YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash e4e101c19b689381c44c70c5357c2a1ae4662b4b2533f544af6241e8887f1dab.
Scan Results
| SHA256 hash: | e4e101c19b689381c44c70c5357c2a1ae4662b4b2533f544af6241e8887f1dab | |
|---|---|---|
| File size: | 196'096 bytes | |
| File download: | Original Unpacked | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | f85b18ff8b5284160f60fccc20d7d369 | |
| SHA1 hash: | 3fc8adceb89599cb42835f802c23bfd6023974b1 | |
| SHA3-384 hash: | 7c76b6a7f54e2bfda1c2e4db99acce01262549ba9ecf05a77d172bb7326841abd55c71950ff9203a8524967865db4efc | |
| First seen: | 2022-12-01 19:25:48 UTC | |
| Last seen: | 2022-12-02 06:54:51 UTC | |
| Sightings: | 2 | |
| imphash : | f13a8a84e5020c3ac98ddd7a1d3766bb | |
| ssdeep : | 3072:GkEzGIzO/Tc52XPme6hHQXBi0dHrTS+5DAbEaMbAuX:qDO/BM+XrdHr5+EaMbAuX | |
| TLSH : | T1D514D0263B90F432C0AB4A305829E7647F7ABD3214B6598F77182A6E5F313D1663731B | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| File icon (PE): |  | |
| dhash icon : | 9a9acedecee6eeee | |
Tasks
There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 385e75b4-720e-11ed-b924-42010aa4000b | |
|---|---|---|
| File name: | f85b18ff8b5284160f60fccc20d7d369 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.Trojan.Siggen19.16369.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | pdb_YARAify |
|---|---|
| Author: | @wowabiy314 |
| Description: | PDB |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | f5bdf3c1-71ad-11ed-b924-42010aa4000b | |
|---|---|---|
| File name: | e4e101c19b689381c44c70c5357c2a1ae4662b4b2533f544af6241e8887f1dab | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.Trojan.Siggen19.16369.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | pdb_YARAify |
|---|---|
| Author: | @wowabiy314 |
| Description: | PDB |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
| Rule name: | malware_shellcode_hash |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | detect shellcode api hash value |
| TLP : | TLP:WHITE |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP : | TLP:WHITE |
| Rule name: | classified |
|---|---|
| Author: | classified |
| TLP : | TLP:AMBER |
| Rule name: | Windows_Trojan_RedLineStealer_ed346e4c |
|---|---|
| Author: | Elastic Security |
| TLP : | TLP:WHITE |
| Rule name: | Windows_Trojan_Smokeloader_3687686f |
|---|---|
| Author: | Elastic Security |
| TLP : | TLP:WHITE |
Unpacked Files
The following files could be unpacked from this sample.
| File name | 2859000.shc |
|---|---|
| MD5 hash: | 9fb7f55b83abca7c2725d22daa8aeb15 |
| SHA256 hash: | 82a0d231656cb9a5172ad46f1954620c111a20072a3cf693372f5f02b0474ad5 |
| File size: | 69'632 bytes |
| File type: | application/octet-stream |
| YARA matches: | 4 |
| File name | 409000.shc |
|---|---|
| MD5 hash: | b43dd4b86423d7e08c2887add9ac2e46 |
| SHA256 hash: | fa242234f1d49741266236f4ae3f74948318861a9a3f61714a5b424953d2188c |
| File size: | 53'248 bytes |
| File type: | application/octet-stream |
| YARA matches: | 0 |
| File name | 400000.d6242480-c555-4e3d-8de4-c9cb8372cc21.exe |
|---|---|
| MD5 hash: | 75f7100f3ef8565e978bd7a590c7da20 |
| SHA256 hash: | bf2a5d47ae27822fb25193e1c260d99f5c364d159a36d56b7ca50a88d6cc89be |
| File size: | 34'225 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 1 |
| File name | 30e67.exe |
|---|---|
| MD5 hash: | 2ab605f96b7a837271c9b11c4afc10bd |
| SHA256 hash: | 23e24ed83eab4e28e1cbc356bcf91851a6b05e89a036a8ce1f07d7ee1e58a190 |
| File size: | 33'177 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 1 |
| File name | 30000.shc |
|---|---|
| MD5 hash: | a0e231d1db618cf924a3e9c778867b84 |
| SHA256 hash: | af8aa11288e0fceb784453d4d275fc929d11cd439d1760a33e272880ea33a6b2 |
| File size: | 36'864 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 2 |