YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3e8aa6ed8b4a5ebc2fc0b691b6f562cf5bbd34a636ec8d4aef8332bd7803ff80.

SHA256 hash:	3e8aa6ed8b4a5ebc2fc0b691b6f562cf5bbd34a636ec8d4aef8332bd7803ff80
File size:	86'975 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	16f354710f4348bad552623b2a91f296
SHA1 hash:	9d07186ac905e48453e68dce54596c858dd3829c
SHA3-384 hash:	c9c9bb1c3f92e5167d5b75c90a218fc241d0d1784aaf8d9c8563d9221a0147dd60443a649c12f0b18560892b7f186e0f
First seen:	2025-11-21 00:04:01 UTC
Last seen:	Never
Sightings:	1
imphash :	333b628adbaa5467ec168e307de83c54 Create hunting rule
ssdeep :	1536:5L5lxcQxgr9BcXzfGQz0/m4QdQiWC378JztYtfBpf4p7WtX4:blSQxgr9eXzd4/mxKIm+t3JI
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	1cb436b62e46c464 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	PUA.Win.Packer.Asprotect-3 Create hunting rule

Signature:	Win.Trojan.14940444-1 Create hunting rule

Signature:	Win.Trojan.Farfli-9952113-0 Create hunting rule

Signature:	Win.Trojan.Gh0stRAT-9936428-1 Create hunting rule

Signature:	Win.Worm.Doina-10016962-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	ASPackv212AlexeySolodovnikov Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	ASProtectV2XDLLAlexeySolodovnikov Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-11-21 00:04:01 UTC Static: 3 Unpacker: 0 ClamAV: 5