YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 3219cceee40730fb678aa51520c53d01dc621ad150ba40101ceb7fb8468a8d36.
Scan Results
| SHA256 hash: | 3219cceee40730fb678aa51520c53d01dc621ad150ba40101ceb7fb8468a8d36 | |
|---|---|---|
| File size: | 37'614'592 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 913bc112794848fc01633d368d228afb | |
| SHA1 hash: | 7f9e97d22e244c54586abf429a2b67459749f72f | |
| SHA3-384 hash: | ed2b287c0bd02dd3a7aabce4939c7cd654da0c249d12a8083e30b6329fc51016c4922f2706cc8e9d9581d789e94620ec | |
| First seen: | 2025-03-30 20:55:55 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | n/a | |
| ssdeep : | 393216:L4Ur41waqfisMtshZQf6vFGqz67EwAl7K2/oak/Nsg3r/fTs:Dygg3r/fTs | |
| TLSH : | T10F872E2039DA503FF273AEF55BD4659AB92EFEFB2703544A107133CA47329819E91239 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 10f0f0f0d4f0f010 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 604f4503-0da9-11f0-b4a6-42010aa4000b | |
|---|---|---|
| File name: | 2196_235063001317425232025 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.Asprotect-3 |
|---|
| Signature: | SecuriteInfo.com.Trojan.PackedNET.972-1.UNOFFICIAL |
|---|
| Signature: | Win.Malware.Generic-9874177-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ASPackv212AlexeySolodovnikov |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | ASProtectV2XDLLAlexeySolodovnikov |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | Borland |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | INDICATOR_EXE_Packed_ASPack |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables packed with ASPack |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | ldpreload |
|---|---|
| Author: | xorseed |
| Reference: | https://stuff.rop.io/ |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | possible_trojan_banker |
|---|---|
| Author: | @johnk3r |
| Description: | Detects common strings, DLL and API in Banker_BR |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | RIPEMD160_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for RIPEMD-160 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | SHA1_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for SHA1 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | classified |
|---|---|
| Author: | classified |
| Description: | classified |
| TLP : | TLP:AMBER |
| Rule name: | Windows_Generic_Threat_491a8310 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter