Task Information
Task ID: 0ac8af11-1034-11f0-b4a6-42010aa4000b
File name: 400000.dotnet.exe
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: BLOWFISH_Constants
Alert
Author: phoul (@phoul)
Description: Look for Blowfish constants
TLP: TLP:WHITE
Repository:
Rule name: Borland
Alert
Author: malware-lu
TLP: TLP:WHITE
Repository:
Rule name: DebuggerCheck__API
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerCheck__QueryInfo
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerHiding__Thread
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: detect_powershell
Alert
Author: daniyyell
Description: Detects suspicious PowerShell activity related to malware execution
TLP: TLP:WHITE
Repository: YARAify
Rule name: Detect_PowerShell_Obfuscation
Alert
Author: daniyyell
Description: Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP: TLP:WHITE
Repository: YARAify
Rule name: Disable_Defender
Alert
Author: iam-py-test
Description: Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP: TLP:WHITE
Repository: MalwareBazaar
Rule name: EnigmaStub
Alert
Author: @bartblaze
Description: Identifies Enigma packer stub.
TLP: TLP:WHITE
Repository: bartblaze
Rule name: MD5_Constants
Alert
Author: phoul (@phoul)
Description: Look for MD5 constants
TLP: TLP:WHITE
Repository:
Rule name: NET
Alert
Author: malware-lu
TLP: TLP:WHITE
Repository:
Rule name: RIPEMD160_Constants
Alert
Author: phoul (@phoul)
Description: Look for RIPEMD-160 constants
TLP: TLP:WHITE
Repository:
Rule name: SHA1_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA1 constants
TLP: TLP:WHITE
Repository:
Rule name: SHA512_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA384/SHA512 constants
TLP: TLP:WHITE
Repository:
Rule name: Sus_Obf_Enc_Spoof_Hide_PE
Alert
Author: XiAnzheng
Description: Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP: TLP:WHITE
Repository: YARAify
Rule name: test_Malaysia
Alert
Author: rectifyq
Description: Detects file containing malaysia string
TLP: TLP:WHITE
Repository: YARAify
Rule name: ThreadControl__Context
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: vmdetect
Alert
Author: nex
Description: Possibly employs anti-virtualization techniques
TLP: TLP:WHITE
Repository:
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter