YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 500588b1bb5b4c7c50483081baa11aa76940e0b2e93355c206d70f6c4ccd1e37.

Scan Results


SHA256 hash: 500588b1bb5b4c7c50483081baa11aa76940e0b2e93355c206d70f6c4ccd1e37
File size:135'168 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: b1b3325b1e1d77af6ff8082064dc1e77
SHA1 hash: a725c072b8cbf81fcca872a381b040c89b792736
SHA3-384 hash: 8a250fa8d2694997a41c8ab7dcf26d2c17de96e9edc75f6a4d9904ad634f286e0caa4b4c24195fe3514ca357fcb46383
First seen:2022-11-24 19:41:39 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 1536:iE3qz4ayX9ioT5Xl8lQWj1vTo5G6kvBzodfjZml4sHT:f79l86WqGzIfjZmlFHT
TLSH : T183D38D11B881C573C00AD4711499D2A2AA3DF9316A79A983F39D1F7B9FB03D0663E397
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:041583e1-6c30-11ed-a71a-42010aa4000b
File name:400000.AhnSvc.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Dropper.Tinba-9943147-2
Signature:Win.Malware.Scar-9776391-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:INDICATOR_EXE_Packed_MPress
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
TLP:TLP:WHITE
Repository:ditekshen
Rule name:meth_get_eip
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.