YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 12c3f2f37dfe3efa03c920e4d96365a87e0472e804d408219f1e31a114c3e710.
Scan Results
| SHA256 hash: | 12c3f2f37dfe3efa03c920e4d96365a87e0472e804d408219f1e31a114c3e710 | |
|---|---|---|
| File size: | 1'185'776 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | dd0777373bc94f9f5e3d4b8e4ca15e94 | |
| SHA1 hash: | 2563e42f37d7dd94412bcb6516d7d2b14ea89ed1 | |
| SHA3-384 hash: | 30aa1729d6a49dcae468e3d7354304a6181bd7df287c4001167cff71ce757ef776a2caa0a3d49b4324c97947f985bc79 | |
| First seen: | 2024-12-22 15:06:54 UTC | |
| Last seen: | 2024-12-22 15:06:55 UTC | |
| Sightings: | 2 | |
| imphash : | 3837ed3ae512bf4a8accd09965ab5e18 | |
| ssdeep : | 12288:oNm4QvmjkutXDMb2QgZQSo/MOgH75TvIS4oaQAOEp+YH/aHPgYmL:HmjLO5g6/MxHNIVoaFOEp+U/RYq | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | a01cc062e4c81368 | |
Tasks
There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 61c996dc-c076-11ef-a38e-42010aa4000b | |
|---|---|---|
| File name: | 10000000.krnln.fnr | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Flystudio-9764518-0 |
|---|
| Signature: | Win.Worm.FlyStudio-30 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Check_OutputDebugStringA_iat |
|---|---|
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Hacktools_CN_JoHor_Rdos |
|---|---|
| Author: | Florian Roth |
| Description: | Disclosed hacktool set - file spec.vbp |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RansomPyShield_Antiransomware |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | 6190abf0-c076-11ef-a38e-42010aa4000b | |
|---|---|---|
| File name: | 10000000.krnln.fnr | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Flystudio-9764518-0 |
|---|
| Signature: | Win.Worm.FlyStudio-30 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Check_OutputDebugStringA_iat |
|---|---|
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Hacktools_CN_JoHor_Rdos |
|---|---|
| Author: | Florian Roth |
| Description: | Disclosed hacktool set - file spec.vbp |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RansomPyShield_Antiransomware |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter