YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash dc5e53ea6986b04a173428c03b10adf898e519ac5f220fdcc2c2be7b0239bb5b.
Scan Results
| SHA256 hash: | dc5e53ea6986b04a173428c03b10adf898e519ac5f220fdcc2c2be7b0239bb5b | |
|---|---|---|
| File size: | 1'307'136 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 099fef4483ebc0138d575a27e30ce0c0 | |
| SHA1 hash: | 256a1b164d812ee1e9378fa67317f9fe80e2c27b | |
| SHA3-384 hash: | 4eb3680ac3ae5f2a8d4e434f42c69d919191fcbd0e2fef0d073a888964e84fbd6e4c1a1843423955c91df44faf641f72 | |
| First seen: | 2025-11-20 23:50:19 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 8d5844fd312e4b4de80e5a985c8df3ac | |
| ssdeep : | 12288:vt5/iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:vL/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | abd3258e-c66b-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | 099fef4483ebc0138d575a27e30ce0c0 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.Win32.Expiro-2.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | TH_Win_ETW_Bypass_2025_CYFARE |
|---|---|
| Author: | CYFARE |
| Description: | Windows ETW Bypass Detection Rule - 2025 |
| Reference: | https://cyfare.net/ |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter