YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 47360c4ea6152e290a7bc12f186185c68cceab94fe2cd8aff2a1fc7612a8707c.

SHA256 hash:	47360c4ea6152e290a7bc12f186185c68cceab94fe2cd8aff2a1fc7612a8707c
File size:	872'448 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	9a0f8122092ffc6974922bce1b0f3599
SHA1 hash:	6bbb2fa0ed6b623ba01e8642f2d8b7f4c9dc0c77
SHA3-384 hash:	113bcd1946bc480685af48a782259f92b2a63b46e52df1d9d8ee8541fcdf0514ab49a313c9a91e72fc1108200b1cc551
First seen:	2022-11-04 04:24:02 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	6144:MPjOeHuBTPI5+FpuONbbc9R7CmUkfSdZCMdapcHBdl6+NGiU4:MPotICvbQRW9USTCMdapcHBdz
TLSH :	T1B6051A209B05B039E57260B65BFE963A616976700B0560C3F3C41B3E26F95E27237F6B Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Exploit.13525-1 Create hunting rule

Signature:	Win.Worm.Gaobot-83 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA Create hunting rule
Author:	ditekSHen
Description:	Detects Windows executables referencing non-Windows User-Agents
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	Linux_Trojan_Rbot_366f1599 Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	QbotStuff Create hunting rule
Author:	anonymous
TLP:	TLP:WHITE
Repository:	MalwareBazaar

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2022-11-04 04:24:02 UTC Static: 3 Unpacker: 0 ClamAV: 2