YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde
.
Scan Results
SHA256 hash: | db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde | |
---|---|---|
File size: | 163'840 bytes | |
File download: | Original | |
MIME type: | application/x-dosexec | |
MD5 hash: | eb5f621fc1d42bce616e5525e9cf4e0e | |
SHA1 hash: | 00b149d42841f2a446e2aa4e7a520ef4762bbf43 | |
SHA3-384 hash: | 34e5009ba616cfada9e618cd0222e5e67b7a456eb4222978f054187033758f5605a14cd776a532de540d33ccac32fc15 | |
First seen: | 2023-01-25 09:40:03 UTC | |
Last seen: | Never | |
Sightings: | 1 | |
imphash : | n/a | |
ssdeep : | 3072:ZWubjRwzYZuR23pH2JPd/ydETl6uVsecZhh:/zNAPdcETie0 | |
TLSH : | T188F35C1072C0C8B6FA6619716860CB64562FF7F34B398ED763B4943919F85E00639EBE | |
telfhash : | n/a | |
gimphash : | n/a | |
dhash icon : | n/a |
Tasks
You can browse the 10 most recent tasks associated with this file blow.
Task Information
Task ID: | 3e40ffa4-9c94-11ed-98c2-42010aa4000b | |
---|---|---|
File name: | f20000.document2092229407.exe | |
Task parameters: | ClamAV scan: | True |
Unpack: | False | |
Share file: | True |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
Signature: | PUA.Win.Packer.UpxProtector-1 |
---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
Rule name: | cobalt_strike_tmp01925d3f |
---|---|
Author: | The DFIR Report |
Description: | files - file ~tmp01925d3f.exe |
Reference: | https://thedfirreport.com |
TLP: | TLP:WHITE |
Repository: | yaraify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter