YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1da8e26e4174f4907cbefba870cf7e9ad2bc37e8ba6b904a1160ceac472b6f05.

SHA256 hash:	1da8e26e4174f4907cbefba870cf7e9ad2bc37e8ba6b904a1160ceac472b6f05
File size:	11'661'312 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	c6ca4b38969c724d8304acad22efe7bc
SHA1 hash:	301ad0a4e5709a6be7b2afdf0e43b61860014d78
SHA3-384 hash:	e084ea9f21dad65376d8131151c6dc0054f36b9c0f948284696b8b6150eab226ae16276169b09269ffcb60d9d58ec4f1
First seen:	2025-08-24 22:17:01 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	196608:qPFDYQ67xf7uEot2P/aye/SjDpgDfh8L:o67V7uIHe/Sap8
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	8c34f4d4d4d4d4d4 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	botnet_plaintext_c2 Create hunting rule
Author:	cip
Description:	Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Check_VBox_VideoDrivers Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	upx_largefile Create hunting rule
Author:	k3nr9
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	UPXv20MarkusLaszloReiser Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques
TLP:	TLP:WHITE
Repository:

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-08-24 22:17:01 UTC Static: 17 Unpacker: 0 ClamAV: 0