Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a464d3cd14ab929a003d97ef0a88beab5e8f1a7879c713d970981f51b4c1be48.

Scan Results


SHA256 hash: a464d3cd14ab929a003d97ef0a88beab5e8f1a7879c713d970981f51b4c1be48
File size:167'936 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 9c8677f54cca8a76a82bd5220d893ed4
SHA1 hash: c9879d4a63dd18b88a3ca5aea5c570862e737754
SHA3-384 hash: 535690f6bd02a21ee0fc65cb89ee369248ac96d86cbf8e7c973fc0c4e731485567d223ca409d83934fea9ad66cac4ada
First seen:2025-08-24 22:21:45 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 1536:8BFhiYZLdAW/CiO7zO2/v7GVpOBDSMLj2S0W30Pcl+Xf658DoySp/4m:8BP7UW+vy0BLCIof65UoTp
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 818da080a0a0a0a2

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:b7deaa49-8138-11f0-8fb7-42010aa4000b
File name:850000.huter.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Urelas-6717394-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.