MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70
SHA3-384 hash: 6d3995d74d935446dc9bfef4c669aca3ae0cc0815ea56df49b48959fdae57073e222dadc53ee2093cdd62737487df7f2
SHA1 hash: 2cbb5ea98ebc97a048f9c9d188b303be6c424a1e
MD5 hash: 8f0f6c41954c4ffa44d3b1e9af75e611
humanhash: fifteen-sweet-oxygen-sodium
File name:OLEACC.dll
Download: download sample
File size:58'880 bytes
First seen:2026-03-18 16:06:32 UTC
Last seen:2026-03-18 17:04:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 20950c93f21e57e75716f301cc245775
ssdeep 1536:cgs5VW8P5SzyRUjD61egrg1QGUvwvCCw+0XPH6UISDOJ:cgY7P5S2PXPH6UyJ
TLSH T1F4432906A1A131BCC05E803046575F23A5BA7C0855736CF70BA1FE793FF5528A27AB9E
TrID 44.6% (.EXE) Win64 Executable (generic) (6522/11/2)
14.0% (.ICL) Windows Icons Library (generic) (2059/9)
13.8% (.EXE) OS/2 Executable (generic) (2029/13)
13.7% (.EXE) Generic Win/DOS Executable (2002/3)
13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter Anonymous
Tags:captcha-verification-module-com dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
OLEACC.dll
Verdict:
Suspicious activity
Analysis date:
2026-03-18 16:08:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/698d0099-3fa6-497c-8279-f4076fab9adc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/58005/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bacdb893b644ca466b5f11
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70
Result
Gathering data
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/36755020-828f-4a86-8cb5-e5e459f564f3
Score:
31%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhwskcpofqdipdkotz62pjn2j7qjlxmxbqqtzbh5njnzbqu4x5ya._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260318-tkr3mafs6y/
Unpacked files
SH256 hash:
c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70
MD5 hash:
8f0f6c41954c4ffa44d3b1e9af75e611
SHA1 hash:
2cbb5ea98ebc97a048f9c9d188b303be6c424a1e
Link:
https://www.unpac.me/results/c11c3820-5b24-4370-bd2d-13a30a2ece1c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1ed2509ee2c06878d4e9e7da7a5ba4fe095dd970c213c84fd6a5b90c29cbf70

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/58005/

Comments