YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 4433d85afa23741272328b7ec3d4717eba64bee89b36d9d4de504c72fc31859d.
Scan Results
| SHA256 hash: | 4433d85afa23741272328b7ec3d4717eba64bee89b36d9d4de504c72fc31859d | |
|---|---|---|
| File size: | 176'128 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 38425059bb102de350055d98fffc438e | |
| SHA1 hash: | a2d6c30050dbc1b4bd0b26af9af7a185846c4b31 | |
| SHA3-384 hash: | ed009c18ca43dc322728bc93620b02ee7b25b3e64e584be641c7adc688f5df8c944cc558701841af97cbf7c21a5a1a15 | |
| First seen: | 2025-11-21 18:57:38 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | fca2ec28554e1f7e639b072414989107 | |
| ssdeep : | 3072:n9UMmY8MA1cRWr7BiKcOO1Sf7lHnc9eouf8PaNy////l////////////D//////X:jbwfBiKCYfhHhp | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | f3457b43-c70b-11f0-a73e-42010aa4000b | |
|---|---|---|
| File name: | 26b0000.dll | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Lazy-10008179-0 |
|---|
| Signature: | Win.Malware.Lazy-10008180-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | cobalt_strike_tmp01925d3f |
|---|---|
| Author: | The DFIR Report |
| Description: | files - file ~tmp01925d3f.exe |
| Reference: | https://thedfirreport.com |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | MALWARE_Win_R77 |
|---|---|
| Author: | ditekSHen |
| Description: | Detects r77 rootkit |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | ThreadControl__Context |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | Windows_Rootkit_R77_d0367e28 |
|---|---|
| Author: | Elastic Security |
| Reference: | https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter