YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3b589e1ceac4445f4d274b6ab89cbe81d86b825075c45e02cf032bf03db40e8c.

Scan Results

SHA256 hash:	3b589e1ceac4445f4d274b6ab89cbe81d86b825075c45e02cf032bf03db40e8c
File size:	1'547'086 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	f837b01bed8b09c2ffc86e930154dc82
SHA1 hash:	00c0a6a0fb6e8a087e7dc98099352b1644ccb1db
SHA3-384 hash:	87c0d94fc7cda876b78188add3571afa7efbc96d1a5b29c5953ecce25522933e7d568cff9555142497ff339ee4e08dce
First seen:	2025-12-30 21:20:34 UTC
Last seen:	Never
Sightings:	1
imphash :	ef56f3c62f156ff474f2679761abc6a2 Create hunting rule
ssdeep :	24576:6Ytbsok1Y/UQcAeNdsdVdlYwWCqXKZbh96XNf69jWoYcnfNT/vd:ook1YfAdsdVd8NaWoYcnfNT/vd
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	611b11c5-e5c5-11f0-9df4-42010aa4000b
File name:	f837b01bed8b09c2ffc86e930154dc82
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	Check_OutputDebugStringA_iat Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	CMD_Shutdown Create hunting rule
Author:	adm1n_usa32
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified
Reference:	classified
TLP :	TLP:AMBER

Rule name:	INDICATOR_SUSPICIOUS_EXE_TelegramChatBot Create hunting rule
Author:	ditekSHen
Description:	Detects executables using Telegram Chat Bot
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	INDICATOR_SUSPICIOUS_GENRansomware Create hunting rule
Author:	ditekSHen
Description:	Detects command variations typically used by ransomware
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	mht_inside_word Create hunting rule
Author:	dPhish
Description:	Detect embedded mht files inside microsfot word.
TLP:	TLP:WHITE

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	classified
Author:	classified

Rule name:	telegram_bot_api Create hunting rule
Author:	rectifyq
Description:	Detects file containing Telegram Bot API
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TelegramAPIMalware_PowerShell_EXE Create hunting rule
Author:	@polygonben
Description:	Hunting for pwsh malware using Telegram for C2
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques
TLP:	TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.