Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ceee60425d346e660355d0ebdcba25e5816783ed11c0f2c3845c236dc7db4398.

Scan Results


SHA256 hash: ceee60425d346e660355d0ebdcba25e5816783ed11c0f2c3845c236dc7db4398
File size:385'024 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: a3afb8dbd08216f9a70f61fb6976710b
SHA1 hash: 0e1c664856739c2c6b321b07d2baecfa657ebe3a
SHA3-384 hash: 73862c16184c0abaa8e5290100e047302e7210bd5f9fa7ae5eaa0a7cc3088b9a17f23d74b2ce2cdc18748967bad293ab
First seen:2025-08-24 22:19:35 UTC
Last seen:Never
Sightings:1
imphash : 0e49cd686b5068794160ae9dd90b6a83
ssdeep : 6144:8V4scrKFh7BgBKh1G+4WmQiaTA4bq0exX7M5exekH4eFP:8A2Fh7BgEh1J4WmQiaTA4z07aaeM4
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:6ab1d36c-8138-11f0-8fb7-42010aa4000b
File name:400000.DropboxUpdate.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Zusy-9953040-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BobSoftMiniDelphiBoBBobSoft
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Borland
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Check_OutputDebugStringA_iat
TLP:TLP:WHITE
Repository:
Rule name:CP_AllMal_Detector
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
Reference:classified
TLP :TLP:AMBER
Rule name:pe_detect_tls_callbacks
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:RANSOMWARE
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:shellcode
Author:nex
Description:Matched shellcode byte patterns
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:ThreadControl__Context
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.