YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash c174084d3b31e510019b2c75e6c3ef5c8499d183e063f80db7d5c925cd9e6093.

Scan Results

SHA256 hash: c174084d3b31e510019b2c75e6c3ef5c8499d183e063f80db7d5c925cd9e6093
File size:188'416 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 08c244f5d898eece2b6e5c7ea058dc85
SHA1 hash: c25578cf1a1f7d45567a58d469e6864c47928ea1
SHA3-384 hash: 2a581a0659a3317cc2ec639428562d2b90a14648a07bed6ae019ede0155d60793042786e8efc0cc5d21a261bca1021bc
First seen:2026-03-03 00:16:04 UTC
Last seen:Never
Sightings:1
imphash : 2a3d1c0b686559f9fac7c7b85c61daf6
Create hunting rule
ssdeep : 3072:YEFkbrbxEO6XsTEe66VgCT/i8LP6rY9d7s2PaLBE34DQuDVrRc5t4x:YfrCO4WJpgcl6U9xbaBEE/9RGG
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:2ab657bc-1696-11f1-b47f-42010aa4000b
File name:400000.160dea808ba4c82641b28b268f7d45cb.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Trojan.Gamarue-9832405-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:INDICATOR_EXE_Packed_aPLib
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with aPLib.
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Shifu
Create hunting rule
Author:McAfee Labs
Reference:https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/
TLP:TLP:WHITE
Repository:advanced-threat-research
Rule name:TH_Generic_MassHunt_Win_Malware_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Windows malware mass-hunt rule - 2025
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.