YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 5494c9415fd6f173269f1030da0a0c9fb06fe60a2bcbeae772e42bddb1fc3ccb.

Scan Results

SHA256 hash: 5494c9415fd6f173269f1030da0a0c9fb06fe60a2bcbeae772e42bddb1fc3ccb
File size:16'248'712 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 64205cd5aa7ef70db0510b731fc3c190
SHA1 hash: 9e1d232d3f47f2d373497bf99735c3df48dff358
SHA3-384 hash: b438f2268c8a49b4d972eb6f698e73f51c0e7836b423d73a9ee5fb6c2f97c230d3d4e5f073eb77e9414a404332f25fcd
First seen:2025-11-21 08:17:31 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 196608:AbByuDI78Jg+P/oJxfxLe5dpXnApXnYDpXnYBpXnY:DuDosmB
TLSH : T1B0F67C40ABE4DE1BD1BF2375A0F100115BB1D049A762EB8B5B98E6B53C527417E0B2BF
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:86a0126c-c6b2-11f0-a73e-42010aa4000b
File name:14728078.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:ditekSHen.MALWARE.Win.Trojan.AsyncRAT.UNOFFICIAL
Create hunting rule
Signature:Win.Malware.Bulz-9916789-0
Create hunting rule
Signature:Win.Malware.Bulz-9982456-0
Create hunting rule
Signature:Win.Malware.Generickdz-9865912-0
Create hunting rule
Signature:Win.Malware.Zusy-10034587-0
Create hunting rule
Signature:Win.Packed.Adwarex-9851111-0
Create hunting rule
Signature:Win.Packed.AsyncRAT-9938103-1
Create hunting rule
Signature:Win.Packed.Bulz-9891112-0
Create hunting rule
Signature:Win.Packed.Datastealer-9856291-0
Create hunting rule
Signature:Win.Packed.Msilzilla-10005487-0
Create hunting rule
Signature:Win.Packed.Razy-9807129-0
Create hunting rule
Signature:Win.Packed.Tedy-10017583-0
Create hunting rule
Signature:Win.Trojan.AsyncRAT-9914220-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AcRat
Create hunting rule
Author:Nikos 'n0t' Totosis
Description:AcRat Payload (based on AsyncRat)
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:BAZT_B5_NOCEXInvalidStream
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:detect_powershell
Create hunting rule
Author:daniyyell
Description:Detects suspicious PowerShell activity related to malware execution
TLP:TLP:WHITE
Repository:YARAify
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:TLP:WHITE
Repository:YARAify
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:grakate_stealer_nov_2021
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_B64_Artifacts
Create hunting rule
Author:ditekSHen
Description:Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_CC_Regex
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing credit card regular expressions
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_Discord_Regex
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing Discord tokens regular expressions
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA
Create hunting rule
Author:ditekSHen
Description:Detects Windows executables referencing non-Windows User-Agents
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_References_VPN
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many VPN software clients. Observed in infosteslers
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
Create hunting rule
Author:ditekSHen
Description:Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing Windows vault credential objects. Observed in infostealers
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_WirelessNetReccon
Create hunting rule
Author:ditekSHen
Description:Detects executables with interest in wireless interface using netsh
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice
Create hunting rule
Author:ditekSHen
Description:Detects executables attemping to enumerate video devices using WMI
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:INDICATOR_SUSPICIOUS_References_SecTools
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many IR and analysis tools
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
TLP:TLP:WHITE
Repository:YARAify
Rule name:Macos_Infostealer_Wallets_8e469ea0
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:MALWARE_Win_ArrowRAT
Create hunting rule
Author:ditekSHen
Description:Detects ArrowRAT
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MALWARE_Win_AsyncRAT
Create hunting rule
Author:ditekSHen
Description:Detects AsyncRAT
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MALWARE_Win_DLAgent10
Create hunting rule
Author:ditekSHen
Description:Detects known downloader agent
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MALWARE_Win_StormKitty
Create hunting rule
Author:ditekSHen
Description:Detects StormKitty infostealer
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MALWARE_Win_VenomRAT
Create hunting rule
Author:ditekSHen
Description:Detects VenomRAT
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:NETDIC208_NOCEX_NOREACTOR
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Njrat
Create hunting rule
Author:botherder https://github.com/botherder
Description:Njrat
TLP:TLP:WHITE
Repository:
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:TH_Win_ETW_Bypass_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Windows ETW Bypass Detection Rule - 2025
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:venomrat
Create hunting rule
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:jeFF0Falltrades
Rule name:Windows_Generic_Threat_21253888
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Generic_Threat_2bb6f41d
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Generic_Threat_ce98c4bc
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_DCRat_1aeea1ac
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.