MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a
SHA3-384 hash: d861224803a3136e555e00b48e7efa46318cb33aaa5d00a573022887fccd57982ad199843a8d4fec60843f3a698c2532
SHA1 hash: 77e46b73ce9130d954b0b3193d03733cf65454dd
MD5 hash: 0c071d21b283728585ede6bf16f7b8c1
humanhash: river-stairway-helium-sweet
File name:DSFIX.exe
Download: download sample
File size:9'885'377 bytes
First seen:2026-06-07 08:56:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d54f4ce7166adf987d04345af91ff939
ssdeep 196608:dWhdj3IIK+xZbXsdhHl8X88kGettSfUQHPJjSiKbUj3jI2kflfT:omILxZbXsDFpaXvPjjI2mdT
TLSH T12EA63315601705E3D190B833EF3FC2A5EB36B768915A368EE52D923B7F812C16E38572
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon b070b088d8c8d8a4
Reporter Alex_sev
Tags:agent exe Generic

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
AU AU
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
DSFIX.exe
Verdict:
Malicious activity
Analysis date:
2026-06-07 08:54:53 UTC
Tags:
windivert-sys mal-driver
Link:
https://app.any.run/tasks/bbb42f9a-0402-4a74-b608-88228854a944

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69420/
Detection(s):
SecuriteInfo.com.Win64.Evo-gen.99288266.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2531d963a4889c1afa48f3
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm microsoft_visual_cc overlay packed
Link:
https://www.filescan.io/uploads/6a25327246e44aecc0d302a8/reports/4874efed-1c7d-429a-96c4-fd195f7244dc/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a
Verdict:
Clean
File Type:
exe x64
First seen:
2026-06-08T04:20:00Z UTC
Last seen:
2026-06-08T04:26:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4a901645-e284-4959-9eb0-0e286c50c747
Score:
88%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-06-07 08:54:56 UTC
File Type:
PE+ (Exe)
Extracted files:
5
AV detection:
18 of 24 (75.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=33srwc5g2c5v7xn4tk3iwlmqvbqm7dy33vzbxu4c75iebfsfomna._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260607-kwrfsscw4l/
Unpacked files
SH256 hash:
dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a
MD5 hash:
0c071d21b283728585ede6bf16f7b8c1
SHA1 hash:
77e46b73ce9130d954b0b3193d03733cf65454dd
Link:
https://www.unpac.me/results/081b4e65-8c01-47da-b681-bd53758aa2df/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dee51b0ba6d0bb5fddbc9ab68b2d90a860cf8f1bdd721bd382ff50409645731a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69420/

Comments