MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 8 File information Comments

SHA256 hash:	0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf
SHA3-384 hash:	7599b1961a427166f0f90a527777ea18d197b3a3b2884b8a3d10358b9030d4481a2a65088fa7a0b420f223abbfed6703
SHA1 hash:	ea898bbfcd3625d9309f5fcb7f06fc6116142ee5
MD5 hash:	b382937056e66ab9ca0d08bf3d48d497
humanhash:	october-aspen-nineteen-colorado
File name:	SecuriteInfo.com.W32.PossibleThreat.16526.8438
Download:	download sample
File size:	3'708'416 bytes
First seen:	2026-01-28 17:25:54 UTC
Last seen:	2026-01-28 18:26:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6ed4f5f04d62b18d96b26d6db7c18840 (332 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep	98304:M5o28P5n/zFNUw0LH/7r/ug7EJETZ6vGhfrWcZvri1Nrl6uvtBxt:4oLl/pMXn75UncRgBt
TLSH	T1260633DA9489E690E6916850930DF1E4168EB936BB7530225C2FCFE4CA354C2FFE1E17
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	3'708'416 bytes
File size (de-compressed) :	6'695'424 bytes
Format:	win64/pe
Unpacked file:	0dc060ea6df303806ac9c9cf07af10b82dd19e8cfc0b1a8f05974a42dec769c6

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

PEPacker

Details

PEPacker

a UPX version number and an unpacked binary

Link:

https://research.acce.ciphertechsolutions.com/results/a3ffd612-981c-4bf1-89b3-8df015e1e387/

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.W32.PossibleThreat.16526.8438

Verdict:

No threats detected

Analysis date:

2026-01-28 17:26:30 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/699496db-3a54-4cca-bf3d-c92d7f8160bb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Gathering data

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=697a46ca6fa3eed1652ff69f

Tags:

virus agent

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm crypto packed packed packed packed upx

Link:

https://www.filescan.io/uploads/697a46bd4156786ccbdd565b/reports/76cee96a-7415-4940-b824-fb2f3e685e64/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf

Result

Gathering data

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-01-26T14:20:00Z UTC

Last seen:

2026-01-27T21:45:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/cf79b6c3-e013-4ef4-8952-d85485b850ba

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=b7equasnto4qbo2dvnlhzk7tfxx5j45wcb7zigl3vk3lfii6767q._file

Result

Malware family:

n/a

Score:

5/10

Tags:

upx

Link:

https://tria.ge/reports/260128-vz2faagw6f/

Behaviour

UPX packed file

Unpacked files

SH256 hash:

0fc90a024d9bb900bb43ab567cabf32defd4f3b6107f94197baab6b2a11effbf

MD5 hash:

b382937056e66ab9ca0d08bf3d48d497

SHA1 hash:

ea898bbfcd3625d9309f5fcb7f06fc6116142ee5

Link:

https://www.unpac.me/results/b81decfe-de0a-406f-b0b9-392ae5b4a426/

SH256 hash:

0dc060ea6df303806ac9c9cf07af10b82dd19e8cfc0b1a8f05974a42dec769c6

MD5 hash:

79f0b1a35a16d63393cbb91a28986616

SHA1 hash:

85140ae140b140cf8ce768f3f01a1e6a0dd7bd5b

Link:

https://www.unpac.me/results/b81decfe-de0a-406f-b0b9-392ae5b4a426/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	GoBinTest Create hunting rule

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)

Rule name:	suspicious_PEs Create hunting rule
Author:	txc
Description:	This rule detected suspicious PE files, based on high entropy and low amount of imported DLLs. This behaviour indicates packed files or files, that hide their true intention.