YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 190ee62cccc3930acb530af8f0136f2e47c1d08eef914d955e198fcd6662ff98.

SHA256 hash:	190ee62cccc3930acb530af8f0136f2e47c1d08eef914d955e198fcd6662ff98
File size:	21'106'688 bytes
File download:	Original
MIME type:	application/octet-stream
MD5 hash:	0e102d5cb036f5d44778ad2f3ea4cef7
SHA1 hash:	757c8d1ad0996c3d4ba5df6791e2d9990bd250ff
SHA3-384 hash:	cc5d3022b4bd30379229b380fff083d40b1a60dfeddf21080494c16cb61b9558258735117d0a1386622ec63cf9e7b0d8
First seen:	2025-12-24 09:41:05 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	12288:PYw5eUDH8uCU9ykMXzm16XrwsAroy/afzQB0Z+0ZNk2u29jZ:PYTUDHGUX1qQUAaLQ
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	Base64_decoding Create hunting rule
Author:	iam-py-test
Description:	Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-24 09:41:06 UTC Static: 5 Unpacker: 0 ClamAV: 0