YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash c4801636bdbd038251aaa7e485b7630e1feacb069974c245cca7e7c8fa533401.

Scan Results


SHA256 hash: c4801636bdbd038251aaa7e485b7630e1feacb069974c245cca7e7c8fa533401
File size:56'672 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 103bf58671ac00533cfea1ccb5b54451
SHA1 hash: cd5ede839d1ce6ecc02f023b52d1d954f4113879
SHA3-384 hash: e9eb323a930f712cd6aeee32fefbb37586e3a46527da99e72f941d89b36103a52ea65296013e7fcbf03a99c2b5e2f3da
First seen:2022-11-24 19:48:55 UTC
Last seen:Never
Sightings:1
imphash : 0c144496adf6d6951a8195019d714846
ssdeep : 1536:R+vBHyPuWU0ucXDveteBM2mlmo7Tsd5QD:WHyPuWUpcS4gsd5QD
TLSH : T156435C47F64600F7C43A0B311897977786F6AF3042ABA14CAB497F195C36179B22EAC7
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:07974f07-6c31-11ed-a71a-42010aa4000b
File name:4072a0.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Downloader.2644-1
Signature:Win.Downloader.2666-1
Signature:Win.Downloader.2667-1
Signature:Win.Downloader.3206-1

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:SUSP_XORed_URL_in_EXE
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
TLP:TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.