YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash d6d4e4092d26b450c58318798b198b86c25ff4e4ccdea0a77318024fe0af0517.
Scan Results
| SHA256 hash: | d6d4e4092d26b450c58318798b198b86c25ff4e4ccdea0a77318024fe0af0517 | |
|---|---|---|
| File size: | 285'608 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | b4291614898fff032fa7cdf9d80db36d | |
| SHA1 hash: | b96aa2ff8716ab26c8394ed5d50475f07720ea4b | |
| SHA3-384 hash: | 3d030a270f24772213eeec7acbc169a1871dce73541a6906aa499d638df4e423e62cff9f340418bdc5f03aaffcd41a20 | |
| First seen: | 2022-03-05 21:40:20 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | n/a | |
| ssdeep : | n/a | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | db56e5da-9ccc-11ec-9950-42010aa4000b | |
|---|---|---|
| File name: | b4291614898fff032fa7cdf9d80db36d | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | HKTL_NET_GUID_SharpKatz |
|---|---|
| Author: | Arnim Rupp |
| Description: | Detects c# red/black-team tools via typelibguid |
| Reference: | https://github.com/b4rtik/SharpKatz |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | INDICATOR_EXE_Packed_Fody |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables manipulated with Fody |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_TOOL_EXP_SeriousSAM02 |
|---|---|
| Author: | ditekSHen |
| Description: | Detect tool variants potentially exploiting SeriousSAM / HiveNightmare CVE-2021-36934 |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_TOOL_PWS_Mimikatz |
|---|---|
| Author: | ditekSHen |
| Description: | Detects Mimikatz |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | Mimikatz_Gen_Strings |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Mimikatz by using some special strings |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | Mimikatz_Gen_Strings_RID2F19 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Mimikatz by using some special strings |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
| Rule name: | Mimikatz_Generic |
|---|---|
| Author: | Still |
| Description: | attempts to match all variants of Mimikatz |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Mimikatz_Strings |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Mimikatz strings |
| Reference: | not set |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | Mimikatz_Strings_RID2DA0 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects Mimikatz strings |
| Reference: | not set |
| TLP: | TLP:WHITE |
| Rule name: | pe_imphash |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Truncated_win10_x64_NativeSysCall |
|---|---|
| Author: | SBousseaden |
| Description: | hunt of at least 3 occurences of truncated win10 x64 NativeSyscall |
| TLP: | TLP:WHITE |
| Repository: | sbousseaden |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter