YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572.
Scan Results
| SHA256 hash: | bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572 | |
|---|---|---|
| File size: | 3'732'881 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | cc73388544e5275a1368d317711fca21 | |
| SHA1 hash: | 4ab4a57c5091231af8c29b408ff44d4277656e18 | |
| SHA3-384 hash: | 86c780544721b94b8041ffbef7b2fc0185ed308736bc85952dff6ed001855e9910f3b6b8a4c026bd90d8556c926103d6 | |
| First seen: | 2023-01-25 09:29:31 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | a8f69eb2cf9f30ea96961c86b4347282 | |
| ssdeep : | 49152:edfZC0mJTGefIub1NxyYtH9zbKsUmjtcdPGgIwPUeXXw/CP4r:edfZcwgVb1+Y3zbKsUmjtc8ws/6U | |
| TLSH : | T1AF06D0187AC54433D1E10E331A66569BDBB6BEB6AE31E64A32DC724C0F337C84A64357 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | c5b58cbf-9c92-11ed-98c2-42010aa4000b | |
|---|---|---|
| File name: | cc73388544e5275a1368d317711fca21 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Sivis-6737728-0 |
|---|
| Signature: | Win.Malware.Sivis-6838221-0 |
|---|
| Signature: | Win.Trojan.Agent-6943819-1 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Imphash_Malware_2_TA17_293A |
|---|---|
| Author: | Florian Roth |
| Description: | Detects malware based on Imphash of malware used in TA17-293A |
| Reference: | https://www.us-cert.gov/ncas/alerts/TA17-293A |
| TLP: | TLP:WHITE |
| Rule name: | Imphash_Malware_2_TA17_293A_RID302E |
|---|---|
| Author: | Florian Roth |
| Description: | Detects malware based on Imphash of malware used in TA17-293A |
| Reference: | https://www.us-cert.gov/ncas/alerts/TA17-293A |
| TLP: | TLP:WHITE |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | pdb_YARAify |
|---|---|
| Author: | @wowabiy314 |
| Description: | PDB |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | TeslaCryptPackedMalware |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter