YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 3f2490dbedfe963367dbcdd60a8836e46703a17bc40bbcb7379e9bb4e708b90a.
Scan Results
| SHA256 hash: | 3f2490dbedfe963367dbcdd60a8836e46703a17bc40bbcb7379e9bb4e708b90a | |
|---|---|---|
| File size: | 12'279'820 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 0ac017c63675ad9d751717c4a138bcbe | |
| SHA1 hash: | 429900365464c46b8807370b08114d2ec4e1a170 | |
| SHA3-384 hash: | e3dc74ce1c63a24cf3242dfbfb2929ab89d285ab9cc357f26ac7ffb79a905bede3d4da9967dd4b576ea1e9b82dd08639 | |
| First seen: | 2025-11-21 19:03:07 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | f34d5f2d4577ed6d9ceec516c1f5a744 | |
| ssdeep : | 196608:xjg+GCjjgx17pvM0cNvIPQYfJGEB25Nj9O23NF1qziILsz5WwOr6pIEGs532+d9K:xjg+GCjjgxFpvncIQmw5d9NtfIOOrPAM | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | b763f3b5-c70c-11f0-a73e-42010aa4000b | |
|---|---|---|
| File name: | 0ac017c63675ad9d751717c4a138bcbe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Packed.Packy-10033570-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Disable_Defender |
|---|---|
| Author: | iam-py-test |
| Description: | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | pe_imphash |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Sus_CMD_Powershell_Usage |
|---|---|
| Author: | XiAnzheng |
| Description: | May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | upxHook |
|---|---|
| Author: | @r3dbU7z |
| Description: | Detect artifacts from 'upxHook' - modification of UPX packer |
| Reference: | https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/ |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter