YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde.
Scan Results
| SHA256 hash: | db549323d3fba6a9baa4bd6a141014cd63c12751a1efb6371f4c38fb2212ccde | |
|---|---|---|
| File size: | 163'840 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | eb5f621fc1d42bce616e5525e9cf4e0e | |
| SHA1 hash: | 00b149d42841f2a446e2aa4e7a520ef4762bbf43 | |
| SHA3-384 hash: | 34e5009ba616cfada9e618cd0222e5e67b7a456eb4222978f054187033758f5605a14cd776a532de540d33ccac32fc15 | |
| First seen: | 2023-01-25 09:40:03 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | n/a | |
| ssdeep : | 3072:ZWubjRwzYZuR23pH2JPd/ydETl6uVsecZhh:/zNAPdcETie0 | |
| TLSH : | T188F35C1072C0C8B6FA6619716860CB64562FF7F34B398ED763B4943919F85E00639EBE | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
You can browse the 10 most recent tasks associated with this file blow.
Task Information
| Task ID: | 3e40ffa4-9c94-11ed-98c2-42010aa4000b | |
|---|---|---|
| File name: | f20000.document2092229407.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.UpxProtector-1 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | cobalt_strike_tmp01925d3f |
|---|---|
| Author: | The DFIR Report |
| Description: | files - file ~tmp01925d3f.exe |
| Reference: | https://thedfirreport.com |
| TLP: | TLP:WHITE |
| Repository: | yaraify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter