YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 93d087d0bc72a1751987d845d5e1598f61bd40c7a88033d2f8040f6b7d56f826.

SHA256 hash:	93d087d0bc72a1751987d845d5e1598f61bd40c7a88033d2f8040f6b7d56f826
File size:	10'113'758 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	0ed7f27514c907c63bcfebcfdb278659
SHA1 hash:	6b31ba66cc1bf92def9ed8632b65c270f59653b3
SHA3-384 hash:	cf7b2f1e47d2e3d388bb1a916b04f12e2f23666b22ae2d862490e6db40318a24273f9320c5baa9f9d6c32bb7bf1dea37
First seen:	2025-08-24 22:21:08 UTC
Last seen:	Never
Sightings:	1
imphash :	4df53bd003649a29bd17ccb0331842a0 Create hunting rule
ssdeep :	196608:5bTNCWH+CZyI9YkaLarfW42p+8eZJ1bE72Dq:xMWH+CZ0OrfWFp+8IVE7Cq
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	botnet_plaintext_c2 Create hunting rule
Author:	cip
Description:	Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Check_OutputDebugStringA_iat Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Mimikatz_Generic Create hunting rule
Author:	Still
Description:	attempts to match all variants of Mimikatz
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-08-24 22:21:08 UTC Static: 16 Unpacker: 0 ClamAV: 0