YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3ec5533ba24a2784af733bcc6f8e61eed680e5907935c336abb6bfa66d3f3948.

SHA256 hash:	3ec5533ba24a2784af733bcc6f8e61eed680e5907935c336abb6bfa66d3f3948
File size:	3'216'616 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	21a9407e407e1fdd55071a762da21b86
SHA1 hash:	a50af71ad4597572d050c4e4f28f9320b063edf1
SHA3-384 hash:	4ce634f19d1043ec5129a99fdebf6c746e1ef623d593bad4587466b427a1520e34b640c58d87c8f72fa19159418124f6
First seen:	2026-01-19 18:14:41 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	3072:7WBTd6duRaAknGDGTlzuSNwgHutFCKcXRDX6wiZT07mTfsvG/V0gBJWsRcowsgKY:xhlhZCqu5ckDcgBl3Qig+h9bhdfL
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_no_import_table Create hunting rule
Author:
Description:	Detect pe file that no import table
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-01-19 18:14:42 UTC Static: 6 Unpacker: 0 ClamAV: 0