YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 2b70b8c019f347146b6d663bb099513c924f50d84b93364e40e18f54d2078f04.

Scan Results

SHA256 hash: 2b70b8c019f347146b6d663bb099513c924f50d84b93364e40e18f54d2078f04
File size:16'822'120 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 172fd9e068667a304d9b30d0192258ce
SHA1 hash: 2160e4a9da4c35e4b2d72157037439071cd02c00
SHA3-384 hash: b8b0f58ec5edcb30249045d0520b75ca12180c517736203b4d6af6615c273b2edffa8373f9128d3f53b3d6e9e4db678b
First seen:2025-11-21 00:04:06 UTC
Last seen:Never
Sightings:1
imphash : 72c4e339b7af8ab1ed2eb3821c98713a
Create hunting rule
ssdeep : 393216:rcM0Y6zdZ11a8W1+TtIiFY0V8/3c1tEF6gjv2CqLImjIlY:j6Pa8W1QtIk0c1t6bvoLIUIlY
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : c6c2ccc4f4e0e0f8
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:98d0740d-c66d-11f0-adeb-42010aa4000b
File name:172fd9e068667a304d9b30d0192258ce
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.FileRepMalware.22561.28030.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Win64.Evo-gen.14957.29019.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:dependsonpythonailib
Create hunting rule
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
TLP:TLP:WHITE
Repository:YARAify
Rule name:Detect_PyInstaller
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects PyInstaller compiled executables across platforms
TLP:TLP:WHITE
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller. This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:TLP:WHITE
Repository:bartblaze
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.