YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 4f5478215699ddae37c10abdf113eaeec615f2e3ae6b44cac8499a033d87a0db.

Scan Results


SHA256 hash: 4f5478215699ddae37c10abdf113eaeec615f2e3ae6b44cac8499a033d87a0db
File size:3'944'448 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 30e34eb02e72d5623c818c4c5e4fb02c
SHA1 hash: 671ddce31efb836dc99c88df2041146cffeb60c0
SHA3-384 hash: 954340b35ecc7732585ec1958f7d133498c0a1808ccc09aeeba13bbb90ae8baa6c7a2be7cc6ee626271c2efcbe12fb5d
First seen:2023-01-25 09:40:16 UTC
Last seen:Never
Sightings:1
imphash : faea3b5876b3be6a6bd6c30b8f6f4f0c
ssdeep : 98304:vNr8rxHpwNRAhVxGIHHiHbYD4HIdqLv+r0D:WrnwHaxGZ+9q6r0
TLSH : T12B062212F6919073D0631A3D9E4BE3ADB53A7E111F2C98877FD43A4C8A712D239761CA
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:4620cbd4-9c94-11ed-98c2-42010aa4000b
File name:400000.756b31fa-560-4ff3-9b64-9fa9b59bb554.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Delf-9983630-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:INDICATOR_EXE_Packed_VMProtect
Author:ditekSHen
Description:Detects executables packed with VMProtect.
TLP:TLP:WHITE
Repository:ditekshen
Rule name:SUSP_XORed_Mozilla
Author:Florian Roth
Description:Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_Mozilla_RID2DB4
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
TLP:TLP:WHITE
Rule name:VMProtectStub
Author:@bartblaze
Description:Identifies VMProtect packer stub.
TLP:TLP:WHITE
Repository:bartblaze

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.