YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash e5d62bdf1f9a8472e6fe2ab36ce6b58910fea4776618111fcd8d927f0d17b128.
Scan Results
| SHA256 hash: | e5d62bdf1f9a8472e6fe2ab36ce6b58910fea4776618111fcd8d927f0d17b128 | |
|---|---|---|
| File size: | 88'008 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 0a569b81c747221cb7dc89546f070ae6 | |
| SHA1 hash: | 68829d695256d55177921b6dfad0a91d5bc97aff | |
| SHA3-384 hash: | 2608a8d17c15bb1209777f667d87184ec82da6d6aeb82c177ab999f80bb0f79fe87972276ad27c87bfa29ab0387eca38 | |
| First seen: | 2025-11-21 18:57:39 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 481f47bbb2c9c21e108d65f52b04c448 | |
| ssdeep : | 1536:I93eCgZEvqr1ztRppUrXzMb+KR0Nc8QsJq3I:g3jgZPr5jwrje0Nc8QsCI | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | f39e76e1-c70b-11f0-a73e-42010aa4000b | |
|---|---|---|
| File name: | 0a569b81c747221cb7dc89546f070ae6 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Trojan.Swrort-5710536-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Reverse_Bin_v2_5_through_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Reverse_Bin_v2_5_through_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | metasploit_rev_tcp_32 |
|---|---|
| Author: | Javier Rascon |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | meth_peb_parsing |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | classified |
|---|---|
| Description: | classified |
| Rule name: | Rozena |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | CAPE |
| Rule name: | SUSP_Imphash_Mar23_2 |
|---|---|
| Author: | Arnim Rupp (https://github.com/ruppde) |
| Description: | Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal) |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | Windows_Trojan_Metasploit_0cc81460 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Windows_Trojan_Metasploit_4a1c4da8 |
|---|---|
| Author: | Elastic Security |
| Description: | Identifies Metasploit 64 bit reverse tcp shellcode. |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter