YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572.

Scan Results


SHA256 hash: bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572
File size:3'732'881 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: cc73388544e5275a1368d317711fca21
SHA1 hash: 4ab4a57c5091231af8c29b408ff44d4277656e18
SHA3-384 hash: 86c780544721b94b8041ffbef7b2fc0185ed308736bc85952dff6ed001855e9910f3b6b8a4c026bd90d8556c926103d6
First seen:2023-01-25 09:29:31 UTC
Last seen:Never
Sightings:1
imphash : a8f69eb2cf9f30ea96961c86b4347282
ssdeep : 49152:edfZC0mJTGefIub1NxyYtH9zbKsUmjtcdPGgIwPUeXXw/CP4r:edfZcwgVb1+Y3zbKsUmjtc8ws/6U
TLSH : T1AF06D0187AC54433D1E10E331A66569BDBB6BEB6AE31E64A32DC724C0F337C84A64357
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:c5b58cbf-9c92-11ed-98c2-42010aa4000b
File name:cc73388544e5275a1368d317711fca21
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Sivis-6737728-0
Signature:Win.Malware.Sivis-6838221-0
Signature:Win.Trojan.Agent-6943819-1

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Imphash_Malware_2_TA17_293A
Author:Florian Roth
Description:Detects malware based on Imphash of malware used in TA17-293A
Reference:https://www.us-cert.gov/ncas/alerts/TA17-293A
TLP:TLP:WHITE
Rule name:Imphash_Malware_2_TA17_293A_RID302E
Author:Florian Roth
Description:Detects malware based on Imphash of malware used in TA17-293A
Reference:https://www.us-cert.gov/ncas/alerts/TA17-293A
TLP:TLP:WHITE
Rule name:meth_get_eip
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:yaraify
Rule name:pdb_YARAify
Author:@wowabiy314
Description:PDB
TLP:TLP:WHITE
Repository:yaraify
Rule name:TeslaCryptPackedMalware
TLP:TLP:WHITE
Repository:malware-bazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.