YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 664bf3b9c0da55eef5c57d0ffbf1173a154f5205bfcb3ab2879ef0ee2e982b2c.

SHA256 hash:	664bf3b9c0da55eef5c57d0ffbf1173a154f5205bfcb3ab2879ef0ee2e982b2c
File size:	55'808 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	8d8f097eaedcdc6c65cd3b55811e7f0a
SHA1 hash:	bb5ebd242119b6fab6fecbfc2aec5d424b66762c
SHA3-384 hash:	50107e31ce81f8ff1e42b53c3a3db373803b232544e1e7c1a133939fe1a2a2ead2bf3ffc7e0bbdce3e50cf95acbb0968
First seen:	2026-04-12 14:38:11 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	1536:xKBOCgO4Ak+gfTcz5wN/rTX06hTC+usO:xKbg+6mk/rTX06hTFI
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_no_import_table Create hunting rule
Author:
Description:	Detect pe file that no import table
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-12 14:38:11 UTC Static: 7 Unpacker: 0 ClamAV: 0