YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 6b4e9b05da7ca33c8b51ab4b06330e35bb70cce1aa2afd3361e8595fdb157e2f.

SHA256 hash:	6b4e9b05da7ca33c8b51ab4b06330e35bb70cce1aa2afd3361e8595fdb157e2f
File size:	14'647'296 bytes
File download:	Original
MIME type:	application/octet-stream
MD5 hash:	d1a254be69e3f0b33e5bb9235a25c5ff
SHA1 hash:	d7bd74ff1096f54f52d1fbf1addbe8a24b93d44d
SHA3-384 hash:	46b6237a93d90d1fe74962bffda34d8f55dcfd47e61b649501c360863eddb06323f9745e6d637249fca0c4b820672851
First seen:	2026-06-29 08:11:27 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	49152:xYcCSsoJy8L6GSX0dIavcBd9oJy2L6GgX0dIgtcBdWYcCSuoJynL6GjX0dIF3Rxe:tZ
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	SUSP_Double_Base64_Encoded_Executable_RID34CC Create hunting rule
Author:	Florian Roth
Description:	Detects an executable that has been encoded with base64 twice
Reference:	https://twitter.com/TweeterCyber/status/1189073238803877889
TLP:	TLP:WHITE

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-06-29 08:11:28 UTC Static: 6 Unpacker: 0 ClamAV: 0