YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 9cc0a02317d7ffc405818eeabbef56118ac4a27d867e6818cc5a643dd80d52b8.

SHA256 hash:	9cc0a02317d7ffc405818eeabbef56118ac4a27d867e6818cc5a643dd80d52b8
File size:	745'472 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	7415b0f8bfb38eba45ca6f70c750b137
SHA1 hash:	96c13346f37b29da9757f5265634d568c4e95377
SHA3-384 hash:	ebba7e0e17fe8eac4422b6704da4ea52fffa7feeb171adc4d456d8c6f7f4b0c398be8611f38a5055877c8825a874d211
First seen:	2025-07-03 09:21:31 UTC
Last seen:	Never
Sightings:	1
imphash :	9359562ed14a4ae6cd1b155989ded1e3 Create hunting rule
ssdeep :	12288:ZmWkgEAoD/BZ63rjukhhpUSgimWhND9yJz+b1FcMLmp2ATTSsd:ZmxgFoDpZ63nuohpUNimUNJyJqb1FcMo
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Fragtor-10015653-0 Create hunting rule

Signature:	Win.Trojan.Generic-6323528-0 Create hunting rule

Signature:	Win.Trojan.Shiz-10036062-0 Create hunting rule

Signature:	Win.Trojan.Shiz-9949267-0 Create hunting rule

Signature:	Win.Trojan.Simda-10002732-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	Check_FindWindowA_iat Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Indicator_MiniDumpWriteDump Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
TLP:	TLP:WHITE

Rule name:	MALWARE_Win_Simda Create hunting rule
Author:	ditekShen
Description:	Detects Simda / Shifu infostealer
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques
TLP:	TLP:WHITE
Repository:

Rule name:	win_simda_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.simda.
TLP:	TLP:WHITE
Repository:	Malpedia

Rule name:	Windows_Trojan_Zeus_e51c60d7 Create hunting rule
Author:	Elastic Security
Description:	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.
Reference:	https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects
TLP:	TLP:WHITE
Repository:	elastic

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-07-03 09:21:31 UTC Static: 14 Unpacker: 0 ClamAV: 5