosexec
File name:_queue.pyd
File size:36'696 bytes
SHA256 hash: 8175bc5ba1d0a593972ddfee43df20c43f8a31a5002d7b9a4709ca3eafd7e9d7
MD5 hash: 14c76669397f108de22e12f6b1cde2c8
MIME type:application/x-dosexec
File name:_hashlib.pyd
File size:71'512 bytes
SHA256 hash: 26e11f41bf2197c007ccb57dc98d939dd409c0c3d8de77b31e19943f772ee8f8
MD5 hash: cbaeac105368d515a4d1a6940dfbb1da
MIME type:application/x-dosexec
File name:libffi-8.dll
File size:39'696 bytes
SHA256 hash: eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
MD5 hash: 0f8e4992ca92baaf54cc0b43aaccce21
MIME type:application/x-dosexec
File name:python3.dll
File size:75'096 bytes
SHA256 hash: 482b1c87a8bdd8770ec81f4b0e236de21b5cf3d45a549dc0b051b09732a99dbe
MD5 hash: f1c0a4a859622f79c0fa559196b3e693
MIME type:application/x-dosexec
File name:_multiprocessing.pyd
File size:38'744 bytes
SHA256 hash: a978a37b0ea079253cc7768d2418510c4c6841a8c3349219d159864ce0d09dd1
MD5 hash: 3187801d7f0b2cbb831b75d763592794
MIME type:application/x-dosexec
File name:vcruntime140.dll
File size:120'400 bytes
SHA256 hash: 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
MD5 hash: 32da96115c9d783a0769312c0482a62d
MIME type:application/x-dosexec
File name:_overlapped.pyd
File size:58'200 bytes
SHA256 hash: 0ad47d7781743749a70d628deb38b2bfece3befb5b5c62ed1efdbe25a9fe4cef
MD5 hash: 53fe605e5b27c4a8d882fa3602ca33a8
MIME type:application/x-dosexec
File name:sqlite3.dll
File size:1'584'984 bytes
SHA256 hash: 87c6b978c344588a467f85b90cc8b08a43f85af0fba63f7e8b2acb020ea32624
MD5 hash: dd46150db2866c834c57ef43c3d73ad2
MIME type:application/x-dosexec
File name:select.pyd
File size:33'624 bytes
SHA256 hash: 65d39f525db6a75c16b2b964db3980b9ba7ec6516fd1fcfd837b11e5c6dec58f
MD5 hash: 05ec06c185b17804418ccc3499dabe60
MIME type:application/x-dosexec
File name:python315.dll
File size:7'210'840 bytes
SHA256 hash: 46d30acdb729ca35aefeac6e5ab5e00cf8c2ec823e922e8aebe82a412e832336
MD5 hash: 1d42f83fa0e0d4b7fa3b1373106e20ad
MIME type:application/x-dosexec
File name:python.cat
File size:614'070 bytes
SHA256 hash: 8e433df6ab86d23d5b7d60e175f9242e3c780db2371c92f56ecc8e2eaa7ccc9b
MD5 hash: 27f7d8bde8f8b77d180e63d04398357e
MIME type:application/octet-stream
File name:NVDisplay.Container.exe
File size:104'792 bytes
SHA256 hash: b35f09b876edb18695347860f79acddc68993f711274556156769476cd05ae8a
MD5 hash: e961458d3d879ad7f1f19c99962045a7
MIME type:application/x-dosexec
File name:unicodedata.pyd
File size:771'416 bytes
SHA256 hash: ab9887db8cc2bf76a91e7e17bc59b94a6771c6c4e7223142f352006d8131f9d7
MD5 hash: 574e55857a21fe3a4a4afb2edab6ca47
MIME type:application/x-dosexec
File name:python315._pth
File size:80 bytes
SHA256 hash: c7f3432f90e8f04c78ff2cef76cf51e50a13ed922f0bcc63fa34aa4decc5770c
MD5 hash: 226b7a3e899ba566037018eca15b58f4
MIME type:text/x-objective-c
File name:node_modules.asar
File size:400'445 bytes
SHA256 hash: fd60803e682633e684bb2446ba4dd8a036211e13672088547020ca48af48a5d4
MD5 hash: 029b8fa8754ae9cc0cf108a461925730
MIME type:text/plain
File name:python315.zip
File size:4'655'786 bytes
SHA256 hash: 0e029c316b6bc7931064a1b5dd2f18213a0581bf447fffbbf687e6cca573aa21
MD5 hash: d6e54e53978b3d55671595687d974681
MIME type:application/zip
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/2cbb9098-3e8f-42b2-b937-4f35c5acfcb2/
Detection(s):
SecuriteInfo.com.Other.Malware-gen.76546817.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694c90fc038f10550b556a84
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
9%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout SVG Zip Archive
Link:
https://app.malva.re/file/6bbad86913af193dd94cdf9ad18c092d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajl5olxrqwtndb3qwuqm745sapsc7u4avkajxoiuurfcqilypoha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260323-kql9wsez9v/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 0257d72ef185a6d18770b520cff3b203e42fd380aa809bb914a44a2821787b8e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3802658/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3802905/

Comments