YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash d10b4af460171c297b8a4fad7089cad1d23af0e86ef7b3e1baa1c8fb524d79b0.

Scan Results

SHA256 hash: d10b4af460171c297b8a4fad7089cad1d23af0e86ef7b3e1baa1c8fb524d79b0
File size:7'168 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 043da30b0eec8d4fd197d0b48754def6
SHA1 hash: c2594fa3319c6769e3f4dde66f7261ebb0ca4f5e
SHA3-384 hash: 095b89632eaa336e4a128ce030193f3b792ddfb751c87cf00329774f00b960166c59630d50cd0ccf18c98418de3c0159
First seen:2026-04-02 16:01:41 UTC
Last seen:Never
Sightings:1
imphash : b4c6fff030479aa3b12625be67bf4914
Create hunting rule
ssdeep : 24:eFGStrJ9u0/6PIaOnZdEBQAVFcNq9KLqUeNDMSCz9V1ilg9HehJm+ipmB:is06mEBQps90SD9CTolgJehMSB
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:3d1824df-2ead-11f1-b47f-42010aa4000b
File name:043da30b0eec8d4fd197d0b48754def6
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Crypt_r.AKH.14258.12458.UNOFFICIAL
Create hunting rule
Signature:Win.Malware.Metasploit-10022275-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:MAL_Malware_Imphash_Mar23_1
Create hunting rule
Author:Arnim Rupp
Description:Detects malware by known bad imphash or rich_pe_header_hash
Reference:https://yaraify.abuse.ch/statistics/
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:metasploit_rev_tcp_64
Create hunting rule
Author:Javier Rascon
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Description:classified
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:TLP:WHITE
Repository:YARAify
Rule name:Windows_Trojan_Metasploit_1ca1e384
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_91bc5d7d
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Author:Elastic Security
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.