Task Information
Task ID: ea2848c5-8363-11f1-ad5e-42010aa4000b
File name: 5c0dbe73824a10796c6ccf84e67b47cf
Task parameters: ClamAV scan: True
Unpack: False
Share file: True
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: classified
Author: classified
Description: classified
TLP : TLP:AMBER
Rule name: CP_Script_Inject_Detector
Alert
Author: DiegoAnalytics
Description: Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP: TLP:WHITE
Repository: YARAify
Rule name: DebuggerCheck__API
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: DebuggerCheck__MemoryWorkingSet
Alert
Author: Fernando Mercês
Description: Anti-debug process memory working set size check
Reference: http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
TLP: TLP:WHITE
Rule name: MD5_Constants
Alert
Author: phoul (@phoul)
Description: Look for MD5 constants
TLP: TLP:WHITE
Repository:
Rule name: NET
Alert
Author: malware-lu
TLP: TLP:WHITE
Repository:
Rule name: reverse_http
Alert
Author: CD_R0M_
Description: Identify strings with http reversed (ptth)
TLP: TLP:WHITE
Repository: CD-R0M
Rule name: RIPEMD160_Constants
Alert
Author: phoul (@phoul)
Description: Look for RIPEMD-160 constants
TLP: TLP:WHITE
Repository:
Rule name: SEH__vectored
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Rule name: SHA1_Constants
Alert
Author: phoul (@phoul)
Description: Look for SHA1 constants
TLP: TLP:WHITE
Repository:
Rule name: skip20_sqllang_hook
Alert
Author: Mathieu Tartare <mathieu.tartare@eset.com>
Description: YARA rule to detect if a sqllang.dll version is targeted by skip-2.0. Each byte pattern corresponds to a function hooked by skip-2.0. If $1_0 or $1_1 match, it is probably targeted as it corresponds to the hook responsible for bypassing the authentication.
Reference: https://www.welivesecurity.com/
TLP: TLP:WHITE
Repository:
Rule name: TA_Printables_Cluster
Alert
Author: frexna
Description: Detects Python RAT, Pyramid, Fernet, zlib/base64 and pythonmemorymodule artifacts
TLP: TLP:WHITE
Repository: YARAify
Rule name: test_Malaysia
Alert
Author: rectifyq
Description: Detects file containing malaysia string
TLP: TLP:WHITE
Repository: YARAify
Rule name: ThreadControl__Context
Alert
Reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP: TLP:WHITE
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter