YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 66e9b1676f93e7bf487579673fad26b2e0526dd4d5475b6f76f49abdfa27a14e.
Scan Results
| SHA256 hash: | 66e9b1676f93e7bf487579673fad26b2e0526dd4d5475b6f76f49abdfa27a14e | |
|---|---|---|
| File size: | 9'053'311 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 74d2433fdf14d36b1c3875e44657233d | |
| SHA1 hash: | 12beb0fda0736b2b44bc397f16206db26829b5c4 | |
| SHA3-384 hash: | 3fedf5cfc2dc3fc585e3ce7d221a830802ddb081c3d664282cb4fe7dd4f8991f6ca1bd650ada55949a18a5503291f9a3 | |
| First seen: | 2022-11-24 19:43:07 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | b6026fe7e69c5adb69731f2c8c4f8cb5 | |
| ssdeep : | 3072:SGjm7DYfm4SRR+NaVEs+k6kiS+94ERR6gR0bRbDcBm7DYfm4SRR+NaVEs+k6kiSb:SmIoIRRGaVExfdVIoIRRGaVExfdbAo | |
| TLSH : | T14496E907B6FA5B19F3BB4E346AB152B1A73BFCD2D81DC34885C0050994F1681A9A5FE3 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 38216440-6c30-11ed-a71a-42010aa4000b | |
|---|---|---|
| File name: | 53dac9e.dll | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Trojan.Nanocore-5 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | MALWARE_Win_NanoCore |
|---|---|
| Author: | ditekSHen |
| Description: | Detects NanoCore |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | nanocore_rat |
|---|---|
| Author: | jeFF0Falltrades |
| TLP: | TLP:WHITE |
| Repository: | jeFF0Falltrades |
| Rule name: | nanocore_surveillance_plugin |
|---|---|
| Author: | jeFF0Falltrades |
| TLP: | TLP:WHITE |
| Repository: | jeFF0Falltrades |
| Rule name: | win_nanocore_w0 |
|---|---|
| Author: | Kevin Breen <kevin@techanarchy.net> |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Windows_Trojan_Nanocore_d8c4e3c5 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter