NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash e62170d26be3dd3a6075b6e405b23733f4c12ad2e12789d0f7aa9f422b618fe3.

Scan Results

SHA256 hash: e62170d26be3dd3a6075b6e405b23733f4c12ad2e12789d0f7aa9f422b618fe3
File size:24'947'753 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: eccd33f564407a78a24388e70c539cb3
SHA1 hash: 6cb1a60686ba7b7218f6263a6e1b87bb0ccf8400
SHA3-384 hash: 3305b4fd8e396b949ddab1c7a1ce6c80f942215184b6abeeac7816e3f7af632458b45041623616cccf6a037321085ee4
First seen:2025-05-03 21:46:53 UTC
Last seen:Never
Sightings:1
imphash : 9ae3f7d4385fe5139b93b0b3b6f00964
Create hunting rule
ssdeep : 393216:pF6LEcO1O9RgVW9tQ7BpZttr0W2Z3h0fjNtHT/PZax+XpQyIq3rA6aAOzSZe/SoV:pKnOK99275tBl2mR5/PQx+ayIMrTaD20
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:27743a12-2868-11f0-81bc-42010aa4000b
File name:eccd33f564407a78a24388e70c539cb3
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Bero-6
Create hunting rule
Signature:PUA.Win.Packer.Beroexepacker-12
Create hunting rule
Signature:PUA.Win.Packer.Beroexepacker-2
Create hunting rule
Signature:PUA.Win.Packer.Beroexepacker-3
Create hunting rule
Signature:PUA.Win.Packer.Beroexepacker-7
Create hunting rule
Signature:Win.Malware.Barys-9939798-0
Create hunting rule
Signature:Win.Malware.Bkzf46lc-9854249-0
Create hunting rule
Signature:Win.Malware.Doina-9887686-0
Create hunting rule
Signature:Win.Malware.Fuerboos-9787209-0
Create hunting rule
Signature:Win.Malware.Vmprotect-9886096-0
Create hunting rule
Signature:Win.Malware.Vmprotect-9887795-0
Create hunting rule
Signature:Win.Packed.Doina-10016473-0
Create hunting rule
Signature:Win.Trojan.Agent-1097380
Create hunting rule
Signature:Win.Trojan.Zusy-10032811-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BeRoEXEPackerV100BeRo
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:BeRoEXEPackerv100LZMABeRoFarbrausch
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.