YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 2b4669bcbb89a8ac4f4c0f36e6c4dbcd1b0f3936cccd75e6978cf67d625d1461.

Scan Results


SHA256 hash: 2b4669bcbb89a8ac4f4c0f36e6c4dbcd1b0f3936cccd75e6978cf67d625d1461
File size:1'007'616 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: b6e91c562d463c1b9abed6431c920c85
SHA1 hash: f61e015604a451fd3ed44d2778644ff7b1f90c5c
SHA3-384 hash: e0f0b58d5f3b553a3426c23383717d857956fc82b154553b2d6b2c341384a8b9e7f5f55a13ac45276051d1465850ca7e
First seen:2022-11-24 19:55:10 UTC
Last seen:Never
Sightings:1
imphash : 0f6e4ec53fcd105841d732df6e5a3522
ssdeep : 24576:MKyD7Jupdvutjp4njVKNhHeV74Vny8TYRrmxvSZX0ypv:MKyJupdv6+juHeV8Cf
TLSH : T1AE259E65F6AC06A9D07BE1BCC917190AF5B2340243709BDB03E64BBDBA277D51A3B311
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:e7631eb8-6c31-11ed-a71a-42010aa4000b
File name:7ffb40140000.ucrtbase.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:cobalt_strike_tmp01925d3f
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.