YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 22fb5216ffc76432a078aea1b906fd0747588d08a7c6308f0671e57ae58556b0.

SHA256 hash:	22fb5216ffc76432a078aea1b906fd0747588d08a7c6308f0671e57ae58556b0
File size:	8'387'536 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	66892eb93713efa8d26755299c43fb3a
SHA1 hash:	3354069dc6176eb45f47a41e5ec0ddbf156a0f24
SHA3-384 hash:	775cf3926650405c2623be0f83e8be941728e20091ee7d007c2000b8056e7536291fb399e6fe852fd27799f54c49eed7
First seen:	2025-12-24 09:41:02 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	12288:hahvglGhkQL+WnZFfiVrJDNnJR2LgaIKPSrX+X7aMbBfS3SuwlFsrb1CsYNYQBt3:iaKmOGi3hENtYxNqkj
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_no_import_table Create hunting rule
Author:
Description:	Detect pe file that no import table
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-24 09:41:02 UTC Static: 6 Unpacker: 0 ClamAV: 0