YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a0adea1156a7ba18acceb19eb51faa78e5ebe79583e998d148921ea3374c2928.

SHA256 hash:	a0adea1156a7ba18acceb19eb51faa78e5ebe79583e998d148921ea3374c2928
File size:	3'317'760 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	158186d41376c1e2e108362dd2d8ee98
SHA1 hash:	22cb3335b9f1291c562f6a350e502d77ef98f7df
SHA3-384 hash:	3ed92f278850db7ed5a0108974b39bdea6b63402b1f5ad563834659a4ae78739a106ad15735d61c1b8608feb8bff3d43
First seen:	2026-03-13 19:22:01 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	49152:WKIaFi6DcKcjrDCuOZdAEn6vIs42X8VI5YG:dt7
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_no_import_table Create hunting rule
Author:
Description:	Detect pe file that no import table
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-03-13 19:22:01 UTC Static: 5 Unpacker: 0 ClamAV: 0