Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash e56499646ad0388d4a3d16a691a5315a7f33f0ff12045a077c85a8ae4e45e894.

Scan Results

SHA256 hash: e56499646ad0388d4a3d16a691a5315a7f33f0ff12045a077c85a8ae4e45e894
File size:81'920 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 9930fa1f26ca025427b34a5e269857bb
SHA1 hash: 2fc603a45bae4682d705013f5ea7e9faa3fe142d
SHA3-384 hash: 1297702ef0f2f650206f78ad55a919acbe3896651f2a745bfe4e1e2f5f11c1524d5acc6171875a4e63072e68336dc1c4
First seen:2025-08-24 22:17:02 UTC
Last seen:Never
Sightings:1
imphash : c1246ca9ec291149221a5cbc329bf1a2
Create hunting rule
ssdeep : 768:eLxqBt1sJw5pVNUP1/kvtbWcpmCKXLak3QIXjLZJ2bXfqQKMq+gjTAfu/MB8QKpR:Bteq0QIXJJyXEv/MBK6vxOl1Rw
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:0f9e1c22-8138-11f0-8fb7-42010aa4000b
File name:400000.evtitut.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.DownLoad.24167.10757.5659.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Trojan.MulDrop3.39307.UNOFFICIAL
Create hunting rule
Signature:Win.Trojan.Pincav-10022872-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_URL_In_EXE
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.