YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ac08fff883aca3fa3243671bf230131f64d7054d07f52b00466ce6e28c541f61.

SHA256 hash:	ac08fff883aca3fa3243671bf230131f64d7054d07f52b00466ce6e28c541f61
File size:	659'456 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	2f3a1f941be693ee563051efe26a3ff2
SHA1 hash:	7076cca20f3f4709623b4bb4d941279b29e6daee
SHA3-384 hash:	1198d97bd0ce0dd0482b3d375a64e42d0bdc72deb915e492b8b9c38469c9340e0dbfa876b15602bcab76aad4e97dc889
First seen:	2022-11-24 19:41:30 UTC
Last seen:	Never
Sightings:	1
imphash :	0bfb4502b7427d90a9fa0442dea9af55 Create hunting rule
ssdeep :	6144:eSTzDMaMNhXbyuWt2EHOO+7qeA5fphPFrKz1K5Ce9G6DMzFd2M+od7MHG+tOkWKq:jTe7A19G6DMzFo87
TLSH :	T1F5E45C4BEC40A7BAC72E4275C46F374D0A167B117EC7EE579239A0417D23E6223A624F Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Ransomx-9959783-0 Create hunting rule

Signature:	Win.Trojan.Ulise-9792178-0 Create hunting rule

Signature:	Win.Trojan.Ulise-9792179-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Suspicious_AutoIt_by_Microsoft_RID334C Create hunting rule
Author:	Florian Roth
Description:	Detects a AutoIt script with Microsoft identification
Reference:	Internal Research - VT
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2022-11-24 19:41:30 UTC Static: 3 Unpacker: 0 ClamAV: 3