YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 20864eff01dc6e2a88c455f823af0f6e0461c57be700da601d0f28e883bcd06c.

Scan Results

SHA256 hash: 20864eff01dc6e2a88c455f823af0f6e0461c57be700da601d0f28e883bcd06c
File size:3'858'984 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: ea17c627c2da222feda9dbae56f95158
SHA1 hash: 9db96b467df28a2e2d01d8fb93148f52a333e483
SHA3-384 hash: 6479d9678f31a363b6e254000500688f28a1d6f2a530fde8020f48185b4a242f3ba018d1b04ba8b42ba863cb4f016550
First seen:2024-10-18 05:13:23 UTC
Last seen:2024-10-18 05:13:23 UTC
Sightings:2
imphash : 844194d9d134a0ed5d04402d3b5e518c
Create hunting rule
ssdeep : 98304:04lacAmC69Xq09bCONYkk64sQt1JFBq3B33I33KqmTywTtE:Nac3n9XtMkk64sQt1JFBq3B33I33Kqmn
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : b236b6929292a260
Create hunting rule

Tasks

You can browse the 10 most recent tasks associated with this file blow.

Task Information

Task ID:b31a14fe-8d0f-11ef-b6ec-42010aa4000b
File name:400000.762542c5-75df-4bce-82e1-2da4bfbf8dad.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
TLP:TLP:WHITE
Repository:
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
TLP:TLP:WHITE
Repository:
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:PECompactv2xx
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
TLP:TLP:WHITE
Repository:
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:b2fce9d3-8d0f-11ef-b6ec-42010aa4000b
File name:400000.762542c5-75df-4bce-82e1-2da4bfbf8dad.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
TLP:TLP:WHITE
Repository:
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
TLP:TLP:WHITE
Repository:
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:PECompactv2xx
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
TLP:TLP:WHITE
Repository:
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.