YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash f19c4baf47b4bcda55984c87d52ccb49de7c43868911ffcdb0b5d8b95f9fddab.
Scan Results
| SHA256 hash: | f19c4baf47b4bcda55984c87d52ccb49de7c43868911ffcdb0b5d8b95f9fddab | |
|---|---|---|
| File size: | 275'456 bytes | |
| File download: | Original Unpacked | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 731e03a4ab8dc6f2b0f988cde1ca6d5b | |
| SHA1 hash: | 36e556505ef2cdca3523ab689efc81f5e194f32e | |
| SHA3-384 hash: | 44edf6493fd42dd6fa87c1f8e1827b58883bd011b68b7076441e8bf4dbaf0b550754865c60dcb131a4ef1c1ce13ebf0d | |
| First seen: | 2023-08-23 00:01:15 UTC | |
| Last seen: | 2023-08-23 09:08:07 UTC | |
| Sightings: | 2 | |
| imphash : | 7831681cfaac902b188c7abe2982ed1a | |
| ssdeep : | 3072:KJOkg+u2C+DwqRNRG7m3LPUYeszxYI/yGAM0KI8rQUenhY:6A2+qXOcPU+z5KGHrQHh | |
| TLSH : | T16F44BF22A3D5A472F51346318E66C3F5AB2FF8614FA56ACB23945B3F0E705E1CA76301 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| File icon (PE): |  | |
| dhash icon : | 70d0ccd0d4d9c2dd | |
Tasks
There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 933a30d3-4194-11ee-8ddc-42010aa4000b | |
|---|---|---|
| File name: | 731e03a4ab8dc6f2b0f988cde1ca6d5b | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | 2dd69646-4148-11ee-8ddc-42010aa4000b | |
|---|---|---|
| File name: | yzofhqbexl62.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
| Rule name: | DebuggerHiding__Thread |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP : | TLP:WHITE |
| Rule name: | MALWARE_Win_Grum |
|---|---|
| Author: | ditekSHen |
| Description: | Detect Grum spam bot |
| TLP : | TLP:WHITE |
| Rule name: | MALWARE_Win_Tofsee |
|---|---|
| Author: | ditekSHen |
| Description: | Detects Tofsee |
| TLP : | TLP:WHITE |
| Rule name: | shellcode |
|---|---|
| Author: | nex |
| Description: | Matched shellcode byte patterns |
| TLP : | TLP:WHITE |
| Rule name: | ThreadControl__Context |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP : | TLP:WHITE |
| Rule name: | tofsee_yhub |
|---|---|
| Author: | Billy Austin |
| Description: | Detects Tofsee botnet, also known as Gheg |
| TLP : | TLP:WHITE |
| Rule name: | win_tofsee |
|---|---|
| Author: | akrasuski1 |
| Description: | Tofsee malware |
| Reference: | https://www.bitsight.com/blog/tofsee-botnet-proxying-and-mining |
| TLP : | TLP:WHITE |
| Rule name: | win_tofsee_bot |
|---|---|
| Author: | akrasuski1 |
| Description: | Tofsee malware |
| TLP : | TLP:WHITE |
| Rule name: | win_tofsee_w0 |
|---|---|
| Author: | akrasuski1 |
| TLP : | TLP:WHITE |
| Rule name: | Windows_Trojan_Tofsee_26124fe4 |
|---|---|
| Author: | Elastic Security |
| TLP : | TLP:WHITE |
| Rule name: | yara_template |
|---|---|
| TLP : | TLP:WHITE |
Unpacked Files
The following files could be unpacked from this sample.
| File name | 1e0e67.exe |
|---|---|
| MD5 hash: | bc3df2e7e533504f017a5fcb4771922f |
| SHA256 hash: | 9a5a2984a7cdab154f7764e9bf00ff8893b4be638a8553c6b26e252afac6507d |
| File size: | 74'137 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 11 |
| File name | 400000.32d44bed-0e05-4a15-b8db-34bd440ecccf.exe |
|---|---|
| MD5 hash: | 38d383f2139635268051835175389f8d |
| SHA256 hash: | b843655b33b75bb4be2062485ace9c6a9d5cf1164296dc3e898c9ea08b493d96 |
| File size: | 86'016 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 0 |
| File name | 415000.shc |
|---|---|
| MD5 hash: | 683edac4d37f5f59025e1baa25c481cb |
| SHA256 hash: | 1506b0be7b0d58fb0dab82de388ab2a45fd27478e4b3054f5877a00aad6c864e |
| File size: | 73'728 bytes |
| File type: | application/octet-stream |
| YARA matches: | 0 |
| File name | 1e0000.shc |
|---|---|
| MD5 hash: | a97775ea52597352ae350143edb3ade5 |
| SHA256 hash: | 8d8ef5f0f2b23af6d6b5621158080f1bbd24e16f5ecf1c69b42e2befea2974e8 |
| File size: | 77'824 bytes |
| File type: | application/x-dosexec |
| YARA matches: | 0 |
| File name | 453b000.shc |
|---|---|
| MD5 hash: | 7ac9bbbfbd351813478c0d6f4a1d661d |
| SHA256 hash: | 6661ee01c261c9bd69ba70d44c694c5e5199e4aac9731cfefff6306526fc8fc2 |
| File size: | 77'824 bytes |
| File type: | application/octet-stream |
| YARA matches: | 0 |