YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash d20331bd7702b9a0164608ca8cd67ebae579ab7bde52f661f760608a93c9b7e4.

Scan Results

SHA256 hash: d20331bd7702b9a0164608ca8cd67ebae579ab7bde52f661f760608a93c9b7e4
File size:502'377 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 28da8b2b9efd1f058b65ecf64176131f
SHA1 hash: 3aed7a29688f6112cbced98de1e2fba75c14f083
SHA3-384 hash: 22565c78dbd78f1174e760b9e70fac53072772bb78fdb0aa6898b0550526cf208ef5d5c14ccd02484eb698af22176cbf
First seen:2022-11-24 19:41:01 UTC
Last seen:Never
Sightings:1
imphash : dde7287a74094b5bfb3b4e4bc91d4b61
Create hunting rule
ssdeep : 3072:WPgp/CPRvjxCb5NgXDY7uSlkJcUa7kYQTcqW2NdQQGH/UDhSCUc4aqTBIVsNGfrq:K/9KgzelZNQSBQGH/CSpWqT+
TLSH : T1A1B4D0113AA3BBB3D452C53548578A7146F6BC138725D183F7D52F8F5EB22E38A26382
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:ece4abc3-6c2f-11ed-a71a-42010aa4000b
File name:400000.82229004-4490-4363-a302-84be9d6d97bb.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:INDICATOR_EXE_Packed_MPress
Create hunting rule
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.