YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 6816deb1a947df151d406510eb7634786e5813d81a2426447ba8f07f4e6e7e15.

Scan Results

SHA256 hash: 6816deb1a947df151d406510eb7634786e5813d81a2426447ba8f07f4e6e7e15
File size:2'903'396 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 10a519f6dd25d45edaee4954245aeb22
SHA1 hash: b01fdf91d3fcf68e8ca34aaac61f79c99f13d0d9
SHA3-384 hash: 2e3aea3b5e06927cd24b6e03ae16da94b95bd7ef402de18a0b05e336c7234604dd19973bed5f24a2f2946cb08f8f2ae5
First seen:2025-11-21 02:52:01 UTC
Last seen:Never
Sightings:1
imphash : 6a91eb82bfd19d2706c7d43c46f7064e
Create hunting rule
ssdeep : 49152:MWfTE2KtrYTHCJZe4jgxBBjHQtDA8QLhxripxS:nEPqtzLF
TLSH : T1DDD56C1133F88617D4BF4778B4B209219BB5F9067727DB4F0B44A9BA2CA3B908D52763
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:0e31c35a-c685-11f0-adeb-42010aa4000b
File name:10a519f6dd25d45edaee4954245aeb22
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Any_SU_Domain
Create hunting rule
Author:you
Description:Detect any reference to .su domains or subdomains
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:grakate_stealer_nov_2021
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:win32_dotnet_form_obfuscate
Create hunting rule
Author:Reedus0
Description:Rule for detecting .NET form obfuscate malware
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:win32_dotnet_loader
Create hunting rule
Author:Reedus0
Description:Rule for detecting .NET loader malware
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.