Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f8e15bb23e2f5a3a6e3fb9163208be9ae4cc8341bf5d3c773b4136200553359b.

Scan Results


SHA256 hash: f8e15bb23e2f5a3a6e3fb9163208be9ae4cc8341bf5d3c773b4136200553359b
File size:4'124'714 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: b65aed37d637e4be437ef7867275285d
SHA1 hash: e98dabf956f0f817516d78b7e57d6c51305057c9
SHA3-384 hash: 58177eafbc99bbfbefc67efb59b5e0ab598037613ce6206b4e03f8fa0338e6ba011ebef1fbd079d9f590625f45eefaf8
First seen:2025-08-24 22:22:20 UTC
Last seen:Never
Sightings:1
imphash : efd4f1f56cbf759f91b14e0b36b549c1
ssdeep : 49152:WvxNvxCzSNRPLHkJEwv9Mdv9M64JPLc8xmN3Aek03noj45wlDTnEp6P:c3NTDs9M9QjceUJF3noxDwpW
TLSH : T13016F60BEE9C8C71D05F3D314D65E3DC5269BD2189126A472ED43E8DEAB1FD07A2C226
telfhash :n/a
gimphash :n/a
dhash icon : 0070b0dae0a0a4a4

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:cd604e64-8138-11f0-8fb7-42010aa4000b
File name:b65aed37d637e4be437ef7867275285d
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Aspack-29
Signature:PUA.Win.Packer.Aspack-30
Signature:PUA.Win.Packer.Asprotect-3
Signature:SecuriteInfo.com.Malware.PDB-281.UNOFFICIAL
Signature:Win.Dropper.Ipamor-9886396-0
Signature:Win.Malware.Bulz-9885565-0
Signature:Win.Malware.Generic-10029011-0
Signature:Win.Trojan.Bulz-9865941-0
Signature:Win.Trojan.Generic-9950561-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BitcoinAddress
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:CP_AllMal_Detector
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Detect_PowerShell_Obfuscation
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:Indicator_MiniDumpWriteDump
Author:Obscurity Labs LLC
Description:Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
TLP:TLP:WHITE
Rule name:maldoc_find_kernel32_base_method_1
Author:Didier Stevens (https://DidierStevens.com)
TLP:TLP:WHITE
Repository:
Rule name:MD5_Constants
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:PE_Digital_Certificate
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:RIPEMD160_Constants
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
TLP:TLP:WHITE
Repository:
Rule name:SHA1_Constants
Author:phoul (@phoul)
Description:Look for SHA1 constants
TLP:TLP:WHITE
Repository:
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.