YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 111020cad41a5c05e498a7ca8cfb29d44c8ebdcd7c393af45548d9a5b918e2f1.
Scan Results
| SHA256 hash: | 111020cad41a5c05e498a7ca8cfb29d44c8ebdcd7c393af45548d9a5b918e2f1 | |
|---|---|---|
| File size: | 316'000 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | d664e69ae4ed880a171bbfbddce28def | |
| SHA1 hash: | 860e478c1b460026183a38c73b94a00dd283adfc | |
| SHA3-384 hash: | 57697f37db046cfda0cc347709184f1f7b59344ae5fb5a3d3c8f06f365e207cf362714003500c2da701ad3cdb9b4cbb2 | |
| First seen: | 2023-11-30 13:09:17 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 5622411c13166ebed92c96932511ef56 | |
| ssdeep : | 6144://eHXriXUU5EYCTvaBjRjWrLJKuKnGML5Njcx:nyeUusvalgg5Nja | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 04ccc4d4c4f47c82 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | ab25a3dc-8f81-11ee-9aea-42010aa4000b | |
|---|---|---|
| File name: | 400000.smss.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Moonlight-9890813-0 |
|---|
| Signature: | Win.Malware.Moonlight-9934254-0 |
|---|
| Signature: | Win.Malware.Moonlight-9934996-0 |
|---|
| Signature: | Win.Trojan.Moonlight-9881795-0 |
|---|
| Signature: | Win.Trojan.Virut-113 |
|---|
| Signature: | Win.Trojan.Virut-22 |
|---|
| Signature: | Win.Trojan.Virut-308 |
|---|
| Signature: | Win.Worm.Moonlight-10010646-0 |
|---|
| Signature: | Win.Worm.Moonlight-9779178-0 |
|---|
| Signature: | Win.Worm.Rzrghykib-10003980-0 |
|---|
| Signature: | Win.Worm.Ulise-9778387-0 |
|---|
| Signature: | Win.Worm.VB-663 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | maldoc_getEIP_method_1 |
|---|---|
| Author: | Didier Stevens (https://DidierStevens.com) |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | SEH__vba |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | TeslaCryptPackedMalware |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter