NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash dc6358fb082b7a5084b5852eeee7d6bbfa91ac76d899849560454e1e3671c17b.

Scan Results

SHA256 hash: dc6358fb082b7a5084b5852eeee7d6bbfa91ac76d899849560454e1e3671c17b
File size:6'777'849 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: 4ed4e68583cb762dce4e78d1c20f5a70
SHA1 hash: bc09535cd3cb777388d9e719d156cd351f287381
SHA3-384 hash: e23e94444ab82783f2cf25acd15668a02ce3639b0c85735cd1e34fbe3e30d407a87ae8ee2c8bbeb1f6f74866bf79ba65
First seen:2025-04-03 02:32:32 UTC
Last seen:Never
Sightings:1
imphash : 33ceabb252f101934e7557a4a008c255
Create hunting rule
ssdeep : 49152:3rSTfwpxWrI12WK+I5IlmVgststlejzpLkuJDx7CnZoXJI9OpIJg0y1lfRTc1D1a:35b2j4TPippe9OmJATc1FiRUG29Ea+V
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 31b229439374b40b
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:e59e1bd6-1033-11f0-b4a6-42010aa4000b
File name:4ed4e68583cb762dce4e78d1c20f5a70
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
TLP:TLP:WHITE
Repository:YARAify
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
TLP:TLP:WHITE
Repository:
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
TLP:TLP:WHITE
Repository:
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
TLP:TLP:WHITE
Repository:YARAify
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.