Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 66a11264733a00145d3f9c1a785ed62fa6d4031af7c0b06160d02279676c86f2.

Scan Results

SHA256 hash: 66a11264733a00145d3f9c1a785ed62fa6d4031af7c0b06160d02279676c86f2
File size:23'375'872 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: c8bd44159f93ca8af614920e736b758d
SHA1 hash: a3c38d6d4c4c1d151d896c6b2e32cb78ba5c14b4
SHA3-384 hash: d4d88d27af6f518d3597318918e1da05fec35e0fa0ac0d9967aa726cebaea4b2e49aabf19bafa5207fc088a23147fdd1
First seen:2022-11-24 19:50:28 UTC
Last seen:Never
Sightings:1
imphash : 94cb2a34d9965d9ee874a9b9d4482574
Create hunting rule
ssdeep : 393216:AMojrOxBX51CKe9rusdRvkcOC8FgaoFwbYBbhBn0mm5v8y:twSHg96s/McOC6gvbhn3y
TLSH : T18D378C636BA2897AD76253304C35BB6F91BDBB710F618C0FA35D2A6D1DF05817A60323
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:3f8077d8-6c31-11ed-a71a-42010aa4000b
File name:6b720000.mso.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
TLP:TLP:WHITE
Repository:YARAify
Rule name:QbotStuff
Create hunting rule
Author:anonymous
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.