NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash b1a64d246635097bf3c8e42502173295fc585ee096847cf6d1f59eca8e0b3782.

Scan Results

SHA256 hash: b1a64d246635097bf3c8e42502173295fc585ee096847cf6d1f59eca8e0b3782
File size:67'356 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: ecef7cd4a4b45d01f0ee1904ba7fb52d
SHA1 hash: 9d329f8e70a0bbd0b2527eb85c4a7d008cab758f
SHA3-384 hash: 3e1a27f94e03b01c56068ef315618f6bdfbd510d879c6924d39866ec4b308857b2fe255139b6380e342587037b887ab6
First seen:2025-04-03 02:32:15 UTC
Last seen:Never
Sightings:1
imphash : b6ad8e85304192a027658f6e227d5e36
Create hunting rule
ssdeep : 1536:zd9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZ/Hzd:zdseIO+EZEyFjEOFqTiQmRHzd
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:db7f8107-1033-11f0-b4a6-42010aa4000b
File name:ecef7cd4a4b45d01f0ee1904ba7fb52d
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Ulise-7170100-0
Create hunting rule
Signature:Win.Malware.Ulise-7170254-1
Create hunting rule
Signature:Win.Malware.Ulise-7170256-1
Create hunting rule
Signature:Win.Malware.Ulise-7170507-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_ENV_Folder_Root_File_Jan23_1
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects suspicious file path pointing to the root of a folder easily accessible via environment variables
Reference:Internal Research
TLP:TLP:WHITE
Rule name:classified
Author:classified
TLP :TLP:GREEN

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.