YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7895d74cc7d6b6fecafec2a4e3ec52339b1b2f6418d4d741451fe8feae5d5deb.

Scan Results


SHA256 hash: 7895d74cc7d6b6fecafec2a4e3ec52339b1b2f6418d4d741451fe8feae5d5deb
File size:4'605'440 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 49ceeb39a167fd82f21ad8f0b40b36d4
SHA1 hash: aae3de8b0691e44da3fb0b6f4025104c1346132d
SHA3-384 hash: 1fbbf06b96e033dc192a43f4de774a42dd75948b390d988e30344c4154e5a0f94721a6b58e2ac528338f0cb667cb3b06
First seen:2026-07-19 11:09:33 UTC
Last seen:Never
Sightings:1
imphash : f5d47d9bde597690b256e14a9524e611
ssdeep : 49152:grAu5nTRxYbmLhVkwZYtAomH+1ErZVOEprfsPxUK+xJPEZ3lMGQqL/u9ivkAM+b:5LOVkw9eWrWGrhrJ8BlMGQqL/u9vAVb
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : e0c0b0e8e08082c0

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:523e96c6-8362-11f1-ad5e-42010aa4000b
File name:49ceeb39a167fd82f21ad8f0b40b36d4
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Check_OutputDebugStringA_iat
TLP:TLP:WHITE
Repository:
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:pe_detect_tls_callbacks
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:telebot_framework
Author:vietdx.mb
TLP:TLP:WHITE
Repository:YARAify
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.