YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash b3dffa03604ed3b9ee9cf6ed6327f5fe89a5d253e6e37b798483a5b9e661448d.

SHA256 hash:	b3dffa03604ed3b9ee9cf6ed6327f5fe89a5d253e6e37b798483a5b9e661448d
File size:	3'903'488 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	119b82f53209784052f67754def2812f
SHA1 hash:	9787c5e5a99ae4c0c709ee9efc6c1e2db0ea67c3
SHA3-384 hash:	a78521acdc1b21d632ec01d4e55fe84058f4dcc175d6990022594cd76d1f1bf10969f571e0dcac3c4f0fbe5f9dca6528
First seen:	2025-11-20 23:57:43 UTC
Last seen:	Never
Sightings:	1
imphash :	40810e1aaeb20451cbec3c1208dafef6 Create hunting rule
ssdeep :	98304:4qEv60gsOTGMN6bbjNCZia56g65PRdKNtMGMnRm:F0XQGMN6bb+
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	PUA.Win.Packer.PrivateExeProte-11 Create hunting rule

Signature:	PUA.Win.Packer.Simplepack-9 Create hunting rule

Signature:	PUA.Win.Packer.SpanCode0Symbol-2 Create hunting rule

Signature:	Win.Trojan.Hupigon-9975556-0 Create hunting rule

Signature:	Win.Trojan.Packed-78 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	aPLib_decompression Create hunting rule
Author:	@r3c0nst
Description:	Detects aPLib decompression code often used in malware
Reference:	https://ibsensoftware.com/files/aPLib-1.1.1.zip
TLP:	TLP:WHITE
Repository:	fboldewin

Rule name:	CobaltStrikeBeacon Create hunting rule
Author:	ditekshen, enzo & Elastic
Description:	Cobalt Strike Beacon Payload
TLP:	TLP:WHITE
Repository:	CAPE

Rule name:	SimplePackV11XV12XMethod1bagie Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-11-20 23:57:43 UTC Static: 3 Unpacker: 0 ClamAV: 5