YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash a3cf21814f860c8fdee100ed7399d9e6d1464ceecf8f7df0c71b88ca8bb2901a.

Scan Results

SHA256 hash: a3cf21814f860c8fdee100ed7399d9e6d1464ceecf8f7df0c71b88ca8bb2901a
File size:3'158'016 bytes
File download: Original
MIME type:application/octet-stream
MD5 hash: f454896093ee11fbcd3cabb599237e4b
SHA1 hash: 8499d1a540442855989718f302f567a5a6489366
SHA3-384 hash: 83dcd9557077f572ae760b0dcbbf187f53c4eec4a2bee6b2cc40658f47b3e7ba149792f9e3e1bfa0b4277e634eec433d
First seen:2026-03-15 10:01:17 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 12288:IaqyhmuIzDEXSVm2qg0SsRQwbV72HYuNbs/a/0xMVxEZKxb2O:ITyCDR/qgXsawJ6Y1MMZKxb2
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:e8c07ff6-2055-11f1-b47f-42010aa4000b
File name:6c40000.shc
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:SUSP_XORed_Mozilla_Oct19
Create hunting rule
Author:Florian Roth
Description:Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_Mozilla_RID2DB4
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.