YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 9eb8fadaf8c766972a690ac705d6a4af32db75d84d290aa8a8584885e59204dd.

Scan Results

SHA256 hash: 9eb8fadaf8c766972a690ac705d6a4af32db75d84d290aa8a8584885e59204dd
File size:2'821'120 bytes
File download: Original
MIME type:application/x-msi
MD5 hash: 1f0d873c5869b7880d3b79cdd7ad7479
SHA1 hash: 4b7b60aa5c4ca6fc5bd45e1ce6119b754ca3a115
SHA3-384 hash: eacf5ea409a72768089944b5368bbe7b91e529485e664510930afc0477cef4bf59eb6b0a225703f38ed84c47ddb07db8
First seen:2026-03-29 17:18:15 UTC
Last seen:2026-03-29 17:20:14 UTC
Sightings:2
imphash :n/a
ssdeep : 49152:7b8Y+9MftgkKAWVqVZ9Rw4YP/BD/vTaPduTRUhfwEAB6zDojOwfFl4pqLOSGRvv5:kYE5A6qVPdKBqwMpqLN
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:8cd79d43-2b93-11f1-b47f-42010aa4000b
File name:1f0d873c5869b7880d3b79cdd7ad7479
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Detect_MSI_LATAM_Banker_From_LatAm
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:461bb7fd-2b93-11f1-b47f-42010aa4000b
File name:9eb8fadaf8c766972a690ac705d6a4af32db75d84d290aa8a8584885e59204dd.msi
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Detect_MSI_LATAM_Banker_From_LatAm
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.