YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a3117fb2dd2fadfb9f4f0dcee88707425326c5b7d6cc513aa31f78ef9c54d1ed.

SHA256 hash:	a3117fb2dd2fadfb9f4f0dcee88707425326c5b7d6cc513aa31f78ef9c54d1ed
File size:	249'856 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	721d3c92e823c933fa24cb13d0680ed3
SHA1 hash:	cad7d3250d30f88fa897ab27f9f1669fdc7a5377
SHA3-384 hash:	79ad03e5f59b597c1cce322c92f4dd956e118b09b5177da6536241bfc795ddf4fb707ee43341a15195b6fa22e9cd0dbc
First seen:	2026-03-15 13:16:46 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	3072:0n/JdEu+qhhl0lPW5kWOCVY/yvMEcMA0bgzdiDp2uU7e4lm6Pj7aNRCHeP3KqX+n:ButRj5kwdcMlIkN2ufc7GCot+
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Stealer_Stealc Create hunting rule
Author:	Still
Description:	attempts to match instructions/strings found in Stealc
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Suspicious_Process Create hunting rule
Author:	Security Research Team
Description:	Suspicious process creation
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	WIN_FileFix_Detection Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects FileFix social engineering technique that launches chained PowerShell and PHP commands from file explorer typed paths
Reference:	FileFix social engineering with PowerShell and PHP commands
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	WIN_WebSocket_Base64_C2_20250726 Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects configuration strings used by malware to specify WebSocket command-and-control endpoints inside Base64-encoded data. It looks for prefixes such as '#ws://' or '#wss://' that were found in QuasarRAT configuration data.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Windows_Generic_Threat_2bba6bae Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	Windows_Trojan_Generic_2993e5a5 Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-03-15 13:16:46 UTC Static: 13 Unpacker: 0 ClamAV: 0