YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 40cdcff9b42b980c88ef0a9164320fc3245485775a91c7fc1d8e9a9f6727df3b.

Scan Results


SHA256 hash: 40cdcff9b42b980c88ef0a9164320fc3245485775a91c7fc1d8e9a9f6727df3b
File size:326'499 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 2786947c970490283e9fe31b2c4f14d6
SHA1 hash: 06617ae9ecf394d1de503f516dfd5779e56e3a4c
SHA3-384 hash: c33ca44bae1e4ef7a2a20e35b1fe1fc72302bfea6c3f0ad2f4c4b851d586de3c1239a5129dc01dc561433a733632f881
First seen:2022-11-24 19:48:48 UTC
Last seen:2022-11-25 06:36:32 UTC
Sightings:2
imphash : 18a5ebc0f2d7527dff374fe9b64b83cf
ssdeep : 6144:UY+32WWluqvHpVmXWEjFJRWci+WUd20Tr+UU5EYCTvaBju4:/nWwvHpVmXpjJIUd2RUusvalx
TLSH : T102643A3AEB20B126FA478C7A78394E1615283C3562119E4BB3926B4D34766C3F9F474F
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:80163050-6c8b-11ed-a71a-42010aa4000b
File name:400000.winlogon.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.

Task Information


Task ID:03c997a3-6c31-11ed-a71a-42010aa4000b
File name:400000.winlogon.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.