NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 9d46bfdfabbf2df5b595c877aadb1e1ac6e2cf9f089e4eed3f30b06af84c1d94.

Scan Results

SHA256 hash: 9d46bfdfabbf2df5b595c877aadb1e1ac6e2cf9f089e4eed3f30b06af84c1d94
File size:3'317'652 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 420759fe15b5625475fc6709e692de32
SHA1 hash: 77e6b984d054f696f1b41563a0dd8f061de2fd65
SHA3-384 hash: 92399b4177ae9354125d556ac504de5c6866448e6f63d56f37bc9d5bf10710dcb562234d2c378b9e959e1376e555764e
First seen:2025-06-02 08:56:44 UTC
Last seen:Never
Sightings:1
imphash : 33742414196e45b8b306a928e178f844
Create hunting rule
ssdeep : 98304:u8Op8lJrOtTU4VUg6Xdp0Tsj+fnQunOx9rk:uU4XUjp0Tsj+fnbnOxd
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : aebc385c4ce0e8f8
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:82fb3a34-3f8f-11f0-9b97-42010aa4000b
File name:420759fe15b5625475fc6709e692de32
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Variant.Tedy.765711.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller. This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.