YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 3ef384aed4749d2b9413a6ea225f8f90993437594213092bebe78434d110e448.

Scan Results

SHA256 hash: 3ef384aed4749d2b9413a6ea225f8f90993437594213092bebe78434d110e448
File size:151'680 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 06ded89f84182acd61196dcedab4c0a4
SHA1 hash: effd5c3661e37bfb6cf599f212c202225d0dbf94
SHA3-384 hash: a9fba52d1efc57a757f301830c110d8ba85d09e79731fe6fe31f713ff44ccdfb0de3c032b6eea8ad1730cdd355019b85
First seen:2025-11-20 23:49:04 UTC
Last seen:Never
Sightings:1
imphash : b892955ae494fe908bdf52e81e1dfa4c
Create hunting rule
ssdeep : 768:nb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5aRo:nbQx5oPsr2vFxDPhAvzgdWLIZ7v
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : f0968ee8aae8e8b2
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:7f1e714f-c66b-11f0-adeb-42010aa4000b
File name:06ded89f84182acd61196dcedab4c0a4
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.Packman-5
Create hunting rule
Signature:PUA.Win.Packer.Packman-6
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:Packmanv10BrandonLaCombe
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.