YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 96c1800252ec8b110503037388c0d101201658ddad54627fcd3da647d3311b71.

SHA256 hash:	96c1800252ec8b110503037388c0d101201658ddad54627fcd3da647d3311b71
File size:	26'950 bytes
File download:	Original Unpacked
MIME type:	application/x-dosexec
MD5 hash:	1136b4b7c05f44ef3f80c7af61251072
SHA1 hash:	45949af946959ac6a2c13598f1894113cd04be44
SHA3-384 hash:	0afd9869ca07473acc964989fc328a1ba9cc5c499b6597207d24bf9df5cff35f232482a08675780026d32aefc572c479
First seen:	2025-11-21 02:45:10 UTC
Last seen:	Never
Sightings:	1
imphash :	2cdee14b2756dc3177363525de78b1e9 Create hunting rule
ssdeep :	384:Mng4j8Gs/sRHSv9W705ZqSA7hyTM/0uOhXmaVmql4:MnDj8GsmIlAFyTqUhWapW
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	1003873d31213f10 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Trojan.Gamarue-9776515-0 Create hunting rule

Signature:	Win.Trojan.Gamarue-9776559-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Disable_Defender Create hunting rule
Author:	iam-py-test
Description:	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-11-21 02:45:11 UTC Static: 3 Unpacker: 0 ClamAV: 2