Task Information
Task ID: 2ab1bd2d-7375-11f1-ad5e-42010aa4000b
File name: 75350000.advapi32.dll
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: CP_Script_Inject_Detector
Alert
Author: DiegoAnalytics
Description: Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerCheck__QueryInfo
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerHiding__Thread
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DetectEncryptedVariants
Alert
Author: Zinyth
Description: Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP: TLP:WHITE
Repository: YARAify
Rule name: SharedStrings
Alert
Author: Katie Kleemola
Description: Internal names found in LURK0/CCTV0 samples
TLP: TLP:WHITE
Rule name: VECT_Ransomware
Alert
Author: Mustafa Bakhit
Description: Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP: TLP:WHITE
Repository: YARAify
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter