YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 27b1f6d0e2f5e8c16dc906cd87b0f295b65dda556ccff79e31bea5c9a6a305a4
.
Scan Results
SHA256 hash: | 27b1f6d0e2f5e8c16dc906cd87b0f295b65dda556ccff79e31bea5c9a6a305a4 | |
---|---|---|
File size: | 109'826 bytes | |
File download: | Original | |
MIME type: | application/x-dosexec | |
MD5 hash: | 5ec36969e4b5db2ad1341c0feb2aa24e | |
SHA1 hash: | 75aef75d353ca47f2efe09e48bf5e7c02d522280 | |
SHA3-384 hash: | 51f028f238a2a3ade95693c1993768665aa73954f7380266a583d0ab6d0f655818665980820fef82f5d0fa82793d1c46 | |
First seen: | 2025-08-24 22:17:22 UTC | |
Last seen: | Never | |
Sightings: | 1 | |
imphash : | d76ab3a9cdd449d995ccfb0253ce7e80 | |
ssdeep : | 1536:9sMveb4lR0daHy9v7Zc86y9U4AFRfBj5rLrZzBnGrD:9Deb4T0daHy9DZc86yGXrLrZVnGf | |
TLSH : | n/a | |
telfhash : | n/a | |
gimphash : | n/a | |
dhash icon : | e4e4e6aba8a4b080 |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
Task ID: | 1b50ed45-8138-11f0-8fb7-42010aa4000b | |
---|---|---|
File name: | 400000.SVCHOST.EXE | |
Task parameters: | ClamAV scan: | True |
Unpack: | False | |
Share file: | True |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
Signature: | Win.Worm.Rungbu-9949706-0 |
---|
Signature: | Win.Worm.Rungbu-9949707-0 |
---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: | ASPackv21AlexeySolodovnikov |
---|---|
Author: | malware-lu |
TLP: | TLP:WHITE |
Repository: |
Rule name: | FreddyBearDropper |
---|---|
Author: | Dwarozh Hoshiar |
Description: | Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip. |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | INDICATOR_EXE_Packed_ASPack |
---|---|
Author: | ditekSHen |
Description: | Detects executables packed with ASPack |
TLP: | TLP:WHITE |
Repository: | diˈtekSHən |
Rule name: | RANSOMWARE |
---|---|
Author: | ToroGuitar |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | SEH__vba |
---|---|
Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
TLP: | TLP:WHITE |
Rule name: | Sus_CMD_Powershell_Usage |
---|---|
Author: | XiAnzheng |
Description: | May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP) |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
---|---|
Author: | XiAnzheng |
Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
TLP: | TLP:WHITE |
Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter