YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 6372033e7be6087f2de07a36e5545575fc9354f58b39ec1e7df42089bf5942c9.

Scan Results

SHA256 hash: 6372033e7be6087f2de07a36e5545575fc9354f58b39ec1e7df42089bf5942c9
File size:2'124'800 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 1848ac8efccadb7b8c761d94375b9911
SHA1 hash: 7fad8c3ef596fb6a766b77df87b4ef2223fe5e65
SHA3-384 hash: 3bda3ca951ccac8e0e01d6e2810023c8e2fab544d7e37eaf348231a2996ad6edeb496d2e565938c6a98926c53f50a7fd
First seen:2025-11-21 18:57:41 UTC
Last seen:Never
Sightings:1
imphash : 12a5950c40cfc7585cc5e4c06703f30a
Create hunting rule
ssdeep : 24576:7wk93ButUuVLmXCoeK9N72Hcsqc3yUmREesInZH6KGWGWPc6+tfnvvB5ha:7wklaUuV6XCoeKJ2HcsWHtG55a
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:f4cf1608-c70b-11f0-a73e-42010aa4000b
File name:1848ac8efccadb7b8c761d94375b9911
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Ransomware.PolyRansom-6413978-0
Create hunting rule
Signature:Win.Virus.PolyRansom-5704625-0
Create hunting rule
Signature:Win.Virus.Virlock-9969965-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.