YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash b924a761262484ce372cfbc03a9c4e4f80070f34065c3c9b9c89521effa84224.

Scan Results

SHA256 hash: b924a761262484ce372cfbc03a9c4e4f80070f34065c3c9b9c89521effa84224
File size:172'036 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 0c5ec06282726a32af91157b7dca57a8
SHA1 hash: 6c91da5b19fe080dbad7c111b5b20d7b3d956019
SHA3-384 hash: 798a96f82f821aafda0d1c7a3988046a40f15f0360fe43a13fa3b9c06b9dbfaa527089a46eba258300fc6d42962a9f21
First seen:2025-11-21 02:57:20 UTC
Last seen:Never
Sightings:1
imphash : 46d622f7b3a9583c2976072cd46d3373
Create hunting rule
ssdeep : 1536:WaLER3eBIkFlVOl3itEyTplqMkHFdV9dLIi4E0Uxtf9rtXRu7xXIZ4nouy89nrn0:7KzlSRqhn9dLFdTXRu7xXIeout9nr7o
TLSH : T180F39D117842C933D04699F3081AE361AA3D6B306AB95583F7D92BBA4FB17D0793D30B
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:cc51f894-c685-11f0-adeb-42010aa4000b
File name:0c5ec06282726a32af91157b7dca57a8
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Scar-9776391-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_URL_In_EXE
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:win_samsam_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
TLP:TLP:WHITE
Repository:Malpedia

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.