YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 98bbb357fdb3f7806dd19395f00a864bd9078f97b559ccc558e4bb7126fa7792.
Scan Results
| SHA256 hash: | 98bbb357fdb3f7806dd19395f00a864bd9078f97b559ccc558e4bb7126fa7792 | |
|---|---|---|
| File size: | 234'141 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | d56fee199efef187085baa8def7a7f5b | |
| SHA1 hash: | ee31b6688da01eccb6e734f72bfc57f9c6cfe087 | |
| SHA3-384 hash: | 128696dde1b584ed342c9c4dcbcca4f0740d92d60c0a738fc47957790b206c86163199060685cf1bfb77680cb6071de1 | |
| First seen: | 2024-11-04 20:29:11 UTC | |
| Last seen: | 2024-11-04 20:29:12 UTC | |
| Sightings: | 2 | |
| imphash : | 416cfeb811d2cf314224d56c57c16305 | |
| ssdeep : | 3072:k1t8zvD+SX0YqUGe6vGKBT42FiVXCX7/zHoq6tT+hLCjFj/G0615coL/Q7N:k4D1cNGqTBFEXCLzHWtqhLsLW8+/Q7N | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 73ac077f-9aeb-11ef-b6ec-42010aa4000b | |
|---|---|---|
| File name: | 400000.lssas.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.PEtite-2 |
|---|
| Signature: | PUA.Win.Packer.Petite-30 |
|---|
| Signature: | PUA.Win.Packer.Rlpack-5 |
|---|
| Signature: | PUA.Win.Packer.Rlpack-63 |
|---|
| Signature: | Win.Exploit.DCOM-5 |
|---|
| Signature: | Win.Exploit.Shellcode-13 |
|---|
| Signature: | Win.Trojan.Small-4573 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | INDICATOR_EXE_Packed_RLPack |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables packed with RLPACK |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | Linux_Trojan_Sdbot_98628ea1 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | pe_detect_tls_callbacks |
|---|---|
| Author: | |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Petite14 |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RANSOMWARE |
|---|---|
| Author: | ToroGuitar |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | 7403ce63-9aeb-11ef-b6ec-42010aa4000b | |
|---|---|---|
| File name: | 400000.lssas.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.PEtite-2 |
|---|
| Signature: | PUA.Win.Packer.Petite-30 |
|---|
| Signature: | PUA.Win.Packer.Rlpack-5 |
|---|
| Signature: | PUA.Win.Packer.Rlpack-63 |
|---|
| Signature: | Win.Exploit.DCOM-5 |
|---|
| Signature: | Win.Exploit.Shellcode-13 |
|---|
| Signature: | Win.Trojan.Small-4573 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | INDICATOR_EXE_Packed_RLPack |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables packed with RLPACK |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | Linux_Trojan_Sdbot_98628ea1 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | pe_detect_tls_callbacks |
|---|---|
| Author: | |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Petite14 |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RANSOMWARE |
|---|---|
| Author: | ToroGuitar |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter