Task Information
Task ID: 2f43a932-126e-11f0-b4a6-42010aa4000b
File name: 8da670306c1ccdb040693ed6c62f1ab4
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: DebuggerCheck__API
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: Disable_Defender
Alert
Author: iam-py-test
Description: Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP: TLP:WHITE
Repository: MalwareBazaar
Rule name: Sus_Obf_Enc_Spoof_Hide_PE
Alert
Author: XiAnzheng
Description: Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP: TLP:WHITE
Repository: YARAify
Rule name: SUSP_XORed_MSDOS_Stub_Message
Alert
Author: Florian Roth
Description: Detects suspicious XORed MSDOS stub message
Reference: https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
TLP: TLP:WHITE
Repository: Neo23x0
Rule name: SUSP_XORed_URL_In_EXE
Alert
Author: Florian Roth (Nextron Systems)
Description: Detects an XORed URL in an executable
Reference: https://twitter.com/stvemillertime/status/1237035794973560834
TLP: TLP:WHITE
Repository: Neo23x0
Rule name: SUSP_XORed_URL_in_EXE_RID2E46
Alert
Author: Florian Roth
Description: Detects an XORed URL in an executable
Reference: https://twitter.com/stvemillertime/status/1237035794973560834
TLP: TLP:WHITE
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter