Suspicious
Newly signed executable with high entropy and packing; no malicious detections but unestablished signer and similar imphash history warrant caution.
14a52416a760855016…26b515bc7fThe verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The file presents a mixed-signal profile. On one hand, zero malicious detections across 71 engines (including Kaspersky, BitDefender, ESET-NOD32, Fortinet, and Avira) and no sandbox malicious verdicts suggest the file is not currently known malware. On the other hand, the signer 'Ascora GmbH' has no established history (signerStats.found=false), the code is highly obfuscated (entropy 7.3, likely packed), and the imphash matches four prior samples all verdicted 'suspicious' with the same ai:borderline_mixed_signals reasoning. The file is also rare and new (6 days old, 1 submitter), limiting our confidence in the absence of detections. No external intelligence (CIRCL, YARAify, MalwareBazaar) corroborates malice, but the lack of data is not the same as clean data.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
engines: 0/71 malicious; tier1Malicious=0; 16 tier-1 engines (Kaspersky, BitDefender, ESET-NOD32, Fortinet, Avira, F-Secure, GData, Emsisoft, DrWeb, Avast, AVG, Ikarus) all silent
signing.verified=true, signer='Ascora GmbH', but signerStats.found=false — unestablished publisher with zero prior samples
peAnalysis: highEntropyCode=true, likelyPacked=true, .text entropy=7.3 — code obfuscation present
similarHashes: 4/5 prior imphash matches verdicted 'suspicious' (ai:borderline_mixed_signals); no malicious consensus
prevalence: rare_new (1 submitter, 6 days old); no external intel hits (CIRCL, YARAify, MalwareBazaar negative)
- 0/71 antivirus engines report malicious detections
- 16 tier-1 vendors (Kaspersky, BitDefender, ESET-NOD32, Fortinet, Avira, F-Secure, GData, Emsisoft, DrWeb, Avast, AVG, Ikarus) all silent
- Digitally signed and verified by Ascora GmbH
- No external intelligence hits (CIRCL, YARAify, MalwareBazaar negative)
- No malicious sandbox verdicts, no dropped children, no malicious host contact
- Unestablished signer with zero prior submission history
- High code entropy (7.3) and likely packing — code obfuscation present
- Import hash (imphash) matches 4 prior 'suspicious' verdicts
- Rare and new file (6 days old, 1 submitter) — limited analysis time
- No sandbox execution data available to confirm runtime behaviour
Do not execute this file on production systems without further verification. Contact Ascora GmbH to confirm the file's legitimacy and purpose, or test it in an isolated sandbox environment first. The combination of an unverified signer, code obfuscation, and borderline imphash history justifies defensive caution despite the absence of current malware detections.
0 detections across 75 engines
Section entropy & packers
Executable sections have high entropy (7.2+) — the code is compressed or encrypted and only decrypted at runtime. Classic packing behaviour.
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- SSDFresh.exe
- Size
- 2.27 MB
- MIME type
- (unknown)
- Detected type
- Win32 EXE
- SHA-256
- 14a52416a76085501675dfd847ea8ed0deeb55d65f82d30105097926b515bc7f
- MD5
- 8aa290694e3a1b0ae3adc127a31ac74b
- SHA-1
- 4a0a3c1e26209d2535959c606cdb20d7c7408268
- PE imphash
- f34d5f2d4577ed6d9ceec516c1f5a744
- First seen (VT)
- 6/12/2026, 10:29:36 AM
- Last analysis (VT)
- 6/12/2026, 10:29:36 AM
- First scan (MalwareTips)
- 6/18/2026, 4:14:17 PM
- Last scan (MalwareTips)
- 6/18/2026, 4:14:17 PM
- Code signer
- Ascora GmbHverified
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.