NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3c0401dac9e401015203abb0a6a490b9df280a9d0d03993bea5b7659e5ace806.

Scan Results

SHA256 hash: 3c0401dac9e401015203abb0a6a490b9df280a9d0d03993bea5b7659e5ace806
File size:961'024 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 5c506f5d8665cff219dac4dc7c583b82
SHA1 hash: 1b3c24d1f380cb578a40e691e46c1d654b5b4480
SHA3-384 hash: 7a75e1dc9e2d5daa643204739d88f6b29eee8f406169eec217f51e48926d067475100eac437babe93a531ed6c3a1a5ad
First seen:2025-04-03 02:34:12 UTC
Last seen:2025-04-03 02:35:02 UTC
Sightings:2
imphash : 948cc502fe9226992dce9417f952fce3
Create hunting rule
ssdeep : 24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8a0xu:yTvC/MTQYxsWR7a0x
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : aae2f3e38383b629
Create hunting rule

Tasks

There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:3ecf8e58-1034-11f0-b4a6-42010aa4000b
File name:random.exe
Task parameters:ClamAV scan:True
Unpack:True
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.Generic.33203615.28472.17882.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:21584fef-1034-11f0-b4a6-42010aa4000b
File name:5c506f5d8665cff219dac4dc7c583b82
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.Generic.33203615.28472.17882.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.