Task Information
Task ID: d8e6a642-8361-11f1-ad5e-42010aa4000b
File name: 67f49b0ee1589cedd55e7d96e9df3590
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: classified
Author: classified
Description: classified
TLP : TLP:AMBER
Rule name: command_and_control
Alert
Author: CD_R0M_
Description: This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP: TLP:WHITE
Repository: CD-R0M
Rule name: CP_Script_Inject_Detector
Alert
Author: DiegoAnalytics
Description: Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerCheck__QueryInfo
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: dependsonpythonailib
Alert
Author: Tim Brown
Description: Hunts for dependencies on Python AI libraries
TLP: TLP:WHITE
Repository: YARAify
Rule name: Detect_Go_GOMAXPROCS
Alert
Author: Obscurity Labs LLC
Description: Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP: TLP:WHITE
Repository: YARAify
Rule name: classified
Author: classified
Description: classified
Rule name: DetectEncryptedVariants
Alert
Author: Zinyth
Description: Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP: TLP:WHITE
Repository: YARAify
Rule name: DetectGoMethodSignatures
Alert
Author: Wyatt Tauber
Description: Detects Go method signatures in unpacked Go binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: FreddyBearDropper
Alert
Author: Dwarozh Hoshiar
Description: Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP: TLP:WHITE
Repository: YARAify
Rule name: MD5_Constants
Alert
Author: phoul (@phoul)
Description: Look for MD5 constants
TLP: TLP:WHITE
Repository:
Rule name: ProgramLanguage_Golang
Alert
Author: albertzsigovits
Description: Application written in Golang programming language
TLP: TLP:WHITE
Repository:
Rule name: RIPEMD160_Constants
Alert
Author: phoul (@phoul)
Description: Look for RIPEMD-160 constants
TLP: TLP:WHITE
Repository:
Rule name: SEH__vectored
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: SHA1_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA1 constants
TLP: TLP:WHITE
Repository:
Rule name: SHA512_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA384/SHA512 constants
TLP: TLP:WHITE
Repository:
Rule name: Sus_All_Windows_PE_Malware
Alert
Author: DiegoAnalytics
Description: Detects Windows PE malware of all types, avoids non-executables like .html
TLP: TLP:WHITE
Repository: YARAify
Rule name: Suspicious_Golang_Binary
Alert
Author: Tim Machac
Description: Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP: TLP:WHITE
Repository: YARAify
Rule name: Suspicious_Process
Alert
Author: Security Research Team
Description: Suspicious process creation
TLP: TLP:WHITE
Repository: YARAify
Rule name: TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Alert
Author: CYFARE
Description: Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference: https://cyfare.net/
TLP: TLP:WHITE
Repository: YARAify
Rule name: ThreadControl__Context
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: vmdetect
Alert
Author: nex
Description: Possibly employs anti-virtualization techniques
TLP: TLP:WHITE
Repository:
Rule name: WIN_WebSocket_Base64_C2_20250726
Alert
Author: dogsafetyforeverone
Description: Detects configuration strings used by malware to specify WebSocket command-and-control endpoints inside Base64-encoded data. It looks for prefixes such as '#ws://' or '#wss://' that were found in QuasarRAT configuration data.
TLP: TLP:WHITE
Repository: YARAify
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter