YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 5c6fef52bef0738393cd388014db1ba72708caf7ecb40d0f35497fd318a45db3.

SHA256 hash:	5c6fef52bef0738393cd388014db1ba72708caf7ecb40d0f35497fd318a45db3
File size:	684'032 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	41e9a82f7cb885ea7c8ddcb31440f3a6
SHA1 hash:	a71e1ec4a8d54ab190047ff68c5aa618e320b9cd
SHA3-384 hash:	8b3dcffccda00d27b1cd70a660dc2cecd3acf284217a7ad9d19198c9c7f2a805ad47904c3ce3f1b1d1b52a015d347716
First seen:	2022-11-24 19:44:38 UTC
Last seen:	Never
Sightings:	1
imphash :	6bac3cfe8acb6c6c4a30aaa022de2388 Create hunting rule
ssdeep :	6144:l2UL2i9FKe9G6DMz1d2M+od7MHG+tOkWKR0F2UL2i9FKe9G6DMz1d2M+od7MHG++:l2sFd9G6DMz1o87L2sFd9G6DMz1o87
TLSH :	T18EE4D01BBE363584DB222B7D941F790C1C1D7C445EE48AFA493A7A863C7AE3967D3009 Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Ransomx-9959783-0 Create hunting rule

Signature:	Win.Trojan.Ulise-9792178-0 Create hunting rule

Signature:	Win.Trojan.Ulise-9792179-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	Suspicious_AutoIt_by_Microsoft_RID334C Create hunting rule
Author:	Florian Roth
Description:	Detects a AutoIt script with Microsoft identification
Reference:	Internal Research - VT
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2022-11-24 19:44:38 UTC Static: 1 Unpacker: 0 ClamAV: 3