YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 2c92f509f0cbdde11cef63fcb685aa1daa16a586c9737f7fd0569f2152a44b0a.
Scan Results
| SHA256 hash: | 2c92f509f0cbdde11cef63fcb685aa1daa16a586c9737f7fd0569f2152a44b0a | |
|---|---|---|
| File size: | 103'140 bytes | |
| File download: | Original Unpacked | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 0d30e584c8dbb2bf382754b31c0064c9 | |
| SHA1 hash: | 78a78697e06cf439edd39b880fe950020a0d8e2c | |
| SHA3-384 hash: | c97af1205d77bea2590b6efc2fba9c48b7af0a8901696a1223de288fb3360782f221764494d2db679e6f04edec270662 | |
| First seen: | 2026-04-27 14:57:46 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 14610dd0ebbc796a9a3a2ba2cdd24e79 | |
| ssdeep : | 3072:nyq5cM4IFXiYny3LF4/fMB9RUxh9qvGIIt:nyq5cM4ory3g0B9RUxhguIIt | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 73ee5b0a-4249-11f1-badc-42010aa4000b | |
|---|---|---|
| File name: | 0d30e584c8dbb2bf382754b31c0064c9 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Trojan.Agent-36126 |
|---|
| Signature: | Win.Trojan.Sality-5744854-0 |
|---|
| Signature: | Win.Virus.Sality-1067 |
|---|
| Signature: | Win.Virus.Sality-5901570-1 |
|---|
| Signature: | Win.Virus.Sality-6840657-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | INDICATOR_EXE_Packed_SimplePolyEngine |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | Sality_Malware_Oct16 |
|---|---|
| Author: | Florian Roth (Nextron Systems) |
| Description: | Detects an unspecififed malware - October 2016 |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | Sality_Malware_Oct16_RID2E9B |
|---|---|
| Author: | Florian Roth |
| Description: | Detects an unspecififed malware - October 2016 |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter