Task Information
Task ID: 29b04e4c-57ef-11f0-a223-42010aa4000b File name: 400000.omsecor.exe Task parameters: ClamAV scan: True Unpack: False Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
The following YARA rules matched on the file (static analysis).
Rule name: DebuggerCheck__API
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara TLP: TLP:WHITE
Rule name: DetectEncryptedVariants
Author: Zinyth Description: Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded TLP: TLP:WHITE Repository: YARAify
Rule name: MD5_Constants
Author: phoul (@phoul) Description: Look for MD5 constants TLP: TLP:WHITE Repository:
Rule name: SUSP_ENV_Folder_Root_File_Jan23_1
Author: Florian Roth (Nextron Systems) Description: Detects suspicious file path pointing to the root of a folder easily accessible via environment variables Reference: Internal Research TLP: TLP:WHITE
Rule name: SUSP_Imphash_Mar23_2
Author: Arnim Rupp (https://github.com/ruppde) Description: Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal) Reference: Internal Research TLP: TLP:WHITE Repository: Neo23x0
Rule name: classified Author: classified TLP TLP:GREEN
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter