MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e
SHA3-384 hash:	d9caf4e6e3dc769781b32232f3025931d1b5f823c5aaab25adf48d46c623ed20ce2f6cdf7f213a2cce5cd7d7eb646ff4
SHA1 hash:	0ccbdd558718a73b0d6ee8d8998bdf40a3e9ee07
MD5 hash:	4f39fca6637a52d5f45645df98c4fe01
humanhash:	triple-island-skylark-hawaii
File name:	SecuriteInfo.com.Generic.Dacic.6942.7EACD5EA.27362.5938
Download:	download sample
File size:	29'696 bytes
First seen:	2025-12-20 12:50:02 UTC
Last seen:	2025-12-20 13:18:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4b2df774f65211b4962a056c4da67248
ssdeep	768:z+uWeNQNy6kbHpJ22tbkWwTgl3498RZFnZL0b5bs5QIm:zfQNy6Rsh3C8JnZg9bsWIm
TLSH	T1E4D2DF676B741ACCF0738B34D4C80779EAA8B8794EEEC35C574872D42CB62A58C38B11
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	29'696 bytes
File size (de-compressed) :	61'440 bytes
Format:	win64/pe
Unpacked file:	de3530eb287da742c18647daea76dea7b09fa66cf771d2aab7aa550445545c72

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

PEPacker

Details

PEPacker

a UPX version number and an unpacked binary

Link:

https://research.acce.ciphertechsolutions.com/results/2a53d2ce-f514-4fa4-b69c-486822cbd5c1/

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Generic.Dacic.6942.7EACD5EA.27362.5938

Verdict:

Suspicious activity

Analysis date:

2025-12-20 13:01:35 UTC

Tags:

auto-startup upx

Link:

https://app.any.run/tasks/dce70829-0e4b-4652-8e21-7eba8a11aa51

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45579/

Detection(s):

SecuriteInfo.com.Generic.Dacic.6942.7EACD5EA.27362.5938.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69469b92ee899ae4567f1a0a

Tags:

backdoor autorun botnet

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug crypto packed packed packed upx

Link:

https://www.filescan.io/uploads/69469b9484afa5547b5b074a/reports/f7445c4b-21ad-424f-8d91-14c45bba3598/overview

Verdict:

Malicious

Labled as:

Dacic.6942.Generic

Link:

https://www.hybrid-analysis.com/sample/a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-20T09:06:00Z UTC

Last seen:

2025-12-22T10:21:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0230ee62-98e3-4cd2-ab1d-9c5a00cfb1ba

Score:

89%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/4f39fca6637a52d5f45645df98c4fe01

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e/

Threat name:

Win64.Trojan.Dacic

Status:

Malicious

First seen:

2025-12-20 12:50:29 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ugh7vcqv6y6wdj3bf3mwlnyss22652ffccqcksmp7wu23f7vieha._file

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/251223-nwfk3swldy/

Behaviour

UPX packed file

Drops startup file

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2075bccb-d052-4545-a136-5bd297a8fd5a

Unpacked files

SH256 hash:

a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e

MD5 hash:

4f39fca6637a52d5f45645df98c4fe01

SHA1 hash:

0ccbdd558718a73b0d6ee8d8998bdf40a3e9ee07

Link:

https://www.unpac.me/results/17b0edda-4b71-44a7-83a8-1882c87f94bb/

SH256 hash:

de3530eb287da742c18647daea76dea7b09fa66cf771d2aab7aa550445545c72

MD5 hash:

c9493389ae0b2425128f1e39e6c8727f

SHA1 hash:

2d72b85247707791ba86d90d26d35098e4cbe2e0

Link:

https://www.unpac.me/results/17b0edda-4b71-44a7-83a8-1882c87f94bb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.56

Link:

https://yomi.yoroi.company/submissions/a18ffa8a15f63d61a7612ed965b71296b5eee8a510a025498ffda9ad97f5410e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.