MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 17 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a
SHA3-384 hash: a4a46b0a9681c718b35a7b745f9fefb01a600e7d8f53e4c69c3aee64da75bd7025687dd716a2054bfa698b9c440a7bf6
SHA1 hash: 402cf00e6e68525c1a8e44387508d623eb00373b
MD5 hash: 4d136215c931e5723f2098d968fbca74
humanhash: florida-seven-mockingbird-bakerloo
File name:file
Download: download sample
File size:5'876'952 bytes
First seen:2025-12-08 13:10:20 UTC
Last seen:2025-12-08 14:30:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 431f7ea7be1aeeb53d1180ffeb73e6a5
ssdeep 98304:6Kepnr/UQzxYxuXZFHGaprMur6nSneUIl8vrYqnSxVo7pcES94xWvFbjk1N4qhtD:659/UQtDZFmaVMue+el8TYqnSPQpcESs
TLSH T1EB46332A4F91A499CE3C54798744E9EDF6E82CB9CF728C993F783648FE686418F50C44
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 signed UPX

Code Signing Certificate

Organisation:Taiyuan Banmin Trading Co., Ltd.
Issuer:Certum Extended Validation Code Signing 2021 CA
Algorithm:sha256WithRSAEncryption
Valid from:2025-12-04T09:11:17Z
Valid to:2026-12-04T09:11:16Z
Serial number: 318ba33f2f060636e26e971049949130
Thumbprint Algorithm:SHA256
Thumbprint: 6b5045f93b9ea68c16eeee6485109c88ba90f627104f409fb66772b98bc4948f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Bitsight
url: http://178.16.55.189/files/7719064868/IsSvSWD.exe
File size (compressed) :5'876'952 bytes
File size (de-compressed) :28'730'584 bytes
Format:win64/pe
Unpacked file: c33d510b2c6f2dcae6215f849d03045b15c94381cd36b64cddde4c19cb627967

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/963eb2a8-1493-4b9c-b03c-afdcc3cebd85/
Malware family:
n/a
ID:
1
File name:
IsSvSWD.exe
Verdict:
No threats detected
Analysis date:
2025-12-08 13:10:38 UTC
Tags:
upx
Link:
https://app.any.run/tasks/4ddf5b89-a207-4e6f-a2ec-38755eeb03e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/43001/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6936ce47db58e1a2c22b7efd
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto keylogger overlay packed packed packed signed upx
Link:
https://www.filescan.io/uploads/6936ce42bba50eaf0426e7a0/reports/b822e0d2-da4b-4ab8-afe3-a4e7afe9bea9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f4f16ff1-cf25-43fb-aa43-eec551b92e1c
Score:
20%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/4d136215c931e5723f2098d968fbca74
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dcce2qbmzx6mniph6uievtstwywfc6wc7ecn25jzh7a5wdofv5va._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/251208-qek6caxpgm/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
UPX packed file
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/97d7f194-b149-4c3b-a274-1218ddcecea4
Unpacked files
SH256 hash:
18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a
MD5 hash:
4d136215c931e5723f2098d968fbca74
SHA1 hash:
402cf00e6e68525c1a8e44387508d623eb00373b
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
e7038dc0f25bef56487ae60f354f04440315f5cac51f6f1f2cbbfb06011d3c80
MD5 hash:
44af12b54c4e282db023abf13e9278d4
SHA1 hash:
46fb7162a0d90d1d1d5bfe69a8b05553e2baf8b5
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
04e7112867a0c9325db992f26225b48a0a2d17f60ec94db77366102ac8c20bff
MD5 hash:
ecb6e3750b88ed2bae57298d915868a9
SHA1 hash:
8cc4a1ab1c9bcd1d86a3cfa82c968e92e699c3da
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
MD5 hash:
4da5da193e0e4f86f6f8fd43ef25329a
SHA1 hash:
68a44d37ff535a2c454f2440e1429833a1c6d810
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
1e7fad0a955345ab1274634b661cd751761bee0f3893e30d0e4e07bfba02a671
MD5 hash:
b41c6619292dc76eb096ab60858fcab2
SHA1 hash:
cf588599317bf8ecac4ffb1d0ceb02f535b00245
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
3b0204163cbfceaabe5509225e3d40ce60a873533cb9e22631c057c923cebd43
MD5 hash:
d17fa5d16e39216964c20489713fae22
SHA1 hash:
2fa22c99494cae350a26913b13f958748bb00e17
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
45d2369f7f7ef68ab419044587e0987aacc3a7d8d4d5f307c5a47503ab04c263
MD5 hash:
ddd4265c2cc785ad07ebb0c4a6110766
SHA1 hash:
d5b0c46b482735ebb53a8da98c535b1586c44cb3
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
7e118a660509114768947da342d3e96b7aa8372d07c230438e437365c9313453
MD5 hash:
e52fa9a3210d3707bea08b573091d275
SHA1 hash:
95eaa71f1491ba84f5d709179307f1ed3fb7073c
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
baaa78d92610955c01f60fb29d21c5f9211f982f3e8da994f6b1b85055cd98ba
MD5 hash:
a0dd6c237ba257dc4312471a315fe3b1
SHA1 hash:
850d2c230bcbe44153bd2400736de094493e8bd3
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
cf6717f34498a5b568a8f39ba1ff916e4a02b8e79e45312a067ece40117488ba
MD5 hash:
1fab7b2c0e7270535803453f26b8e7fa
SHA1 hash:
88e048233baf7aa940ff1e61bc695523af927751
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
SH256 hash:
fd5ff3520fb3293d754fc7b157e8b3a5f6414139a72801fef9a23a4b1a988b02
MD5 hash:
d5e10100a092dfc50a4bad1d8da97393
SHA1 hash:
1c6eb489a4ff89756c4a0e5eb1d24787a6e214da
Link:
https://www.unpac.me/results/6e291ced-54c1-4546-b5a4-5c45a8aa4adc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 18844d402ccdfcc6a1e7f5104ace53b62c517ac2f904dd75393fc1db0dc5af6a

(this sample)

Executable exe c33d510b2c6f2dcae6215f849d03045b15c94381cd36b64cddde4c19cb627967

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/43001/
  
Dropping
SHA256 c33d510b2c6f2dcae6215f849d03045b15c94381cd36b64cddde4c19cb627967
  
Dropping
MD5 1463124b43a152e2cc4c7e97bf4fe213
  
URLhaus
https://urlhaus.abuse.ch/url/3729259/

Comments