YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 4e2564572e305ab45e3108323f873d6bda2fe660b22bf94a2726c4066d091c5a.
Scan Results
| SHA256 hash: | 4e2564572e305ab45e3108323f873d6bda2fe660b22bf94a2726c4066d091c5a | |
|---|---|---|
| File size: | 1'182'832 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | d957898e9d709e5e83596f54fd73cb1f | |
| SHA1 hash: | 48afeaf2d4139edf9b716f1ec76d4a1a58bff2b1 | |
| SHA3-384 hash: | bb1f7653a2f33f5f450337db0e313e1ed4e470fb2bfba890e73d340a1bda90e6bd00da6c5d018e23ca3d9c2d5437d905 | |
| First seen: | 2025-12-15 22:46:48 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 1083b7a1ae9148dcb4cf68130fc0999b | |
| ssdeep : | 3072:4LVoDvPd+A4WhkhXDl+i1lApwHFTS47c:aopGGgbiwlm4o | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | aab2606469f096b3 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | f08f86f3-da07-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 400000.1ea5bf2b-2419-442d-843e-58357a9f5070.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.Aspack-30 |
|---|
| Signature: | PUA.Win.Packer.Asprotect-3 |
|---|
| Signature: | Win.Trojan.JS-37 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ASPackv212AlexeySolodovnikov |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | ASProtectV2XDLLAlexeySolodovnikov |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | Borland |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | FreddyBearDropper |
|---|---|
| Author: | Dwarozh Hoshiar |
| Description: | Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | classified |
|---|---|
| Author: | classified |
| Description: | classified |
| Reference: | classified |
| TLP : | TLP:AMBER |
| Rule name: | pe_detect_tls_callbacks |
|---|---|
| Author: | |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | with_urls |
|---|---|
| Author: | Antonio Sanchez <asanchez@hispasec.com> |
| Description: | Rule to detect the presence of an or several urls |
| Reference: | http://laboratorio.blogs.hispasec.com/ |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter