YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 0ab7a7ed920708d5f6fe591f4adc97a80b6d1e38eade71d2ca6b553f514e580e.

SHA256 hash:	0ab7a7ed920708d5f6fe591f4adc97a80b6d1e38eade71d2ca6b553f514e580e
File size:	512'512 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	135566de8f92ea9612e207e10ba36e96
SHA1 hash:	6a2dbbd559dcc35d67e2413c39851001fc400783
SHA3-384 hash:	661d13d852a4c491f48f70715c72268d143bda16bba7985be087b9d146d3ab6af85678ccd9b3a8a0849d621cfa60b9c9
First seen:	2025-11-21 02:59:16 UTC
Last seen:	Never
Sightings:	1
imphash :	f34d5f2d4577ed6d9ceec516c1f5a744 Create hunting rule
ssdeep :	12288:4RUQCmRw4szYCOI6kwbInedX3SJTlJGS:Wl/RZ3rkyIednSJlJG
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	pe_imphash Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-11-21 02:59:16 UTC Static: 6 Unpacker: 0 ClamAV: 0