NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 867d53d80d82b5bc7210c6063930f87fd1470dce4cb27b6d21e3fad5f09fc12d.

Scan Results

SHA256 hash: 867d53d80d82b5bc7210c6063930f87fd1470dce4cb27b6d21e3fad5f09fc12d
File size:5'300'224 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: a052b4398414639db9e60699696eb2ca
SHA1 hash: 643bac43592d8f786ae7a08af22c0f64603fc6f3
SHA3-384 hash: cee9b8b78d166e0e141f557d317b6c5464600c498f09ccc6387fc9ed4923249f517d4dab60dec8ae53c8b07e3e5d97c7
First seen:2022-11-05 16:50:23 UTC
Last seen:Never
Sightings:1
imphash : 70eac5df65e81d982b7d992334885161
Create hunting rule
ssdeep : 49152:PrSfac9E2wm6cluBuPOPO354U0HK5sUF3u9t1uq5wHIF55zs:pcS2T6cluBuPOPO354vHaoua/5s
TLSH : T112363A13E640E01EF4B282B0ED7656ED29197D321E60A94FB3803E592571BD3FDA472B
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:f0c51e00-5d29-11ed-81b2-42010aa4000b
File name:a052b4398414639db9e60699696eb2ca
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.InstallSystem-1
Create hunting rule
Signature:PUA.Win.Packer.NullsoftInstall-6
Create hunting rule
Signature:PUA.Win.Packer.NullsoftInstallSystem-1
Create hunting rule
Signature:Win.Malware.Winspy-9770467-0
Create hunting rule
Signature:Win.Malware.Winspy-9944379-0
Create hunting rule
Signature:Win.Malware.Winspy-9944380-0
Create hunting rule
Signature:Win.Malware.Winspy-9957227-0
Create hunting rule
Signature:Win.Malware.Winspy-9975641-0
Create hunting rule
Signature:Win.Spyware.Winspy-9772503-0
Create hunting rule
Signature:Win.Trojan.Dentenspy-1
Create hunting rule
Signature:Win.Trojan.Dentenspy-2
Create hunting rule
Signature:Win.Trojan.Keylogger-111
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:QbotStuff
Create hunting rule
Author:anonymous
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
TLP:TLP:WHITE
Rule name:without_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any url
Reference:http://laboratorio.blogs.hispasec.com/
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.