YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f2a31f841ac5205cd04fbb24e847abe95ac6c5ebc497971c3defe554fb43ac4e.

Scan Results


SHA256 hash: f2a31f841ac5205cd04fbb24e847abe95ac6c5ebc497971c3defe554fb43ac4e
File size:2'097'336 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: 7a662a9a4d90e7a0121396c050309267
SHA1 hash: ac9bada39f715886e36f92babe37be8431ccb8ae
SHA3-384 hash: 9e1b1496a011c8af805893605430a9f8888ba52b4f6def022daade674de3a6417e3d7a18526d748b5cbaab1a6ae4654e
First seen:2026-07-19 11:09:25 UTC
Last seen:Never
Sightings:1
imphash : 5bbd0d43bdfcd464ffeac3716c0c7cd6
ssdeep : 49152:wUBIiIygP+2AGmEY+bAXqfMKXTw0ctMZ5ILIYUdt0yhsgAcr:et3FPbKqfMVMZ5ILIag1
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : a22b94cc30982db2

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:4d50edb1-8362-11f1-ad5e-42010aa4000b
File name:7a662a9a4d90e7a0121396c050309267
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:certum_issuer
Author:Certum
Description:Looks for files signed with certificate issued by Certum
TLP:TLP:WHITE
Repository:YARAify
Rule name:Check_OutputDebugStringA_iat
TLP:TLP:WHITE
Repository:
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerCheck__QueryInfo
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:DebuggerHiding__Active
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:detect_certum_issuer
Author:Certum
Description:Looks for files signed with certificate issued by Certum
TLP:TLP:WHITE
Repository:YARAify
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:Indicator_MiniDumpWriteDump
Author:Obscurity Labs LLC
Description:Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
TLP:TLP:WHITE
Rule name:PE_Digital_Certificate
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify
Rule name:TH_APT_EquationGroup_2026_CYFARE
Author:CYFARE
Description:Equation Group (G0020) APT malware detection - covers EquationDrug, GrayFish, DoubleFantasy, TripleFantasy, Fanny, GROK, nls_933w HDD firmware module, and Shadow Brokers tooling
Reference:https://cyfare.net/
TLP:TLP:WHITE
Repository:YARAify
Rule name:virustotal
Author:Tracel
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.