YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 4b7a0e4c672c6cfaf740b0a4f11f0632b07356ff597bee6c210b0ff695f098dc.
Scan Results
| SHA256 hash: | 4b7a0e4c672c6cfaf740b0a4f11f0632b07356ff597bee6c210b0ff695f098dc | |
|---|---|---|
| File size: | 58'352 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 193132aadc823a19a0aac52190a7fdce | |
| SHA1 hash: | 118ae7755690bfef4efe4827d026c9452e033023 | |
| SHA3-384 hash: | 87ec8245a681423daef54dcd5037b258ff7f69110ed7b69f1a6c96722dfe380e86afac65e774a1bf30dc507afc4d0140 | |
| First seen: | 2025-11-21 19:01:01 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | ba9923d9bf7b1cc87486a23ff9cc2c57 | |
| ssdeep : | 1536:C8Xu96vKu/yfH36AOrIhFVg81CPIoi5t1bkyir1:C/uaSAJhFe8voi5TXy | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 6c69a626-c70c-11f0-a73e-42010aa4000b | |
|---|---|---|
| File name: | 193132aadc823a19a0aac52190a7fdce | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.Heur.10740.16293.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | cobalt_strike_tmp01925d3f |
|---|---|
| Author: | The DFIR Report |
| Description: | files - file ~tmp01925d3f.exe |
| Reference: | https://thedfirreport.com |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | PE_Digital_Certificate |
|---|---|
| Author: | albertzsigovits |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RemCom_RemoteCommandExecution |
|---|---|
| Author: | Florian Roth (Nextron Systems) |
| Description: | Detects strings from RemCom tool |
| Reference: | https://goo.gl/tezXZt |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | RemCom_RemoteCommandExecution_RID3292 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects strings from RemCom tool |
| Reference: | https://goo.gl/tezXZt |
| TLP: | TLP:WHITE |
| Rule name: | Sectigo_Code_Signed |
|---|---|
| Description: | Detects code signed by the Sectigo RSA Code Signing CA |
| Reference: | https://bazaar.abuse.ch/export/csv/cscb/ |
| TLP: | TLP:WHITE |
| Repository: | Sandnet |
| Rule name: | win_remcom_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects win.remcom. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter