Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash bf1d2a2989e3bc52223ff1953dff10c81d47a53f29aa113bad7e6ec5acf45981.

Scan Results

SHA256 hash: bf1d2a2989e3bc52223ff1953dff10c81d47a53f29aa113bad7e6ec5acf45981
File size:1'545'092 bytes
File download: Original
MIME type:application/pdf
MD5 hash: f416427eed745236d8fae9db4db5639d
SHA1 hash: 3871e8193785de1bd3f02120b6e5fb3f5cf6da08
SHA3-384 hash: 991107ca933fe2893175e117073289308e2920041b378d4083360783dcea1e44c84d44d2600f3f3a5e2987c2440cc398
First seen:2025-07-03 09:21:50 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 24576:BuK2dG6jNn5G2FBQFXGqiWydJpmBdb88rC3rG8xqM5CVbUaZ7PXJy5EsZ:MKeNB6xivpmT882yeCJFZE9Z
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:269c6158-57ef-11f0-a223-42010aa4000b
File name:API_20250703InfoPOJuillet2025.pdf
Task parameters:ClamAV scan:True
Unpack:False
Share file:False

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BlackGuard_Rule
Create hunting rule
Author:Jiho Kim
Description:Yara rule for BlackGuarad Stealer v1.0 - v3.0
Reference:https://www.virustotal.com/gui/file/67843d45ba538eca29c63c3259d697f7e2ba84a3da941295b9207cdb01c85b71/detection
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.