NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 867dfc23ebe345ec4dfd787976dc563bad1fe9d0b2109bb5465c4f9597ec3682.

Scan Results

SHA256 hash: 867dfc23ebe345ec4dfd787976dc563bad1fe9d0b2109bb5465c4f9597ec3682
File size:9'235'199 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: c079734b6f4b3a70ca75b8c0254ad0dd
SHA1 hash: 2f7ff0532ebd051cab294360b571685ad4022cab
SHA3-384 hash: 0bd1b3baa8b6506017be8f0625c550e2d55e4467c56a977cbc52b1261d7c60f4774eb8003bf442cf4ba99349d8d3fa30
First seen:2022-05-27 17:58:26 UTC
Last seen:Never
Sightings:1
imphash : b10d16eedb1085ef7262dfc4ab03be6f
Create hunting rule
ssdeep : 98304:TGltrQ0JdXN0B7+sxsRXhyVPKAbk5yhLMj/DOyLIlsX7K6:0hdAK+MPOnm
TLSH : T196969D1277A8C175C1FAC27499B6C70AF2757C240F30A7DBA294765E1E33AD14A3A723
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:9b9695b7-dde6-11ec-8d57-42010aa4000b
File name:c079734b6f4b3a70ca75b8c0254ad0dd
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Upx-4
Create hunting rule
Signature:Win.Dropper.Ausiv-9876967-0
Create hunting rule
Signature:Win.Malware.Genpack-9875828-0
Create hunting rule
Signature:Win.Malware.Genpack-9875934-0
Create hunting rule
Signature:Win.Malware.Genpack-9879226-0
Create hunting rule
Signature:Win.Malware.Genpack-9881278-0
Create hunting rule
Signature:Win.Malware.Sivis-9908038-0
Create hunting rule
Signature:Win.Malware.Zusy-9875693-0
Create hunting rule
Signature:Win.Trojan.Hijacker-9908040-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/
TLP:TLP:WHITE
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.