YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 10ef6d78d8fd3ae3fc0094b1446ff659a957668828d34a1d3227dac09d62d74a.

Scan Results


SHA256 hash: 10ef6d78d8fd3ae3fc0094b1446ff659a957668828d34a1d3227dac09d62d74a
File size:477'539 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: b218b3cb071c57ad03c38449b23b9021
SHA1 hash: 0817f3a1c5a5d3d090a79641b096ae8505fddddf
SHA3-384 hash: 609cde782e4fe0a2cf163e8c2b8648ae1f81e0de0e35ce501de3b42e4291db8838f6770be9107b02298366febb90218a
First seen:2022-11-24 19:50:12 UTC
Last seen:Never
Sightings:1
imphash : 18a5ebc0f2d7527dff374fe9b64b83cf
ssdeep : 6144:fY+32WWluqvHpVmXWEjFJRWci+WUd20Br+UU5EYCTvaBju4z:AnWwvHpVmXpjJIUd2LUusvalxz
TLSH : T1AAA4283AEB20B116FA578C7A78294E1B15283C3562119E4BB3926B4D34766C3F9F434F
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:35b0d34f-6c31-11ed-a71a-42010aa4000b
File name:400000.winlogon.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Packer.VbPack-0-6334882-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:INDICATOR_EXE_Packed_MPress
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
TLP:TLP:WHITE
Repository:ditekshen
Rule name:meth_get_eip
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.