Task Information
Task ID: 3e240dcf-8138-11f0-8fb7-42010aa4000b
File name: c8a2fc05f3b9f3d6ef2adc3b4ce2e341
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: CP_AllMal_Detector
Alert
Author: DiegoAnalytics
Description: CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP: TLP:WHITE
Repository: YARAify
Rule name: CP_Script_Inject_Detector
Alert
Author: DiegoAnalytics
Description: Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerHiding__Active
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: FreddyBearDropper
Alert
Author: Dwarozh Hoshiar
Description: Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP: TLP:WHITE
Repository: YARAify
Rule name: MD5_Constants
Alert
Author: phoul (@phoul)
Description: Look for MD5 constants
TLP: TLP:WHITE
Repository:
Rule name: Sus_CMD_Powershell_Usage
Alert
Author: XiAnzheng
Description: May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP: TLP:WHITE
Repository: YARAify
Rule name: Sus_Obf_Enc_Spoof_Hide_PE
Alert
Author: XiAnzheng
Description: Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP: TLP:WHITE
Repository: YARAify
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter