YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.
Scan Results
| SHA256 hash: | 2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6 | |
|---|---|---|
| File size: | 1'675'436 bytes | |
| File download: | Original | |
| MIME type: | application/pdf | |
| MD5 hash: | 91f1b9637f551921cc6d7f966c43ef5a | |
| SHA1 hash: | ea928e06b50fda509a760e5a74c3e652e569a181 | |
| SHA3-384 hash: | 2ce03b6f320da0ac6092d9e5d91b8f30d434665074c1deba4e8479712481183170055096bc650146af99765c2f8e750f | |
| First seen: | 2026-03-07 07:26:18 UTC | |
| Last seen: | 2026-03-07 10:48:35 UTC | |
| Sightings: | 63 | |
| imphash : | n/a | |
| ssdeep : | 24576:4nVUsOpK9Ly7lrEbQF0rVhfDWdxlYI/912h8v9:4VUmI7lrEkWVhfUxx7 | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 63 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 313536c1-1a13-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | cb134cf7-1a12-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 5a8ae533-1a12-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | f2bab7a6-1a11-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 863eaa63-1a11-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 1b5f43af-1a11-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | b29310e0-1a10-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 41804493-1a10-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | d7be6878-1a0f-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 7591d07b-1a0f-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | API_2cb9671d54e85c9b732c29cfead3ffdf8aedac8eda8ab58813e97a148e05edd6.pdf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | False | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | dgaagas |
|---|---|
| Author: | Harshit |
| Description: | Uses certutil.exe to download a file named test.txt |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | html_auto_download_b64 |
|---|---|
| Author: | Tdawg |
| Description: | html auto download |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.