Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 44af45a589c3ab96cd5d270e55bb14153921584b1c29452c1092162e5ed4565a.

Scan Results


SHA256 hash: 44af45a589c3ab96cd5d270e55bb14153921584b1c29452c1092162e5ed4565a
File size:63'104 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: d4f16d367c628a600eaa95f8a48f1216
SHA1 hash: 7d9af177ae087902d3e66155acc06d30553d8b38
SHA3-384 hash: c9b086d693354b38c1b26ddf77e59f8c12c94a0599fa68ffed18fbf0d9c064297968745b2c79a6356b8df23a2fef1204
First seen:2025-10-03 03:16:57 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 192:OwkG2PeHJopLvs4qn2YIH/Kj11EHRJrnU0:OwkGRHJoLvILIo1YRJrU0
TLSH : T1ED5319073FCA4C31FA5D37B84B7EE9A8602628519692498E5548AF03FD353C46CA9E71
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:6ba0997f-a007-11f0-adeb-42010aa4000b
File name:262f980.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:pe_no_import_table
Author:
Description:Detect pe file that no import table
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.