Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 4f32794f5f9e83501774ca690ab47403113eba3d30c2b3eef71e45679727061a.

Scan Results

SHA256 hash: 4f32794f5f9e83501774ca690ab47403113eba3d30c2b3eef71e45679727061a
File size:327'680 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: d19dd994d64c9d20dd8d9f4b761281fc
SHA1 hash: 5393747f3a7133a09c84c4bc40cb8a77a9570c08
SHA3-384 hash: 5417733e91393aea662f7a3acbdc49ca08ee05fbdefc933a31c88c64c4c030f741c5600b4affaf9c1093c04c5a0755d3
First seen:2025-08-24 22:19:34 UTC
Last seen:Never
Sightings:1
imphash : 77eb68348ee30e01ec09fce3582c5f76
Create hunting rule
ssdeep : 6144:hD8okEvTyoZVOgd2QZiw5NLclL5orfQHCigulUqa1M+9a:psjCF2QZiOU+4zX7wM4a
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 0000000000000104
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:6a02423e-8138-11f0-8fb7-42010aa4000b
File name:d19dd994d64c9d20dd8d9f4b761281fc
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:MiscreantPunch.EvilMacro.PVDISABLE.170819.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.HanciInterruptMyDayHandler.20210721.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.PKILLDropboxMacroDirectDownload.20220331.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.PolicyKillOnlyHappyWhenItRains.20210704.UNOFFICIAL
Create hunting rule
Signature:Win.Trojan.Shiz-2273
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:INDICATOR_SUSPICIOUS_EXE_Enable_OfficeMacro
Create hunting rule
Author:ditekSHen
Description:Detects Windows executables referencing Office macro registry keys. Observed modifying Office configurations via the registy to enable macros
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:vbaproject_bin
Create hunting rule
Author:CD_R0M_
Description:{76 62 61 50 72 6f 6a 65 63 74 2e 62 69 6e} is hex for vbaproject.bin. Macros are often used by threat actors. Work in progress - Ran out of time
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.