Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ea0d91a60f527b9bd7275feeb5c7a9fd4f67b9806c1809fb22771c863e34dfbb.

Scan Results

SHA256 hash: ea0d91a60f527b9bd7275feeb5c7a9fd4f67b9806c1809fb22771c863e34dfbb
File size:50'176 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: ce5c49cd4d5090894c68c4332530d105
SHA1 hash: db2c1d2348b1d210b8ed5c8b97bac1f9d05ca0aa
SHA3-384 hash: b241c45440d17ec21a3d1d019e572ee503ddb084f414851decefb9977af08c80eaed06900b0b376f173010fb5f9f6df0
First seen:2025-08-24 22:18:49 UTC
Last seen:Never
Sightings:1
imphash : f34d5f2d4577ed6d9ceec516c1f5a744
Create hunting rule
ssdeep : 768:6ZztILg+kM+bihtelDSN+iV08Ybygee8tMizvEgK/JqDVc6KN:6ZP0htKDs4zb1atMiznkJqDVclN
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 0000000000000000
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:4f1bee6c-8138-11f0-8fb7-42010aa4000b
File name:ce5c49cd4d5090894c68c4332530d105
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Generickdz-9865912-0
Create hunting rule
Signature:Win.Malware.Zusy-10034587-0
Create hunting rule
Signature:Win.Trojan.DcRat-10039889-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AcRat
Create hunting rule
Author:Nikos 'n0t' Totosis
Description:AcRat Payload (based on AsyncRat)
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:dcrat
Create hunting rule
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:YARAify
Rule name:dcrat_kingrat
Create hunting rule
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:CAPE
Rule name:dcrat_rkp
Create hunting rule
Author:jeFF0Falltrades
Description:Detects DCRat payloads
TLP:TLP:WHITE
Repository:YARAify
Rule name:INDICATOR_SUSPICIOUS_EXE_B64_Artifacts
Create hunting rule
Author:ditekSHen
Description:Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_DcRatBy
Create hunting rule
Author:ditekSHen
Description:Detects executables containing the string DcRatBy
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice
Create hunting rule
Author:ditekSHen
Description:Detects executables attemping to enumerate video devices using WMI
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MAL_AsnycRAT
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:MAL_AsyncRAT_Config_Decryption
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Rule name:Mal_WIN_AsyncRat_RAT_PE
Create hunting rule
Author:Phatcharadol Thangplub
Description:Use to detect AsyncRAT implant.
TLP:TLP:WHITE
Repository:YARAify
Rule name:Multifamily_RAT_Detection
Create hunting rule
Author:Lucas Acha (http://www.lukeacha.com)
Description:Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Njrat
Create hunting rule
Author:botherder https://github.com/botherder
Description:Njrat
TLP:TLP:WHITE
Repository:
Rule name:pe_imphash
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_DOTNET_PE_List_AV
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detecs .NET Binary that lists installed AVs
TLP:TLP:WHITE
Rule name:win_asyncrat_unobfuscated
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects strings present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:Windows_Generic_Threat_ce98c4bc
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_DCRat_1aeea1ac
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.