NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a3a3ea71f0e89c2ec4163c5b7029a5210675958f3b5f46ffc849ce0d9e0578da.

Scan Results

SHA256 hash: a3a3ea71f0e89c2ec4163c5b7029a5210675958f3b5f46ffc849ce0d9e0578da
File size:104'856 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 4083fcd8ec27e743dd40889c5bdc1cb6
SHA1 hash: 640baa8192b961bf15e71944f13b355cf485118e
SHA3-384 hash: 035d4d1a5c3602a6b5f30069b4e830b635193f90910373aeeac49df6f85c265c9bdf4a0f5f255f87e2fb09d9a6eb75c4
First seen:2024-09-07 17:52:50 UTC
Last seen:Never
Sightings:1
imphash : 9c8decf3582072f6edfc385a689f44f4
Create hunting rule
ssdeep : 3072:PWbQlkUxuTQRmHhJ9RJ7C1HRveJn1sjE9:O/RVC1HRGn1sjE9
TLSH :n/a
telfhash :n/a
gimphash :n/a
File icon (PE):PE icon
dhash icon : e8f0f0f8d471b2c8
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:ffe31821-6d41-11ef-b6ec-42010aa4000b
File name:4083fcd8ec27e743dd40889c5bdc1cb6
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Pebundle-13
Create hunting rule
Signature:PUA.Win.Packer.Pebundle-14
Create hunting rule
Signature:Win.Dropper.Bifrost-9996246-0
Create hunting rule
Signature:Win.Dropper.Refroso-9836943-0
Create hunting rule
Signature:Win.Dropper.Vobfus-9836928-0
Create hunting rule
Signature:Win.Dropper.Vobfus-9837384-0
Create hunting rule
Signature:Win.Trojan.Bifrose-17676
Create hunting rule
Signature:Win.Trojan.VB-1452
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:PEBundlev244
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:TeslaCryptPackedMalware
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.