YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3e15b01ede2c8e587eec8cfe150c978a8fd113d5c537ba7bf128134e1af54fc4.

Scan Results

SHA256 hash: 3e15b01ede2c8e587eec8cfe150c978a8fd113d5c537ba7bf128134e1af54fc4
File size:90'112 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: a505aa211d3ef6d2a4c81d1e7c7cc13b
SHA1 hash: 85d7feab21579d5a65c6278fe77fa358e6bf6aeb
SHA3-384 hash: a90e05ee97147c0fc129eeee66035b2eb43cc3a5e80b99fccf15b47bc2923d70afd723ec78a4b0009d351a42d02d7445
First seen:2026-01-15 15:28:16 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 768:+25nUlXrXxz4woGRjoezNl55jAyWKMU0OIDkZxyIrZuPooVM4dRWkQPooV20bBoo:mS9eplXjQeIgZxyIrZs2BoFyPrgrr
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 04ccc4d4c4f47c82
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:d094ee1c-f226-11f0-9df4-42010aa4000b
File name:400000.0105435EB89E0FECE5B29AF77C4EA058.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Vprn-9841594-0
Create hunting rule
Signature:Win.Malware.Vprn-9844504-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.