YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1bfd8b2362820c07409b5d290bd54c3c039a4953b47386d352d7b1f7a905f81f.

Scan Results

SHA256 hash: 1bfd8b2362820c07409b5d290bd54c3c039a4953b47386d352d7b1f7a905f81f
File size:59'524 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: b762272c585f8aef90267e545f137613
SHA1 hash: 965c4b2611d31460e5ed0c2a931ebfd1591f8e60
SHA3-384 hash: 2fb01952af7be85df6e068fc6bd52e49c68921ac5c2a55ad29415e5d06586262dca7df7f9360408055f0ac54c9ac25c1
First seen:2026-02-10 06:15:54 UTC
Last seen:Never
Sightings:1
imphash : 0f147c59c5db4f93373974017bd25fe0
Create hunting rule
ssdeep : 768:KYmKrEbJUqz7hAZIlCl0884NaZ+hBKrLJOLmPP:KYAbJUqz7hAZIslrlP8UO
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:f4f4f32f-0647-11f1-82f6-42010aa4000b
File name:400000.378e98a3-57c0-4824-b35a-a4a1ad9eff94.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_URL_In_EXE
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Rule name:upx_3
Create hunting rule
Author:Kevin Falcoz
Description:UPX 3.X
TLP:TLP:WHITE
Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques
TLP:TLP:WHITE
Repository:
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.