NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 2973c0cbfe0f161b31281b7eabe17a8418dc489016765820e437943f88877b8e.

Scan Results

SHA256 hash: 2973c0cbfe0f161b31281b7eabe17a8418dc489016765820e437943f88877b8e
File size:167'936 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 0d61376e0fb84fddda0047fb470f48b7
SHA1 hash: c6ce5014c3e28eef1be282b7d1a76193eaf982ab
SHA3-384 hash: bef19e9c768dfab17f1a15d419df2d2b248f100aff002e04af6158d3e4592025ae5e930442562f04a4291e8608122eec
First seen:2025-04-03 02:31:17 UTC
Last seen:Never
Sightings:1
imphash : 08b67a9663d3a8c9505f3b2561bbdd1c
Create hunting rule
ssdeep : 1536:cd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZSl/5:kdseIOMEZEyFjEOFqTiQmwl/5
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:b88fd75e-1033-11f0-b4a6-42010aa4000b
File name:400000.omsecor.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Ulise-7170100-0
Create hunting rule
Signature:Win.Malware.Ulise-7170254-1
Create hunting rule
Signature:Win.Malware.Ulise-7170256-1
Create hunting rule
Signature:Win.Malware.Ulise-7170507-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:SUSP_ENV_Folder_Root_File_Jan23_1
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects suspicious file path pointing to the root of a folder easily accessible via environment variables
Reference:Internal Research
TLP:TLP:WHITE
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:classified
Author:classified
TLP :TLP:GREEN

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.