YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 8d6bd8b9a88dce4fbac148d870e8b2ad535e4cbcd7ae2b310290ba119b423226.

Scan Results

SHA256 hash: 8d6bd8b9a88dce4fbac148d870e8b2ad535e4cbcd7ae2b310290ba119b423226
File size:667'648 bytes
File download: Original
MIME type:application/octet-stream
MD5 hash: 7d981c1a8d553cd30c3a903921f97ecb
SHA1 hash: 0aecfcae671b3b9a887f9f7a071c79618927c41f
SHA3-384 hash: 08a181ad389ceeeaf10e417ca9736fdf836d6780541cafed4cd54b7f66f4b84740bb29177aa7104efe1ab6d23906dfd4
First seen:2026-04-07 15:44:57 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 12288:h6D8EU2Yc1IyIs6zn10iLWy+WGG0bFz1PvRCsWnIkIFx:gDdGciG6TOiLWyOZpUsW7c
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:bb1be799-3298-11f1-b47f-42010aa4000b
File name:42b1000.shc
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:SUSP_XORed_Mozilla_Oct19
Create hunting rule
Author:Florian Roth
Description:Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_Mozilla_RID2DB4
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.