YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 66e840d80cf73a68e830da3b8b1232a348a3d135c1f82fe7300b3fed518b23ed.

Scan Results


SHA256 hash: 66e840d80cf73a68e830da3b8b1232a348a3d135c1f82fe7300b3fed518b23ed
File size:4'733'447 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: bd5dde948356dac0add66ec91c7771fd
SHA1 hash: 7db3e8c001e5d41ba8e525f6acb4569444dd79cd
SHA3-384 hash: 5ac9300c57e4fc0881c70fd55dec4f41be119b9ae8d4c339c3c4daf3bc4ac3ddee886d94d99013ac342526f8aab51df2
First seen:2023-01-25 09:29:34 UTC
Last seen:Never
Sightings:1
imphash : 65b6862e9898b195f4ef7a1685fd82dd
ssdeep : 98304:kdFgVxWfTjLzbKsUmjtc8w1WfTje/6oF+jCUtDx:KGgXOfEXhF
TLSH : T1DB268C017BE90529F1B34B7629BB53A50A79BC726F11C5CF329C314E1AB2AC48E71763
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:c7dd4658-9c92-11ed-98c2-42010aa4000b
File name:bd5dde948356dac0add66ec91c7771fd
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.Agent.FRYR.UNOFFICIAL
Signature:Win.Malware.Sivis-6737728-0
Signature:Win.Malware.Sivis-6838221-0
Signature:Win.Malware.Sivis-6838247-0
Signature:Win.Malware.Sivis-9877374-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:adonunix2
Author:Tim Brown @timb_machine
Description:AD on UNIX
TLP:TLP:WHITE
Repository:malware-bazaar
Rule name:meth_get_eip
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:yaraify
Rule name:pdb_YARAify
Author:@wowabiy314
Description:PDB
TLP:TLP:WHITE
Repository:yaraify
Rule name:RAT_Sakula
Author:Airbus Defence and Space Cybersecurity CSIRT - Yoann Francou / NCC Group David Cannings
Description:Detects Sakula v1.0 RAT
Reference:http://blog.airbuscybersecurity.com/public/YFR/sakula_v1x.yara
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:TeslaCryptPackedMalware
TLP:TLP:WHITE
Repository:malware-bazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.