YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 01415350e2b3a07498f5eb5dace385b8a521f335edd8086217f20d49847f58ab.

SHA256 hash:	01415350e2b3a07498f5eb5dace385b8a521f335edd8086217f20d49847f58ab
File size:	602'112 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	facf51127dff53f64233bbff28b2bac3
SHA1 hash:	b6f81d5663b28afcd6bbeb9172fbf6a255896a27
SHA3-384 hash:	4ae912f8c97587b3fbe3d5388524c7ce42f53b7b558cba00ae06826ecf7dc2c8d5f24ca4972f52e9c94a1e4a7f5ecbc9
First seen:	2026-01-19 18:09:47 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	12288:ps3kw3TkBmbQZ8T16KGC34EIm8sYLSYxvDpq1Cj1iCXjJ:ps31Nbe8T16KMEIm8sYLSCEAZiCXjJ
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	has_telegram_urls Create hunting rule
Author:	Aaron DeVera<aaron@backchannel.re>
Description:	Detects Telegram URLs
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	HeavensGate Create hunting rule
Author:	kevoreilly
Description:	Heaven's Gate: Switch from 32-bit to 64-mode
TLP:	TLP:WHITE
Repository:	CAPE

Rule name:	infostealer_win_acrstealer_str Create hunting rule
Description:	Finds ACR Stealer standalone samples based on specific strings.
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_no_import_table Create hunting rule
Author:
Description:	Detect pe file that no import table
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified

Rule name:	WIN_FileFix_Detection Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects FileFix social engineering technique that launches chained PowerShell and PHP commands from file explorer typed paths
Reference:	FileFix social engineering with PowerShell and PHP commands
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-01-19 18:09:47 UTC Static: 17 Unpacker: 0 ClamAV: 0