YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash b57eba268dc49d76a09fe4e93ffdbbfb9546ffdbb1195afd51b203b778153d01.

SHA256 hash:	b57eba268dc49d76a09fe4e93ffdbbfb9546ffdbb1195afd51b203b778153d01
File size:	442'880 bytes
File download:	Original Unpacked
MIME type:	application/x-dosexec
MD5 hash:	843a7ad161f3f75d28536cb2d70aa590
SHA1 hash:	7c633ebc20f1b1df370d1943c46ece8ea50360c3
SHA3-384 hash:	c6318a2dfa8c1a6c9088042f8100647905ad2153a2189af75bad7895b8c689f393044b96f46a22b6674f1e9acd06a03f
First seen:	2026-04-27 15:02:06 UTC
Last seen:	Never
Sightings:	1
imphash :	f34d5f2d4577ed6d9ceec516c1f5a744 Create hunting rule
ssdeep :	12288:RaXJ3Q5kKLcF7vqX+bJuVPhx+ItYIKkGk:RaXF4kKgpSX+bsVPj+MYI5
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	454151090d114541 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	pe_imphash Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-27 15:02:06 UTC Static: 5 Unpacker: 0 ClamAV: 0