MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Amadey


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406
SHA3-384 hash: cb1f7edd942dd04ab8491ed45e2de0b30cb44eb5d16459f3bc32b2d746655aef3c0e050c3a8e77f8897fb9dbad7d78eb
SHA1 hash: 2b07c3132e2e130a430ce6960d9b9d8820b68c09
MD5 hash: 5405262637a880e08d24a10393ab364e
humanhash: asparagus-shade-queen-pennsylvania
File name:Intimacao_251751.zip
Download: download sample
Signature Amadey
Create hunting rule
File size:6'074'249 bytes
First seen:2026-05-01 17:22:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:QkOMqBJHGH/FO9cwHu40FQOk2n4mC9e7W4zPzMAYG/uI1LwxnN2K9DEBZV/Ue:5LtFO9cwHu4Z04krz3F/uIknk75/l
TLSH T18D5633509F52E6C07FA19C6BBB725CFDE181F1952A2A8C62E3347A393527F06CB60174
Magika zip
Reporter johnk3r
Tags:Amadey oamorprevalece-com zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:251751.msi
File size:7'131'136 bytes
SHA256 hash: a075c18a4eb1dc100b852dbaf15d49758d48005d51a039c42110e8f6b4769ab5
MD5 hash: e1a7bece557b9c8668a533e42c33869a
MIME type:application/x-msi
Signature Amadey
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
File Type:
MSI File
Link:
https://app.docguard.net/c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406/results/dashboard
Payload URLs
URL
File name
http://ocsp.digicert.com0
MSI File
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto expand expired-cert fingerprint fingerprint installer lolbin short-lived-cert signed
Link:
https://www.filescan.io/uploads/69f4e159792fe2d217aa573a/reports/9a8cc432-6031-4e8a-9037-c6829886758d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zdiwsvow47pmdtao762ormgyzx7fh2hup3lub3qlbmmg67ghmqda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c8d16955d6e7dec1cc0effb4e8b0d8cdfe53e8f47ed740ee0b0b186f7cc76406

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_SliverFox_String
Create hunting rule
Author:huoji
Description:Detect files is `SliverFox` malware
Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments