YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash aea8fe5779c0c4bac87c5398971f9a59654380e896186af494df050f61d1dcdd.

Scan Results

SHA256 hash: aea8fe5779c0c4bac87c5398971f9a59654380e896186af494df050f61d1dcdd
File size:4'041'172 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 0f41e5d14148d3f243cf4069ca50bd7e
SHA1 hash: 3be722323a952042d13c18472a06b2121eee93fd
SHA3-384 hash: 2b37a650ee9da645d78a5d39eada2f89b1893f19a16bc546eca86c2bf349191e23eecfeff927b6ae33db465dccfd80c2
First seen:2026-03-22 19:13:35 UTC
Last seen:Never
Sightings:1
imphash : 441ae27e83ab37874d41564217733297
Create hunting rule
ssdeep : 49152:zqatgl0iw2Q/4MnYYJ2ZhqSGLHkJEMX/4MnYYJ2ZhqSGLHkJEMyqatgl0iw2py6o:X+IDQgIDQ4Atk
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 68f0e4ecfcf0f0e8
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:39c1be79-2623-11f1-b47f-42010aa4000b
File name:0f41e5d14148d3f243cf4069ca50bd7e
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Variant.Mikey.184626.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.W32.MOMX.8233.tr.UNOFFICIAL
Create hunting rule
Signature:Win.Ransomware.Azov-10044440-0
Create hunting rule
Signature:Win.Ransomware.Azov-10044441-0
Create hunting rule
Signature:Win.Worm.Agent-1299329
Create hunting rule
Signature:Win.Worm.Virfire-6814275-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
TLP:TLP:WHITE
Repository:
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:Indicator_MiniDumpWriteDump
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
TLP:TLP:WHITE
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:TH_Win_ETW_Bypass_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Windows ETW Bypass Detection Rule - 2025
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.