YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ceef914dd036aadb4228637206b85a2bbd526d726320552d3b72dc802b3db5eb.

Scan Results


SHA256 hash: ceef914dd036aadb4228637206b85a2bbd526d726320552d3b72dc802b3db5eb
File size:2'744'320 bytes
File download: Original
MIME type:application/octet-stream
MD5 hash: 85074b02dc779f3672686a7d01d09a6e
SHA1 hash: c262c72d560bf3b7e3a1171489df5adf4723e128
SHA3-384 hash: e783cd801bf9f50ad1d964ba0a0c2517187d67580fb703a59662b9aa43378396deb7f454fc603ef156df6616e5223bbc
First seen:2026-06-29 04:46:58 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 12288:ep9nTCAsdBj/zwlLCVKOV3L4PaBJ+zUlkd7lkEj2KZRWi:s9TCAqV/zwlLCVhjaUlkd7lkEj1Zj
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:9009b413-7375-11f1-ad5e-42010aa4000b
File name:44a0000.shc
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:Disable_Defender
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:NET
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.