YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 951190d9be8800bf4c6f87963c442de87eeceb98c07826c0d5ad673d6c75962b.

Scan Results

SHA256 hash: 951190d9be8800bf4c6f87963c442de87eeceb98c07826c0d5ad673d6c75962b
File size:262'144 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 2931fdbb097edd262a3d0faf14f43cfa
SHA1 hash: 643f24ae83da251f0353515b455c464afd469e2f
SHA3-384 hash: f2bea08d45323e093a8926f77ccd71e7d1bc3e4e1e0804f5072bb73393c2e4862909a8a08c82755f81312fcb3fcf4669
First seen:2025-12-26 18:08:58 UTC
Last seen:Never
Sightings:1
imphash : 53351612be4ced9a69185220a35df198
Create hunting rule
ssdeep : 6144:A8TEZHEFXVGPsBBzxTkIHRl0Ag9WUjJ6C:MZCXVtDzxRmwUjJ6C
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:f34cd544-e285-11f0-9df4-42010aa4000b
File name:2650000.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Exploit.D388a-9756522-0
Create hunting rule
Signature:Win.Exploit.Meterpreter-9777172-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:MALWARE_Win_Meterpreter
Create hunting rule
Author:ditekSHen
Description:Detects Meterpreter payload
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Description:classified
Rule name:Windows_Trojan_Metasploit_38b8ceec
Create hunting rule
Description:Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_38b8ceec
Create hunting rule
Author:Elastic Security
Description:Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Description:Identifies the API address lookup function leverage by metasploit shellcode
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Author:Elastic Security
Description:Identifies the API address lookup function leverage by metasploit shellcode
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Author:Elastic Security
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.