Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash dae0a00ebb1dffdb0f6887d15ef0cf4b460c7b976384bc6070ba9a43bca1e7a8.

Scan Results

SHA256 hash: dae0a00ebb1dffdb0f6887d15ef0cf4b460c7b976384bc6070ba9a43bca1e7a8
File size:581'632 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 77ca609540abd5f741ba0e19230bf69f
SHA1 hash: 633db027b30d621fb04835aeb8cb0e78407c8aa4
SHA3-384 hash: 8d866ce5bebd7d6799e0e787cc3d43b0844bf76774f6d0c1c7a0f9f26f9d38bf33b23745fdc799afb598587edaf34977
First seen:2025-07-03 09:21:58 UTC
Last seen:Never
Sightings:1
imphash : 857403658d99132e851333dbe69924c9
Create hunting rule
ssdeep : 12288:FvD9rSO9W8E6lRiCc5j9Q87EspehkDQgU/Sa9C:FvRrSOkeRiCc5j9gspEkDnU/SaI
TLSH : T163C49D11FB8DA371E9F224F525AD363718BD9934076241C7A2804FDE5A285E0AF3D39B
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:2b90a74b-57ef-11f0-a223-42010aa4000b
File name:73b00000.kernel32.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerHiding__Active
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:dgaagas
Create hunting rule
Author:Harshit
Description:Uses certutil.exe to download a file named test.txt
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
TLP:TLP:WHITE
Repository:
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.