YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 51212ebb60c573b42b606f814cc01e4d0d2186c6374d937c38b2b30513a83108.
Scan Results
| SHA256 hash: | 51212ebb60c573b42b606f814cc01e4d0d2186c6374d937c38b2b30513a83108 | |
|---|---|---|
| File size: | 316'086 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | ec0b5544b559f946c9e9036852bd079a | |
| SHA1 hash: | 13f7551d30812d24c63c7f7f9830a5c173f6d4fb | |
| SHA3-384 hash: | 65aa0606dff3092e091d1494ef67f59a933d65b08b82924399e227cafd27e86cacbc397b670711f2e82e1721d8ca67a0 | |
| First seen: | 2023-01-25 09:39:49 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | a620f3ccf29aa747bcdc0aea9e7e34be | |
| ssdeep : | 6144:V/eHnriXUU5EYCTvaBjRjWrLJKuKnGML5Njcx5:ByOUusvalgg5Nja | |
| TLSH : | T1A864CF0A73AA454AE677493C3A66C29112A3BD784F2746DB3587313E3DB5E520C2EF43 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 3605a896-9c94-11ed-98c2-42010aa4000b | |
|---|---|---|
| File name: | 400000.system.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Moonlight-9890813-0 |
|---|
| Signature: | Win.Malware.Moonlight-9934254-0 |
|---|
| Signature: | Win.Malware.Moonlight-9934996-0 |
|---|
| Signature: | Win.Trojan.Moonlight-9881795-0 |
|---|
| Signature: | Win.Trojan.Virut-113 |
|---|
| Signature: | Win.Trojan.Virut-22 |
|---|
| Signature: | Win.Trojan.Virut-308 |
|---|
| Signature: | Win.Worm.Moonlight-9779178-0 |
|---|
| Signature: | Win.Worm.Ulise-9778387-0 |
|---|
| Signature: | Win.Worm.VB-663 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | TeslaCryptPackedMalware |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter