YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 2e4dc807c1ab1d21fd6cb0784b84c5b5ae1e3f785e4f3a2573aac0e8088e3cb2
.
Scan Results
SHA256 hash: | 2e4dc807c1ab1d21fd6cb0784b84c5b5ae1e3f785e4f3a2573aac0e8088e3cb2 | |
---|---|---|
File size: | 75'776 bytes | |
File download: | Original | |
MIME type: | application/x-dosexec | |
MD5 hash: | f9da023acce3ce8fb9c155afaa67f165 | |
SHA1 hash: | 14b8715b2474ac70b9845a32ed9aa09a4a3b1dd4 | |
SHA3-384 hash: | a2691d1b717b230afc1bf8985f8e9ba7026a007e7f1029cd86ac106905952fb4db5123aaa399b3e9ab463bdfb7af14c8 | |
First seen: | 2025-04-03 02:33:32 UTC | |
Last seen: | Never | |
Sightings: | 1 | |
imphash : | f34d5f2d4577ed6d9ceec516c1f5a744 | |
ssdeep : | 1536:6U6Acx2l/Cx2PMVzV1Q/Km/diIDH1bK/AWVFQuQzcWLVclN:6Ujcx2Bq2PMVzVy1lH1bKIqQuQvBY | |
TLSH : | n/a | |
telfhash : | n/a | |
gimphash : | n/a | |
dhash icon : | n/a |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
Task ID: | 08f68db3-1034-11f0-b4a6-42010aa4000b | |
---|---|---|
File name: | f9da023acce3ce8fb9c155afaa67f165 | |
Task parameters: | ClamAV scan: | True |
Unpack: | False | |
Share file: | True |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
Signature: | Win.Malware.Generickdz-9865912-0 |
---|
Signature: | Win.Malware.Zusy-10034587-0 |
---|
Signature: | Win.Packed.Razy-9807129-0 |
---|
Signature: | Win.Trojan.AsyncRAT-9914220-0 |
---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: | AcRat |
---|---|
Author: | Nikos 'n0t' Totosis |
Description: | AcRat Payload (based on AsyncRat) |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice |
---|---|
Author: | ditekSHen |
Description: | Detects executables attemping to enumerate video devices using WMI |
TLP: | TLP:WHITE |
Repository: | diˈtekSHən |
Rule name: | MAL_AsnycRAT |
---|---|
Author: | SECUINFRA Falcon Team |
Description: | Detects AsnycRAT based on it's config decryption routine |
TLP: | TLP:WHITE |
Repository: | MalwareBazaar |
Rule name: | MAL_AsyncRAT_Config_Decryption |
---|---|
Author: | SECUINFRA Falcon Team |
Description: | Detects AsnycRAT based on it's config decryption routine |
TLP: | TLP:WHITE |
Rule name: | Mal_WIN_AsyncRat_RAT_PE |
---|---|
Author: | Phatcharadol Thangplub |
Description: | Use to detect AsyncRAT implant. |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | Multifamily_RAT_Detection |
---|---|
Author: | Lucas Acha (http://www.lukeacha.com) |
Description: | Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables |
TLP: | TLP:WHITE |
Repository: |
Rule name: | NET |
---|---|
Author: | malware-lu |
TLP: | TLP:WHITE |
Repository: |
Rule name: | NETexecutableMicrosoft |
---|---|
Author: | malware-lu |
TLP: | TLP:WHITE |
Repository: |
Rule name: | Njrat |
---|---|
Author: | botherder https://github.com/botherder |
Description: | Njrat |
TLP: | TLP:WHITE |
Repository: |
Rule name: | pe_imphash |
---|---|
TLP: | TLP:WHITE |
Repository: | MalwareBazaar |
Rule name: | Skystars_Malware_Imphash |
---|---|
Author: | Skystars LightDefender |
Description: | imphash |
TLP: | TLP:WHITE |
Repository: | MalwareBazaar |
Rule name: | SUSP_DOTNET_PE_List_AV |
---|---|
Author: | SECUINFRA Falcon Team |
Description: | Detecs .NET Binary that lists installed AVs |
TLP: | TLP:WHITE |
Rule name: | venomrat |
---|---|
Author: | jeFF0Falltrades |
TLP: | TLP:WHITE |
Repository: | jeFF0Falltrades |
Rule name: | win_asyncrat_unobfuscated |
---|---|
Author: | Matthew @ Embee_Research |
Description: | Detects strings present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc) |
TLP: | TLP:WHITE |
Repository: | YARAify |
Rule name: | Windows_Generic_Threat_ce98c4bc |
---|---|
Author: | Elastic Security |
TLP: | TLP:WHITE |
Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.