YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 24b9530b925479339af8f7593db130ebc5653972c4eec40852234cdd07918b98.

SHA256 hash:	24b9530b925479339af8f7593db130ebc5653972c4eec40852234cdd07918b98
File size:	5'016'839 bytes
File download:	Original Unpacked
MIME type:	application/x-dosexec
MD5 hash:	205255f9798307bf2b94c3a9c5d4add4
SHA1 hash:	751a266f5242578e03898c118809e38b01981b16
SHA3-384 hash:	7026fed96858c985350a240b952e71225a6ea72868477cb28e6765e877995d3e004179d6b8ba5fda8c527a49b51c8e5d
First seen:	2026-04-12 16:59:48 UTC
Last seen:	Never
Sightings:	1
imphash :	dc12932426806b6b47a373d7ae42c21d Create hunting rule
ssdeep :	98304:s1+FCwMUACfp+AJZKtTbuJv/7c1g6eaV3z7gNHtSR1Q65lvh+:smCgt4q5/ggSxz7gNwM6nvA
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	b286eab4b2aa8cb2 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Trojan.Generic-9856178-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-12 16:59:48 UTC Static: 4 Unpacker: 0 ClamAV: 1