YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1c28b5c8f2822891910baaacb761928828f381698cddadfe7f9815d5b901dd2f.

SHA256 hash:	1c28b5c8f2822891910baaacb761928828f381698cddadfe7f9815d5b901dd2f
File size:	581'632 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	83953e06384f766721c628a2882b8eb6
SHA1 hash:	88b16857f82f4c6f52c4f04933cca0c3e2e11aa1
SHA3-384 hash:	cca10049f937a0107dd6ce0d813181cbceaa4a43b2efdbc90ae72c0b70eb85e397d29bdc6e6ed289eccaf660d9f82b51
First seen:	2025-12-24 09:42:10 UTC
Last seen:	Never
Sightings:	1
imphash :	857403658d99132e851333dbe69924c9 Create hunting rule
ssdeep :	12288:C3HRjOKhwWUkKzhqqZoz0XEeNkDQgU/SasC:C3xjOKZ8hqqFUQkDnU/Sat
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerHiding__Active Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerHiding__Thread Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	dgaagas Create hunting rule
Author:	Harshit
Description:	Uses certutil.exe to download a file named test.txt
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Suspicious_PssCaptureSnapshot_Usage Create hunting rule
Author:	Dana Behling - Just me not for personal curiosity, no company.
Description:	Detects binaries abusing PssCaptureSnapshot in combination with typical combination that indicates malicious activity.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_Win_ETW_Bypass_2025_CYFARE Create hunting rule
Author:	CYFARE
Description:	Windows ETW Bypass Detection Rule - 2025
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-24 09:42:10 UTC Static: 17 Unpacker: 0 ClamAV: 0