YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 4e7fe0f3168dbb0569f638b5f0e91b538c0ea443ac29cff7e543b20d9b14b43d.

Scan Results


SHA256 hash: 4e7fe0f3168dbb0569f638b5f0e91b538c0ea443ac29cff7e543b20d9b14b43d
File size:53'814 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 88578132de9b8c11a7e1430e8c982fc8
SHA1 hash: b09652b27502e2e563e99b794079e8ca52b7ce94
SHA3-384 hash: c01b4d64df6204f3a9de7768a225622834ecf77affb9021d3506a3cbe81ae0c1cedc12413f082445907668bdc93e74e1
First seen:2023-01-25 09:35:46 UTC
Last seen:Never
Sightings:1
imphash : f0f0b8deb1535386293e4ec850ef295a
ssdeep : 768:hqwzz/A78wfHWiJ5AgM/jEk284UKFw2C5wR3l5kxifivsByee0Tsn:lAowfNJFgjT284U+w2EwRzkIUoyeel
TLSH : T1E6338E6BBCC60476D1D3037124798777AA3F69110EB64297DBD8DD2E2A3A3909D39382
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:a57cb856-9c93-11ed-98c2-42010aa4000b
File name:400000.microsofthelp.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.File.Generic-9752263-0
Signature:PUA.Win.Packer.AcprotectUltraprotect-1
Signature:PUA.Win.Packer.Anti-28
Signature:PUA.Win.Packer.Anti-29
Signature:PUA.Win.Packer.Nspack-1
Signature:PUA.Win.Packer.Nspack-22
Signature:PUA.Win.Packer.Nspack-25
Signature:PUA.Win.Packer.Nspack-26
Signature:Win.Malware.Daws-9952733-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:meth_get_eip
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.