YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 7272d0ce6135bc218ea1a5d86142e65ae12232674ea34f69c91e96a5d3061e19.
Scan Results
| SHA256 hash: | 7272d0ce6135bc218ea1a5d86142e65ae12232674ea34f69c91e96a5d3061e19 | |
|---|---|---|
| File size: | 504'168 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 0d8288840d3a0cc9f7d0e0fe33c2762e | |
| SHA1 hash: | 491d8de7d88b9dee950ff446ac25f0015b427f05 | |
| SHA3-384 hash: | dd21caaa2366034ae9f89194120fc2ac30c3461bcd9b80171346e82f51453769e3521a76261473ffb8cc74c5e08c5096 | |
| First seen: | 2026-04-02 15:59:24 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 28a099a911237a28521d8b7ea250f089 | |
| ssdeep : | 6144:Huk4fqjfRQqF6jtY03ZgLpp6TURimpBwXVUTL7E97IkXQxBRUoz0JehYvH7Aw0v9:h4fw96peEUBwXVwM9vylzdYvH7AwC | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | f0f0e2a0b0d469b2 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | eb9404e1-2eac-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 0d8288840d3a0cc9f7d0e0fe33c2762e | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Adware.Directdownloader-7007912-0 |
|---|
| Signature: | SecuriteInfo.com.Adware.Rogue.377354.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.JS.Downloader-83.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.not-a-virus.AdWare.NSIS.Indirect.a.24189.10487.17477.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.PUA.DomaIQ.24569.UNOFFICIAL |
|---|
| Signature: | Win.Malware.Agent-6386296-0 |
|---|
| Signature: | Win.Trojan.Directdownloader-22 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Detect_NSIS_Nullsoft_Installer |
|---|---|
| Author: | Obscurity Labs LLC |
| Description: | Detects NSIS installers by .ndata section + NSIS header string |
| TLP: | TLP:WHITE |
| Rule name: | Detect_SliverFox_String |
|---|---|
| Author: | huoji |
| Description: | Detect files is `SliverFox` malware |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Disable_Defender |
|---|---|
| Author: | iam-py-test |
| Description: | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | FreddyBearDropper |
|---|---|
| Author: | Dwarozh Hoshiar |
| Description: | Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | golang_bin_JCorn_CSC846 |
|---|---|
| Author: | Justin Cornwell |
| Description: | CSC-846 Golang detection ruleset |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | PE_Digital_Certificate |
|---|---|
| Author: | albertzsigovits |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | VECT_Ransomware |
|---|---|
| Author: | Mustafa Bakhit |
| Description: | Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter