YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7748ad6f2db51ae974c9b393b9f612f60e8f73440e7fb3029ec67ecc682717dc.

SHA256 hash:	7748ad6f2db51ae974c9b393b9f612f60e8f73440e7fb3029ec67ecc682717dc
File size:	584'323 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	422193f12a73a58b6148cb45590fe403
SHA1 hash:	f6e85e7270b756c54321206ea0ba54c549266f00
SHA3-384 hash:	ee9c8fade855480b24b074138ae8153ca9831e763c4f2059a8fe89865e3cb598a66bad53b67d2f6ff027e17995cc05b1
First seen:	2025-11-21 02:43:14 UTC
Last seen:	Never
Sightings:	1
imphash :	7a21d89ccf5cda850f51dfba184eb7f0 Create hunting rule
ssdeep :	12288:xUlsXnKgWki45f2CMPlvXgtToUkSphApRuMKr+cIeNUWHC:qsOPlY1oUkSphADKycVTC
TLSH :	T1F0C48E26B6F08837D1771B749C6B82A994257E102D3894863FEC5F4C9F7D68236392F2 Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	Check_OutputDebugStringA_iat Create hunting rule
TLP:	TLP:WHITE
Repository:

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	yara_template Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-11-21 02:43:14 UTC Static: 6 Unpacker: 0 ClamAV: 0