YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash b2fcb3b733e45262a882d4f0cf8390600eadebc5947b10423dd45300849b534d.
Scan Results
| SHA256 hash: | b2fcb3b733e45262a882d4f0cf8390600eadebc5947b10423dd45300849b534d | |
|---|---|---|
| File size: | 11'533'591 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 05f3a27a1f088e6a59f17c9b2225718d | |
| SHA1 hash: | 34826523cb53a18a7a18c4526c397d8da7827a9c | |
| SHA3-384 hash: | 18aa7b5c84058874fb6078b3f21b286a095e1d66f8e64a137ef8b4252f620ed3f7adf7b15c41dc55a0e57071551d8ee9 | |
| First seen: | 2025-11-21 02:48:59 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 61259b55b8912888e90f516ca08dc514 | |
| ssdeep : | 196608:XeHtvEOU1W5CfHusu9VLjFHeQf56TunhUBTLuR+dLe1oWFYSjrhk9bW:XaKOr5C/usKjhdqGIC7FfPhmbW | |
| TLSH : | T1E8C63385DBBE6626E38D6D31ED49989A064EFC96D08364EFD30F9F80A4FDC217B01542 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 9a8ccce4dcdc94b6 | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | a1afc1ca-c684-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | 05f3a27a1f088e6a59f17c9b2225718d | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.Devcpp-2 |
|---|
| Signature: | Win.Trojan.MSShellcode-6360728-0 |
|---|
| Signature: | Win.Trojan.MSShellcode-6360729-4 |
|---|
| Signature: | Win.Trojan.MSShellcode-6360730-0 |
|---|
| Signature: | Win.Trojan.Swrort-5710536-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Detect_NSIS_Nullsoft_Installer |
|---|---|
| Author: | Obscurity Labs LLC |
| Description: | Detects NSIS installers by .ndata section + NSIS header string |
| TLP: | TLP:WHITE |
| Rule name: | Hunting_Rule_ShikataGaNai |
|---|---|
| Author: | Steven Miller |
| Reference: | https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter