YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 51766b165201b04153cc009969410f079ee379049e898025f4ad5cd372def089.
Scan Results
| SHA256 hash: | 51766b165201b04153cc009969410f079ee379049e898025f4ad5cd372def089 | |
|---|---|---|
| File size: | 20'952'120 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 42f755c792ca308c1cd06ebce4585e7a | |
| SHA1 hash: | 68571d7560c15a9d0b8c26e951ca5a3044ef2638 | |
| SHA3-384 hash: | 7a821a9cdc649d9bcd4af8be9d94f3b1dfe69d0e41d6a33bffb3557e290065afa3d690b178da1f9c536539d8cad93449 | |
| First seen: | 2026-03-14 15:36:59 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 43cb8f665ad477bacdc7111c97a610df | |
| ssdeep : | 393216:TTYxur+NVmmrRSk/er/qLcmHwgiIILORyWNBtgcOCCtpla6hl4EX7bOu:Qxs+NX+r/q/QgiIIqRyY0tXtj5X7iu | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 71f8cccca8cce071 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | a3f82546-1fbb-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 42f755c792ca308c1cd06ebce4585e7a | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Trojan.Winlock-6629293-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | BLOWFISH_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for Blowfish constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | DebuggerCheck__QueryInfo |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
| Rule name: | DetectEncryptedVariants |
|---|---|
| Author: | Zinyth |
| Description: | Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | INDICATOR_EXE_Packed_VMProtect |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables packed with VMProtect. |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | RANSOMWARE |
|---|---|
| Author: | ToroGuitar |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | RedOctoberPluginCollectInfo |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | Intezer |
| Rule name: | RIPEMD160_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for RIPEMD-160 constants |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | SHA1_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for SHA1 constants |
| TLP: | TLP:WHITE |
| Repository: |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter