NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7c9950e0b94b9dce939577a564b5d1968e14be17cf3ec7988dfcb3a618d0405d.

Scan Results

SHA256 hash: 7c9950e0b94b9dce939577a564b5d1968e14be17cf3ec7988dfcb3a618d0405d
File size:6'141'049 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 40fbeb6f3f289d3a230673579ce99074
SHA1 hash: 81b19001a5a4c5b78dea0f82124f902e32cc7f3f
SHA3-384 hash: 6133dc8c4bdda6c14e22c3897ee66d328d9c8e1e89de48ba25532eb688995cc67092f3f63a46c84f48dd2925fb8ba359
First seen:2025-04-03 02:33:47 UTC
Last seen:Never
Sightings:1
imphash : f34d5f2d4577ed6d9ceec516c1f5a744
Create hunting rule
ssdeep : 98304:xyeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4e:xyeU11Rvqmu8TWKnF6N/1wR
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:12453a6b-1034-11f0-b4a6-42010aa4000b
File name:40fbeb6f3f289d3a230673579ce99074
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Packed.Basic-10013043-0
Create hunting rule
Signature:Win.Packed.Msilmamut-9987799-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DCRat
Create hunting rule
Author:Nikolaos 'n0t' Totosis
Description:DCRat Payload
TLP:TLP:WHITE
Repository:YARAify
Rule name:DCRat
Create hunting rule
Author:ditekSHen
Description:DCRat payload
TLP:TLP:WHITE
Repository:YARAify
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:TLP:WHITE
Repository:YARAify
Rule name:INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File
Create hunting rule
Author:ditekSHen
Description:Detects executables containing bas64 encoded gzip files
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
TLP:TLP:WHITE
Repository:YARAify
Rule name:MALWARE_Win_DCRat
Create hunting rule
Author:ditekSHen
Description:DCRat payload
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:Multifamily_RAT_Detection
Create hunting rule
Author:Lucas Acha (http://www.lukeacha.com)
Description:Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:pe_imphash
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.