MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403
SHA3-384 hash:	49eb6223af0437c5d749dfa7bf9b641bb1a8849fa520dd7300a41e11594bff8eeb499c8fdda977ecd52ab3ee0cb89e6b
SHA1 hash:	6dd583daa12f79a828ceff743a387ea2abced289
MD5 hash:	c5e47e4d9c1d944a79014e2b1fa62384
humanhash:	wisconsin-aspen-burger-november
File name:	REQ_For_Payment_Invoice__FER9079900530981016230-800119_pdf.js
Download:	download sample
File size:	806'008 bytes
First seen:	2026-06-02 15:48:12 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:qmzHrRznCviA328QXSw/U62OUiqjNnBe9yYt5sSURwyAlziPZU40GhvueKUrSsWh:Cs/UOUiq2yjw9
Threatray	60 similar samples on MalwareBazaar
TLSH	T12B05393CCC58412FE476C928C69A486FF4D11617622CE94710C73B5FAE73A86B7A326D
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	txt
Reporter	TomU
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.80260978.18440.17255.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a1efb62f8676ad4d36062db

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

masquerade obfuscated repaired

Link:

https://www.filescan.io/uploads/6a1efb554bb6e36d18095dce/reports/d9a16e2f-838e-49de-8123-bf173d606802/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403

Verdict:

Malicious

File Type:

First seen:

2026-06-01T02:45:00Z UTC

Last seen:

2026-06-02T12:38:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403/results?tab=lookup

Score:

67%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-06-01 08:06:43 UTC

File Type:

Text (JavaScript)

AV detection:

6 of 36 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rembkh4gnb57nxgwsyvql7uu2ssiyqanrhh55yls3dxhb4dmgqbq._file

Verdict:

malicious

Label(s):

purecrypter

stubrunner

4ea5d759cba64680a2e67d9aafc281119ce40bf88694edc56ab38d90ba95703c

5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5

9b6b53ffc24cf8ca9350321c1b073a7ff034eca45020453af607be0d455d47dd

9d34b9747ceb4a2a40f23df7e3f91fa3a96cac6f1931cdb2081ca5b84a81c6cc

c8336e84c4a44b42ffc0f6cb57cf573b42cb46fa4ef9e553a9bb398dccee0ca2

d218c6a408aac1ed96d166aa142c4535726af2767bbf473859df0e1091b9be81

db4c234a950279b3fee6e07157fd6c6e9ff082f8a72211749a0a3eb84a3bc0f5

error

+ 50 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

collection defense_evasion discovery execution persistence

Link:

https://tria.ge/reports/260602-s81h8shv6z/

Behaviour

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Time Discovery

Drops file in Windows directory

Accesses Microsoft Outlook profiles

Hide Artifacts: Hidden Window

Checks computer location settings

Registers new Windows logon scripts automatically executed at logon.

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

js 8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample