YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 2ff79615a4474da06ca2a1e1ac45daeac2fa775059c7d13c82fe2f4bef8c078d.
Scan Results
| SHA256 hash: | 2ff79615a4474da06ca2a1e1ac45daeac2fa775059c7d13c82fe2f4bef8c078d | |
|---|---|---|
| File size: | 3'436'899 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 17c889caf674c4053abb407488535ba2 | |
| SHA1 hash: | 253a11798ef813348f93667e7066b247e3bd9679 | |
| SHA3-384 hash: | 145f41beef906ee4625f952b7b545dd1bc3a78c300bd6f43c34dce3446f6ddd1f2b4af5a050f03485e01a1b59d942819 | |
| First seen: | 2025-11-21 02:47:29 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | da2666d3347f129193ab91a0eab85c0c | |
| ssdeep : | 6144:MdoxMaLHbT42Vt2cvCcRu71QkRi6pXEM/deOUHv2A5Fcf74q5eFoYd/aWjBs/pi8:5z | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 6ba6c193-c684-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | 17c889caf674c4053abb407488535ba2 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.Trojan.TR.Patched.Ren.Gen2.22419.24869.UNOFFICIAL |
|---|
| Signature: | Win.Downloader.Small-1966 |
|---|
| Signature: | Win.Trojan.Madangel-1 |
|---|
| Signature: | Win.Worm.Palevo-9883525-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | FreddyBearDropper |
|---|---|
| Author: | Dwarozh Hoshiar |
| Description: | Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Sus_CMD_Powershell_Usage |
|---|---|
| Author: | XiAnzheng |
| Description: | May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter