Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash e70f2f9a957a1010d524b0c9f6cbdb2d84cf6798e5930cf3f78a5fe396180f99.

Scan Results

SHA256 hash: e70f2f9a957a1010d524b0c9f6cbdb2d84cf6798e5930cf3f78a5fe396180f99
File size:305'008 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 1c8773f6a1064373dfda73f58e67b378
SHA1 hash: 45f293d783a1bbbebed3bcaa37f51f917bfee683
SHA3-384 hash: 17bdb8eb808100a3d9dea1f50fe5358dbd2a38ac856fd1f6c44d9012e1bcf0ffe90917e65e144ad526e34eac17187fbf
First seen:2025-08-24 22:21:58 UTC
Last seen:Never
Sightings:1
imphash : feecd0517aa4ebd19bba49c5d262ac39
Create hunting rule
ssdeep : 6144:AFi/BbhvsnCnAq1uoIEhODSNBsk3wiKf6Dp8e:Ei/BtvsnCnzvhhNBskgiKf6Dp8e
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 89da9a38cdcec6b5
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:c033ab74-8138-11f0-8fb7-42010aa4000b
File name:1c8773f6a1064373dfda73f58e67b378
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Adware.Multiplug-60223
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_Mozilla_Oct19
Create hunting rule
Author:Florian Roth
Description:Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_Mozilla_RID2DB4
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
TLP:TLP:WHITE
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.