Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash b859b1e5cf5b32f96d07b4a06786fff6f14b578e8b2b336cd563f3f8796b5fbf.

Scan Results

SHA256 hash: b859b1e5cf5b32f96d07b4a06786fff6f14b578e8b2b336cd563f3f8796b5fbf
File size:1'634'304 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: cf622fc88b2422c69bc98f1d8ef52e0c
SHA1 hash: 39dd68a882b73ec51b1842df944c9b3304c80e18
SHA3-384 hash: 727e529181fb77d9b39da5e67b86d2d648a7e7d6cebe0453378bb4fd063e0c267961749297ef655ac6270ba2806d7eaf
First seen:2025-08-24 22:20:26 UTC
Last seen:Never
Sightings:1
imphash : 44f82d80b2ee6785b3f49bb192807d50
Create hunting rule
ssdeep : 12288:309V/ai0FKHVI7XHgZQKhJgeCmPMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:kNaiJHiLHgZpJE7SkQ/7Gb8NLEbeZ
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 7007070733313147
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:894350ca-8138-11f0-8fb7-42010aa4000b
File name:cf622fc88b2422c69bc98f1d8ef52e0c
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Win32.Expiro-1.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Win32.Expiro-2.UNOFFICIAL
Create hunting rule
Signature:Win.Trojan.Filerepmalware-10008115-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
TLP:TLP:WHITE
Repository:
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.