YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 160819b7219a68a51dc018db9ec5546183e8e3367af5ee265d7a4a31f143c340.
Scan Results
| SHA256 hash: | 160819b7219a68a51dc018db9ec5546183e8e3367af5ee265d7a4a31f143c340 | |
|---|---|---|
| File size: | 797'712 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | d9735f050a653da9501b368cdd5d7513 | |
| SHA1 hash: | b333bd29f639518093cf636f54e18c1cda453458 | |
| SHA3-384 hash: | 3495352d3afa89a3bc301db262a0dbc586c2e630bebf2b4df787382ef74c2ebeb369260554f2ccbfe5ab0956f5205c90 | |
| First seen: | 2024-09-14 02:43:27 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | d2ea58864774226587a29f6f5d72cd0b | |
| ssdeep : | 24576:0HTqQvOzoXSxKFYvVHUWw1SCm+S2jb1u6:0HTqTsC2Y9twM+SF | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| File icon (PE): |  | |
| dhash icon : | b2d1534fecf6b7b3 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 1ebbf451-7243-11ef-b6ec-42010aa4000b | |
|---|---|---|
| File name: | d9735f050a653da9501b368cdd5d7513 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Adware.Amonetize-7134978-0 |
|---|
| Signature: | PUA.Win.Adware.Amonetize-7170432-0 |
|---|
| Signature: | PUA.Win.Adware.Amonetize-7171980-0 |
|---|
| Signature: | PUA.Win.Adware.Amonetize-8478999-0 |
|---|
| Signature: | SecuriteInfo.com.Adware.BundleApp.IDV.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Adware.BundleApp.ILO.UNOFFICIAL |
|---|
| Signature: | Win.Packed.Zusy-9837875-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | DebuggerException__SetConsoleCtrl |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | Detect_APT29_WINELOADER_Backdoor |
|---|---|
| Author: | daniyyell |
| Description: | Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends |
| Reference: | https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | PE_Digital_Certificate |
|---|---|
| Author: | albertzsigovits |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | PE_Potentially_Signed_Digital_Certificate |
|---|---|
| Author: | albertzsigovits |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter