MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c
SHA3-384 hash: 68a450c33932be92b4d6fb4c84e33f27a807373d55ba70dd80eb323f4fad39fe48bd906c2c4738543bf6962196cec68d
SHA1 hash: c776f8ed9b4378f3ed3bbd4e967d82b19e417d5c
MD5 hash: bd8d5fc34367d7f2782ae8888be375e6
humanhash: cup-single-whiskey-harry
File name:SecuriteInfo.com.Generic.Dacic.6942.B58750A0.14686.2810
Download: download sample
File size:29'696 bytes
First seen:2026-01-24 09:33:34 UTC
Last seen:2026-01-24 10:23:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b2df774f65211b4962a056c4da67248
ssdeep 768:WRO2shiW4Ya2qRP8Z1mDlx2lXVIuFHSTsnk:6xW4Z2YPFDlc5VbyTwk
TLSH T1BED2C06592F4135CF1AA0EB57913EB269B1BA820DF77D3581B02007A3D60581FE6D93A
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe UPX
File size (compressed) :29'696 bytes
File size (de-compressed) :61'952 bytes
Format:win64/pe
Unpacked file: 0dc6f5f8b609737510c11611144bdf734dc7f46fbae0c76b05082ff2d4dca01f

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/5d5dfb7c-cc2e-4ca0-837b-afd66cbd5619/
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Generic.Dacic.6942.B58750A0.14686.2810
Verdict:
Malicious activity
Analysis date:
2026-01-24 09:34:50 UTC
Tags:
barys auto-startup upx
Link:
https://app.any.run/tasks/f611e167-0479-4e82-85f7-5fd5c0ac21ff

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49948/
Detection(s):
SecuriteInfo.com.Generic.Dacic.6942.B58750A0.14686.2810.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69749224bcad3327ec082fa6
Tags:
backdoor autorun agent virus
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug crypto packed packed packed upx
Link:
https://www.filescan.io/uploads/6974921ef3c1b7b1fbdbd530/reports/deaff289-29cc-4c60-b507-cdd09037e272/overview
Verdict:
Malicious
Labled as:
Dacic.6942.Generic
Link:
https://www.hybrid-analysis.com/sample/e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-01-24T06:08:00Z UTC
Last seen:
2026-01-24T08:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aada78b9-7601-47c8-b98e-5ae4256105f3
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/bd8d5fc34367d7f2782ae8888be375e6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c/
Threat name:
Win64.Trojan.Dacic
Create hunting rule
Status:
Malicious
First seen:
2026-01-24 08:54:57 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fl45wcmb6sgt4cvabeyf3mbysfsx6tsvb3bwhqcsbkty6rlrr6a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/260124-l1bftabx7h/
Behaviour
UPX packed file
Drops startup file
Unpacked files
SH256 hash:
e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c
MD5 hash:
bd8d5fc34367d7f2782ae8888be375e6
SHA1 hash:
c776f8ed9b4378f3ed3bbd4e967d82b19e417d5c
Link:
https://www.unpac.me/results/17f1703d-2d1b-4e02-8a9f-32f0207cf5f0/
SH256 hash:
0dc6f5f8b609737510c11611144bdf734dc7f46fbae0c76b05082ff2d4dca01f
MD5 hash:
1abe8eee23d5fddb7ecc26f7f1865ff5
SHA1 hash:
320fe626856a4f518bdbd9412bb49cf5f4dc42fa
Link:
https://www.unpac.me/results/17f1703d-2d1b-4e02-8a9f-32f0207cf5f0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e157ced84c0fa469f055004982ed81c48b2bfa72a8761b1e0290553c7a2b8c7c

(this sample)

Executable exe 0dc6f5f8b609737510c11611144bdf734dc7f46fbae0c76b05082ff2d4dca01f

  
URLhaus
https://urlhaus.abuse.ch/url/3762987/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/49948/
  
Dropping
SHA256 0dc6f5f8b609737510c11611144bdf734dc7f46fbae0c76b05082ff2d4dca01f
  
Dropping
MD5 1abe8eee23d5fddb7ecc26f7f1865ff5

Comments