YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 90283b19bef2d7eb7d9fa1908a1e023a3bd433fab87e82ae3c6e5860413c3af6.
Scan Results
| SHA256 hash: | 90283b19bef2d7eb7d9fa1908a1e023a3bd433fab87e82ae3c6e5860413c3af6 | |
|---|---|---|
| File size: | 127'703 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 0adb42de06d2ec2f90fd094a7773ab1f | |
| SHA1 hash: | 058f37fbab974a739224242155b11f7ba232ec5b | |
| SHA3-384 hash: | 204989685e3aa361d7fd29d4b27008dbfdde4b0f905a77ef0061426d5ad6d2b9ba7585a57aa53dc95df56e31fec1f437 | |
| First seen: | 2025-11-21 18:58:53 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | bec75a4fbf00afacaff9d6f8388a727e | |
| ssdeep : | 3072:EagwS1Ut+KNPJI1F3Md55keTZwcM2I38QXy+:vUGPJKF3Md55ZTZwz38QXt | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | b6e29abe6e6c9cc0 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 1ff22186-c70c-11f0-a73e-42010aa4000b | |
|---|---|---|
| File name: | 0adb42de06d2ec2f90fd094a7773ab1f | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.AcprotectUltraprotect-1 |
|---|
| Signature: | PUA.Win.Packer.Anti-28 |
|---|
| Signature: | PUA.Win.Packer.Anti-29 |
|---|
| Signature: | PUA.Win.Packer.Nspack-1 |
|---|
| Signature: | PUA.Win.Packer.Nspack-22 |
|---|
| Signature: | PUA.Win.Packer.Nspack-25 |
|---|
| Signature: | PUA.Win.Packer.Nspack-26 |
|---|
| Signature: | Win.Malware.Palevo-9937438-0 |
|---|
| Signature: | Win.Trojan.Farfli-9952113-0 |
|---|
| Signature: | Win.Worm.Doina-10016962-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | FreddyBearDropper |
|---|---|
| Author: | Dwarozh Hoshiar |
| Description: | Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | PEDiminisherV01Teraphy |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter