MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01
SHA3-384 hash: ce6ad29287b9811fb85bdbe5f200859b7d904e0a810fa16972d75ff3e850609d6887b09862b37c7e783f802997bbae0e
SHA1 hash: 8e65b41dc6b1c03ce3f9c9dd6c3f2dc44af53a43
MD5 hash: 36f265dabe69ae16e7baf0c15aa86dd2
humanhash: lion-freddie-kansas-steak
File name:vulkan-1.dll
Download: download sample
File size:2'068'480 bytes
First seen:2026-03-17 13:35:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 29c86155b7f374a2b4d1f9acaa0ac0f8
ssdeep 24576:RGxqtce4fGAfI7EYkDEUtKJJHHmgE5VwRiapRJIYDlvjwQUYrpJ:EqtX4Vg7tMtKJNWVwHGypcQUSJ
TLSH T167A53A14AABA0068D437FF743DED98A9DDA73D151710559B12D00B4BAE23AC0DE3BA3D
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:43-160-214-122 exe xvozxer-icu

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
IT IT
Vendor Threat Intelligence
Malware configuration found for:
ValleyFall
Details
Link:
https://research.acce.ciphertechsolutions.com/results/63321753-0413-4280-b275-7291bb8378d3/
Malware family:
n/a
ID:
1
File name:
vulkan-1.dll
Verdict:
No threats detected
Analysis date:
2026-03-17 13:38:16 UTC
Tags:
evasion
Link:
https://app.any.run/tasks/e02a08b8-0498-425c-8b1c-654a8225c0e8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
WinosStager
Create hunting rule
Link:
https://www.capesandbox.com/analysis/57731/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b958d188c80c01586b209c
Tags:
dropper virus hype
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm base64 cmd evasive evasive exploit explorer fingerprint lolbin masquerade microsoft_visual_cc mikey redcap uacme
Link:
https://www.filescan.io/uploads/69b958cd2000fc76c3e59f90/reports/339d14a5-11da-485e-bc1c-8272984ca746/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01
Verdict:
Malicious
File Type:
dll x64
Detections:
Trojan.Win32.Inject.sb HEUR:HackTool.Win64.UACme.gen
Link:
https://opentip.kaspersky.com/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01/results?tab=lookup
Malware family:
UACMe
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/da871aa4-93ef-4d11-bb84-4cf55989c4c4
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/36f265dabe69ae16e7baf0c15aa86dd2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01/
Verdict:
Malicious
Threat:
Trojan.Win32.Inject
Link:
https://tip.neiki.dev/file/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01
Threat name:
Win64.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2026-03-10 08:29:45 UTC
File Type:
PE+ (Dll)
Extracted files:
33
AV detection:
22 of 36 (61.11%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3sr5np4qudflxjf7expio5wdfuewjtkpnlyflvmo5m6fclbluaq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/260317-qwckjabz2n/
Behaviour
Looks up external IP address via web service
Badlisted process makes network request
Unpacked files
SH256 hash:
1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01
MD5 hash:
36f265dabe69ae16e7baf0c15aa86dd2
SHA1 hash:
8e65b41dc6b1c03ce3f9c9dd6c3f2dc44af53a43
Link:
https://www.unpac.me/results/c4f17e5c-5684-4d36-b689-b1857adfdc59/
SH256 hash:
3e165066e328c17d2062434876a25c022101fde49bc4388542cb6a707fb706e2
MD5 hash:
dae25d48e95d59d2fefe0d0fa5e1c946
SHA1 hash:
3407c516aecb06fc272a8cc479f5fb868543fad2
Link:
https://www.unpac.me/results/c4f17e5c-5684-4d36-b689-b1857adfdc59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:WinosStager
Create hunting rule
Author:YungBinary
Description:https://www.esentire.com/blog/winos4-0-online-module-staging-component-used-in-cleversoar-campaign

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57731/

Comments