YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 51212ebb60c573b42b606f814cc01e4d0d2186c6374d937c38b2b30513a83108
.
Scan Results
SHA256 hash: | 51212ebb60c573b42b606f814cc01e4d0d2186c6374d937c38b2b30513a83108 | |
---|---|---|
File size: | 316'086 bytes | |
File download: | Original | |
MIME type: | application/x-dosexec | |
MD5 hash: | ec0b5544b559f946c9e9036852bd079a | |
SHA1 hash: | 13f7551d30812d24c63c7f7f9830a5c173f6d4fb | |
SHA3-384 hash: | 65aa0606dff3092e091d1494ef67f59a933d65b08b82924399e227cafd27e86cacbc397b670711f2e82e1721d8ca67a0 | |
First seen: | 2023-01-25 09:39:49 UTC | |
Last seen: | Never | |
Sightings: | 1 | |
imphash : | a620f3ccf29aa747bcdc0aea9e7e34be | |
ssdeep : | 6144:V/eHnriXUU5EYCTvaBjRjWrLJKuKnGML5Njcx5:ByOUusvalgg5Nja | |
TLSH : | T1A864CF0A73AA454AE677493C3A66C29112A3BD784F2746DB3587313E3DB5E520C2EF43 | |
telfhash : | n/a | |
gimphash : | n/a | |
dhash icon : | n/a |
Tasks
You can browse the 10 most recent tasks associated with this file blow.
Task Information
Task ID: | 3605a896-9c94-11ed-98c2-42010aa4000b | |
---|---|---|
File name: | 400000.system.exe | |
Task parameters: | ClamAV scan: | True |
Unpack: | False | |
Share file: | True |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
Signature: | Win.Malware.Moonlight-9890813-0 |
---|
Signature: | Win.Malware.Moonlight-9934254-0 |
---|
Signature: | Win.Malware.Moonlight-9934996-0 |
---|
Signature: | Win.Trojan.Moonlight-9881795-0 |
---|
Signature: | Win.Trojan.Virut-113 |
---|
Signature: | Win.Trojan.Virut-22 |
---|
Signature: | Win.Trojan.Virut-308 |
---|
Signature: | Win.Worm.Moonlight-9779178-0 |
---|
Signature: | Win.Worm.Ulise-9778387-0 |
---|
Signature: | Win.Worm.VB-663 |
---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: | command_and_control |
---|---|
Author: | CD_R0M_ |
Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
TLP: | TLP:WHITE |
Repository: | CD-R0M |
Rule name: | meth_get_eip |
---|---|
Author: | Willi Ballenthin |
TLP: | TLP:WHITE |
Repository: | yaraify |
Rule name: | TeslaCryptPackedMalware |
---|---|
TLP: | TLP:WHITE |
Repository: | malware-bazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter