YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde.

Scan Results


SHA256 hash: db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde
File size:163'840 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: eb5f621fc1d42bce616e5525e9cf4e0e
SHA1 hash: 00b149d42841f2a446e2aa4e7a520ef4762bbf43
SHA3-384 hash: 34e5009ba616cfada9e618cd0222e5e67b7a456eb4222978f054187033758f5605a14cd776a532de540d33ccac32fc15
First seen:2023-01-25 09:40:03 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 3072:ZWubjRwzYZuR23pH2JPd/ydETl6uVsecZhh:/zNAPdcETie0
TLSH : T188F35C1072C0C8B6FA6619716860CB64562FF7F34B398ED763B4943919F85E00639EBE
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:3e40ffa4-9c94-11ed-98c2-42010aa4000b
File name:f20000.document2092229407.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:PUA.Win.Packer.UpxProtector-1

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:cobalt_strike_tmp01925d3f
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.