YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1448ce43a88c218b215b8760b54adbd497a181c9c94a7d2497d3990c4c12d9ed.

Scan Results


SHA256 hash: 1448ce43a88c218b215b8760b54adbd497a181c9c94a7d2497d3990c4c12d9ed
File size:326'735 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: f468edba6e4247218e053955034fc252
SHA1 hash: 22a49fb1efc4aa42560a2972309ad2361af17211
SHA3-384 hash: d49c125f3804fa65b57f1b6a2a6c9c7f10a2c691687a458216f856e9a9f84909a9411621e0d5e9f4e328a37f6e346d78
First seen:2022-11-24 19:48:49 UTC
Last seen:2022-11-25 06:36:32 UTC
Sightings:2
imphash : 2a117f0ed09337459d5cab41af2126d6
ssdeep : 6144:7Y+32WWluqvHpVmXWEjFJRWci+WUd20Rr+UU5EYCTvaBju4Q:0nWwvHpVmXpjJIUd2jUusvalx
TLSH : T19D643A3AEB20B126FA478C7A78394E1615283C3562119E4BB3926B4D34766C3F9F474F
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:804d5345-6c8b-11ed-a71a-42010aa4000b
File name:400000.system.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.

Task Information


Task ID:0431af32-6c31-11ed-a71a-42010aa4000b
File name:400000.system.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.