NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 996a2a73a2f088617167ef89b91c0a72ecb79ca61e5e3a02217a329a41497618.

Scan Results

SHA256 hash: 996a2a73a2f088617167ef89b91c0a72ecb79ca61e5e3a02217a329a41497618
File size:3'833'345 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 2a380a826deb90a806f7b6b99c5a2fd2
SHA1 hash: ebddb46559bae410e2be66dfa74cdc3ef6384239
SHA3-384 hash: 1d06413e195c0765177e8f26359e8513fb5cbd88947b449eeee0364193ab0f39d9bb346614b96d165d08f460d7b84884
First seen:2025-02-08 17:46:12 UTC
Last seen:Never
Sightings:1
imphash : 7fa974366048f9c551ef45714595665e
Create hunting rule
ssdeep : 98304:11FPdjVTtqBEJQxGUvWYHpTYV9brKMIaYE:1zPhqBEiMUeYJTYjbrdIaj
TLSH :n/a
telfhash :n/a
gimphash :n/a
File icon (PE):PE icon
dhash icon : 7862f28c66c66ed4
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:9626f55f-e644-11ef-86ef-42010aa4000b
File name:2a380a826deb90a806f7b6b99c5a2fd2
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Adware.Popuper-6888135-0
Create hunting rule
Signature:PUA.Win.Packer.Embedpe-3
Create hunting rule
Signature:PUA.Win.Packer.PowerbasicWin-1
Create hunting rule
Signature:SecuriteInfo.com.BackDoor.Shark.R.18884.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Downloader.Purityscan.Y.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.W32.Heuristic-COC.52.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.W32.Virut.D.gen.Eldorado.6045.27086.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Win32.Yabector.16951.10013.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Detect_SliverFox_String
Create hunting rule
Author:huoji
Description:Detect files is `SliverFox` malware
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.