Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f44b00963b38789395de5b14e575904aecb965356e19be535fa6912df19eb5a9.

Scan Results


SHA256 hash: f44b00963b38789395de5b14e575904aecb965356e19be535fa6912df19eb5a9
File size:540'672 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: 8da670306c1ccdb040693ed6c62f1ab4
SHA1 hash: 78f888d512c09e02cb83802aa2543396a82ab26d
SHA3-384 hash: 7c78744d54c47fbd9446b4865963ff8fe7a54d48f582eee2c63892a4f0f4e1bf98470a8ac5f979d0bf664e962127898f
First seen:2025-04-05 22:34:49 UTC
Last seen:Never
Sightings:1
imphash : 1df8cb8522279878b0df9a32811e38ae
ssdeep : 6144:xBGlpQEQAMtqNUzC2qSEkJVnB+28F2aeQsl0:xBGlXsqUzCXuHPtg
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 1c9aa4baa2a2a000

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:2f43a932-126e-11f0-b4a6-42010aa4000b
File name:8da670306c1ccdb040693ed6c62f1ab4
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:MiscreantPunch.SingleXOR.EXE.12.UNOFFICIAL
Signature:MiscreantPunch.SingleXOR.EXE.67.UNOFFICIAL
Signature:Win.Malware.Daws-6827444-0
Signature:Win.Trojan.KillAV-47
Signature:Win.Trojan.Virut-190
Signature:Win.Trojan.Virut-192
Signature:Win.Trojan.Virut-381
Signature:Win.Trojan.Virut-383

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Disable_Defender
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:meth_stackstrings
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_MSDOS_Stub_Message
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_In_EXE
Author:Florian Roth (Nextron Systems)
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.