YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 90915b0d6a7798b12176f94d1ed2fcd5f125d8b38a7f4925784afdc0fabf4a40.

SHA256 hash:	90915b0d6a7798b12176f94d1ed2fcd5f125d8b38a7f4925784afdc0fabf4a40
File size:	172'032 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	92855b79bbe0c50a2d7827cddab4dfe9
SHA1 hash:	205ad6edd50b179373d000a43dcfe725787ab193
SHA3-384 hash:	c03da038ba2853202bb0e8c33a0cefd199204d0b144cc49f42a4301d0acc2ffbd880e9b99921bfcaf5cc53607344f662
First seen:	2025-12-16 06:01:45 UTC
Last seen:	Never
Sightings:	1
imphash :	adf23c6d07b8934863fcfadf680025f3 Create hunting rule
ssdeep :	1536:eNnaNhtEcYECBWh2xMxStiWoH0AqHarUZs7W:OaNEcYEh5xSIWoNqH7Zs7W
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Ulise-7170100-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	SUSP_ENV_Folder_Root_File_Jan23_1 Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects suspicious file path pointing to the root of a folder easily accessible via environment variables
Reference:	Internal Research
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-16 06:01:45 UTC Static: 4 Unpacker: 0 ClamAV: 1