YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7ae8ccff1bcad2512aedccce479ec83b005753b8291ef2f40b9840e4736a8b3a.

Scan Results

SHA256 hash:	7ae8ccff1bcad2512aedccce479ec83b005753b8291ef2f40b9840e4736a8b3a
File size:	17'469'716 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	01377b19f9036877c5dd87fb4ed9eab4
SHA1 hash:	b8d239d029d89abf9b1e067a1748a86dddb7febc
SHA3-384 hash:	44045723e805b89ce22cb5b211fd06fa9a2d698151bbfe02f83ffb44ccdd6b2e310bb069dbbf91669ebe2d1ae73a0bd3
First seen:	2026-04-27 14:58:47 UTC
Last seen:	Never
Sightings:	1
imphash :	3c10d2aa2614755ccdb513472bf0a6a1 Create hunting rule
ssdeep :	98304:h2cPK8xO2cPK8x07pk2cPK8xO2cPK8x07pSp7n/fh6ImzzJoDfuBcMv+A73XA:4CK0CK9CK0CKanHh6ImzD+F
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	98055f99-4249-11f1-badc-42010aa4000b
File name:	01377b19f9036877c5dd87fb4ed9eab4
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	classified
Author:	classified
Description:	classified
TLP :	TLP:AMBER

Rule name:	AutoIT_Compiled Create hunting rule
Author:	@bartblaze
Description:	Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
TLP:	TLP:WHITE
Repository:	bartblaze

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	GoBinTest Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified

Rule name:	classified

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language
TLP:	TLP:WHITE
Repository:

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants
TLP:	TLP:WHITE
Repository:

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.