NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 208d45a9624995e30f75fad415c90f1ffa614ffc39fb2b64c9356bee883c49f3.

Scan Results

SHA256 hash: 208d45a9624995e30f75fad415c90f1ffa614ffc39fb2b64c9356bee883c49f3
File size:810'535 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: fd767ddedb9b02112a81c31de25e1ad6
SHA1 hash: a04a08c3af1308f79f35573d21e8b9eb50bac98a
SHA3-384 hash: 102bc84758b5bcd8572f38af4ee91eaf2b8df1b5046ab6664cd53a4f58f9ac41f4e45707fdb521506101f598cd88c027
First seen:2024-11-09 03:12:59 UTC
Last seen:2024-11-09 03:12:59 UTC
Sightings:2
imphash : de19f4d4c658f9b8c7e5b4cc75df9767
Create hunting rule
ssdeep : 12288:waWzgMg7v3qnCiMErQohh0F4CCJ8lnyrd3+iMPbQ:3aHMv6Corjqnyrd3sbQ
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 68ccf2e8ececf112
Create hunting rule

Tasks

There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:8612169c-9e48-11ef-b6ec-42010aa4000b
File name:400000.UniExtract.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Trojan.572058-1
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AutoIt
Create hunting rule
Author:Jean-Philippe Teissier / @Jipe_
Description:AutoIT packer
TLP:TLP:WHITE
Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:upx_largefile
Create hunting rule
Author:k3nr9
TLP:TLP:WHITE
Repository:YARAify
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:8623cda7-9e48-11ef-b6ec-42010aa4000b
File name:400000.UniExtract.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Trojan.572058-1
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AutoIt
Create hunting rule
Author:Jean-Philippe Teissier / @Jipe_
Description:AutoIT packer
TLP:TLP:WHITE
Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:upx_largefile
Create hunting rule
Author:k3nr9
TLP:TLP:WHITE
Repository:YARAify
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.