YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 52c42552e485d0c35cdba78911b9849c7441e9636dca462a9d5e7f7e147410d9.

SHA256 hash:	52c42552e485d0c35cdba78911b9849c7441e9636dca462a9d5e7f7e147410d9
File size:	223'683 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	33ede4a8b3ff75e700ee4d3366e31937
SHA1 hash:	982e15c718193e1d4978ad7d9a38938d45a72a26
SHA3-384 hash:	b1e82c5567c3bcfe2069ebe952855e441c915afc0bd94c4700351745b5b0bce99d78fe10840185579c55c87a27bbbbb2
First seen:	2025-04-03 02:31:21 UTC
Last seen:	Never
Sightings:	1
imphash :	3e3d633779e35448851e7a9ca7e72522 Create hunting rule
ssdeep :	3072:8R4jdNqTqHLklZpb4RrRDwRQjZ3phRrbAJgmQD:aafcE1xphdmQ
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Cosmu-10013266-0 Create hunting rule

Signature:	Win.Malware.Cosmu-10019841-0 Create hunting rule

Signature:	Win.Malware.Jaik-10022565-0 Create hunting rule

Signature:	Win.Worm.Cosmu-10018412-0 Create hunting rule

Signature:	Win.Worm.Memscan-6888029-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	INDICATOR_EXE_Packed_MPress Create hunting rule
Author:	ditekSHen
Description:	Detects executables built or packed with MPress PE compressor
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TeslaCryptPackedMalware Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-04-03 02:31:21 UTC Static: 3 Unpacker: 0 ClamAV: 5