YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a9301b6f5daea1cf8adfa59dab34a9ca1aafa82aa0c443bb1ab5a3f40bc5f6b1.

Scan Results

SHA256 hash: a9301b6f5daea1cf8adfa59dab34a9ca1aafa82aa0c443bb1ab5a3f40bc5f6b1
File size:111'159 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: c9e07164982d7be5fe71a8a68d5e5906
SHA1 hash: 44053f43d7f9747d33743004dec2bf41ebc3c805
SHA3-384 hash: 22347d15e91cf31dc69cd71afa27834081f4fbb504a559e0dbd856e7ef79b5e6f937c56b2ba2d2a953a6c182eee632f7
First seen:2026-01-06 14:06:01 UTC
Last seen:Never
Sightings:1
imphash : 473bce56a9a44da474ff4deec7f30bbf
Create hunting rule
ssdeep : 1536:vRiAXaKD5gxzmwYEM/D3ozc4I8JboecWtX4:piAXaKDeKNnD36cb8tI
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 1cb436b62e46c464
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:d556610b-eb08-11f0-9df4-42010aa4000b
File name:c9e07164982d7be5fe71a8a68d5e5906
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Asprotect-3
Create hunting rule
Signature:Win.Trojan.Farfli-9952113-0
Create hunting rule
Signature:Win.Trojan.Gh0stRAT-9936428-1
Create hunting rule
Signature:Win.Worm.Doina-10016962-0
Create hunting rule
Signature:Win.Worm.Palevo-10024153-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CMD_Ping_Localhost
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.