YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572
.
Scan Results
SHA256 hash: | bb41eab30d255fa080c4d7c4be72ac9cffe38d2783c4d7af74b5ad61f599f572 | |
---|---|---|
File size: | 3'732'881 bytes | |
File download: | Original | |
MIME type: | application/x-dosexec | |
MD5 hash: | cc73388544e5275a1368d317711fca21 | |
SHA1 hash: | 4ab4a57c5091231af8c29b408ff44d4277656e18 | |
SHA3-384 hash: | 86c780544721b94b8041ffbef7b2fc0185ed308736bc85952dff6ed001855e9910f3b6b8a4c026bd90d8556c926103d6 | |
First seen: | 2023-01-25 09:29:31 UTC | |
Last seen: | Never | |
Sightings: | 1 | |
imphash : | a8f69eb2cf9f30ea96961c86b4347282 | |
ssdeep : | 49152:edfZC0mJTGefIub1NxyYtH9zbKsUmjtcdPGgIwPUeXXw/CP4r:edfZcwgVb1+Y3zbKsUmjtc8ws/6U | |
TLSH : | T1AF06D0187AC54433D1E10E331A66569BDBB6BEB6AE31E64A32DC724C0F337C84A64357 | |
telfhash : | n/a | |
gimphash : | n/a | |
dhash icon : | n/a |
Tasks
You can browse the 10 most recent tasks associated with this file blow.
Task Information
Task ID: | c5b58cbf-9c92-11ed-98c2-42010aa4000b | |
---|---|---|
File name: | cc73388544e5275a1368d317711fca21 | |
Task parameters: | ClamAV scan: | True |
Unpack: | False | |
Share file: | True |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
Signature: | Win.Malware.Sivis-6737728-0 |
---|
Signature: | Win.Malware.Sivis-6838221-0 |
---|
Signature: | Win.Trojan.Agent-6943819-1 |
---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: | Imphash_Malware_2_TA17_293A |
---|---|
Author: | Florian Roth |
Description: | Detects malware based on Imphash of malware used in TA17-293A |
Reference: | https://www.us-cert.gov/ncas/alerts/TA17-293A |
TLP: | TLP:WHITE |
Rule name: | Imphash_Malware_2_TA17_293A_RID302E |
---|---|
Author: | Florian Roth |
Description: | Detects malware based on Imphash of malware used in TA17-293A |
Reference: | https://www.us-cert.gov/ncas/alerts/TA17-293A |
TLP: | TLP:WHITE |
Rule name: | meth_get_eip |
---|---|
Author: | Willi Ballenthin |
TLP: | TLP:WHITE |
Repository: | yaraify |
Rule name: | pdb_YARAify |
---|---|
Author: | @wowabiy314 |
Description: | PDB |
TLP: | TLP:WHITE |
Repository: | yaraify |
Rule name: | TeslaCryptPackedMalware |
---|---|
TLP: | TLP:WHITE |
Repository: | malware-bazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter