YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash f56eaaaf940cd4b43209d51593b173be53e8bae6c486f8b5f9f4598763de7ce1.
Scan Results
| SHA256 hash: | f56eaaaf940cd4b43209d51593b173be53e8bae6c486f8b5f9f4598763de7ce1 | |
|---|---|---|
| File size: | 2'585'992 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 9fca83d13bbc81f2f6ccc1b2a29a9a24 | |
| SHA1 hash: | b827df2521962a8b83c5b66f9df2fd71f6cd9b5b | |
| SHA3-384 hash: | 948496e63a4c3734545d6b294e55c8823e76fcda7d669c99b982da1c735e60b9dcfba5fbc1f580aa4cd309d307e92aa4 | |
| First seen: | 2022-07-16 17:53:52 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | cb650cc1fbb9da3e48a0478d762ef475 | |
| ssdeep : | 24576:PnMbsfIomlMglmyCaFzbMhQ3DECwn6idlE/ycQN5WhHsgyDsWQiQT55QcJT2+I:0bsfsl9myCahMas2h2QT/2B | |
| TLSH : | T197C52813A7074EA9D0DA02F796552BB9B1FC3C20E79107B7B7A1D9F708D3A8CB925940 | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 41455320-0530-11ed-9250-42010aa4000b | |
|---|---|---|
| File name: | 9fca83d13bbc81f2f6ccc1b2a29a9a24 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | PUA.Win.Packer.Alloy-5 |
|---|
| Signature: | PUA.Win.Packer.Aspack-30 |
|---|
| Signature: | PUA.Win.Packer.Aspack-33 |
|---|
| Signature: | PUA.Win.Packer.Asprotect-3 |
|---|
| Signature: | PUA.Win.Packer.Bjfnt-4 |
|---|
| Signature: | PUA.Win.Packer.Bjfnt-5 |
|---|
| Signature: | PUA.Win.Packer.BladeJoiner-1 |
|---|
| Signature: | PUA.Win.Packer.BorlandCpp-9 |
|---|
| Signature: | PUA.Win.Packer.BorlandDelphiSe-1 |
|---|
| Signature: | PUA.Win.Packer.Chinaprotect-1 |
|---|
| Signature: | PUA.Win.Packer.CrunchPe-1 |
|---|
| Signature: | PUA.Win.Packer.CrunchPe-2 |
|---|
| Signature: | PUA.Win.Packer.CrunchPe-4 |
|---|
| Signature: | PUA.Win.Packer.Crypkey-2 |
|---|
| Signature: | PUA.Win.Packer.Crypkey-4 |
|---|
| Signature: | PUA.Win.Packer.Crypwrap-1 |
|---|
| Signature: | PUA.Win.Packer.DaemonProtect-1 |
|---|
| Signature: | PUA.Win.Packer.Dbpe-1 |
|---|
| Signature: | PUA.Win.Packer.Dbpe-2 |
|---|
| Signature: | PUA.Win.Packer.Dbpe-3 |
|---|
| Signature: | PUA.Win.Packer.Dbpe-4 |
|---|
| Signature: | PUA.Win.Packer.Dxpack-2 |
|---|
| Signature: | PUA.Win.Packer.Exe32pack-6 |
|---|
| Signature: | PUA.Win.Packer.Exe32pack-7 |
|---|
| Signature: | PUA.Win.Packer.Exe32pack-8 |
|---|
| Signature: | PUA.Win.Packer.Exe32pack-9 |
|---|
| Signature: | PUA.Win.Packer.Execryptor-35 |
|---|
| Signature: | PUA.Win.Packer.Execryptor-36 |
|---|
| Signature: | PUA.Win.Packer.ExecryptorXXXX-1 |
|---|
| Signature: | PUA.Win.Packer.ExeShield-10 |
|---|
| Signature: | PUA.Win.Packer.ExeShield-11 |
|---|
| Signature: | PUA.Win.Packer.ExeShield-12 |
|---|
| Signature: | PUA.Win.Packer.ExesmasherVxX-1 |
|---|
| Signature: | PUA.Win.Packer.Expressor-24 |
|---|
| Signature: | PUA.Win.Packer.Expressor-25 |
|---|
| Signature: | PUA.Win.Packer.Expressor-30 |
|---|
| Signature: | PUA.Win.Packer.Expressor-31 |
|---|
| Signature: | PUA.Win.Packer.Fsg-91 |
|---|
| Signature: | PUA.Win.Packer.HardlockDongle-1 |
|---|
| Signature: | PUA.Win.Packer.JdpackJdprotect-1 |
|---|
| Signature: | PUA.Win.Packer.KgcryptVxX-1 |
|---|
| Signature: | PUA.Win.Packer.KgcryptVxX-2 |
|---|
| Signature: | PUA.Win.Packer.Krypton-1 |
|---|
| Signature: | PUA.Win.Packer.Krypton-2 |
|---|
| Signature: | PUA.Win.Packer.Krypton-5 |
|---|
| Signature: | PUA.Win.Packer.Krypton-7 |
|---|
| Signature: | PUA.Win.Packer.Kryptor-1 |
|---|
| Signature: | PUA.Win.Packer.Kryptor-2 |
|---|
| Signature: | PUA.Win.Packer.Mslrh-41 |
|---|
| Signature: | PUA.Win.Packer.Mslrh-49 |
|---|
| Signature: | PUA.Win.Packer.Mslrh-56 |
|---|
| Signature: | PUA.Win.Packer.Mslrh-7 |
|---|
| Signature: | PUA.Win.Packer.Mslrhv-1 |
|---|
| Signature: | PUA.Win.Packer.Nakedbind-1 |
|---|
| Signature: | PUA.Win.Packer.NameOfThePacker-1 |
|---|
| Signature: | PUA.Win.Packer.Noodlecrypt-1 |
|---|
| Signature: | PUA.Win.Packer.Noodlecrypt-2 |
|---|
| Signature: | PUA.Win.Packer.Noodlecrypt-3 |
|---|
| Signature: | PUA.Win.Packer.Obsidium-71 |
|---|
| Signature: | PUA.Win.Packer.Packman-6 |
|---|
| Signature: | PUA.Win.Packer.Packman-8 |
|---|
| Signature: | PUA.Win.Packer.Pcguard-1 |
|---|
| Signature: | PUA.Win.Packer.Pcguard-2 |
|---|
| Signature: | PUA.Win.Packer.PcGuard-3 |
|---|
| Signature: | PUA.Win.Packer.PcguardV305d-1 |
|---|
| Signature: | PUA.Win.Packer.Pe-5 |
|---|
| Signature: | PUA.Win.Packer.Pebundle-11 |
|---|
| Signature: | PUA.Win.Packer.Pebundle-14 |
|---|
| Signature: | PUA.Win.Packer.Pebundle-9 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-28 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-32 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-33 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-34 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-35 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-36 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-37 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-38 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-39 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-40 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-41 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-44 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-45 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-52 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-53 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-54 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-55 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-56 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-57 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-58 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-59 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-60 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-61 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-62 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-63 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-64 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-65 |
|---|
| Signature: | PUA.Win.Packer.Pecompact-73 |
|---|
| Signature: | PUA.Win.Packer.PeLockNt-2 |
|---|
| Signature: | PUA.Win.Packer.Pencrypt-3 |
|---|
| Signature: | PUA.Win.Packer.Penightmare-1 |
|---|
| Signature: | PUA.Win.Packer.PeProtect-2 |
|---|
| Signature: | PUA.Win.Packer.Pequake-5 |
|---|
| Signature: | PUA.Win.Packer.Pequake-6 |
|---|
| Signature: | PUA.Win.Packer.Pequake-7 |
|---|
| Signature: | PUA.Win.Packer.Peshield-2 |
|---|
| Signature: | PUA.Win.Packer.PeshieldBB-1 |
|---|
| Signature: | PUA.Win.Packer.PEtite-1 |
|---|
| Signature: | PUA.Win.Packer.PEtite-2 |
|---|
| Signature: | PUA.Win.Packer.Petite-25 |
|---|
| Signature: | PUA.Win.Packer.Petite-26 |
|---|
| Signature: | PUA.Win.Packer.Petite-30 |
|---|
| Signature: | PUA.Win.Packer.Petite-31 |
|---|
| Signature: | PUA.Win.Packer.ProtectionPlusV-1 |
|---|
| Signature: | PUA.Win.Packer.ProtectionPlusV-2 |
|---|
| Signature: | PUA.Win.Packer.Pseudosigner-77 |
|---|
| Signature: | PUA.Win.Packer.Pseudosigner-90 |
|---|
| Signature: | PUA.Win.Packer.Pseudosigner-95 |
|---|
| Signature: | PUA.Win.Packer.RodHighTech-1 |
|---|
| Signature: | PUA.Win.Packer.ShegerdDongle-1 |
|---|
| Signature: | PUA.Win.Packer.Shrinker-4 |
|---|
| Signature: | PUA.Win.Packer.Slvc0deprotecto-5 |
|---|
| Signature: | PUA.Win.Packer.Softcomp-1 |
|---|
| Signature: | PUA.Win.Packer.Softdefender-3 |
|---|
| Signature: | PUA.Win.Packer.SoftDefender-4 |
|---|
| Signature: | PUA.Win.Packer.SoftwareCompres-1 |
|---|
| Signature: | PUA.Win.Packer.SoftwareCompres-2 |
|---|
| Signature: | PUA.Win.Packer.SoftwareCompres-5 |
|---|
| Signature: | PUA.Win.Packer.SoftwareCompres-6 |
|---|
| Signature: | PUA.Win.Packer.SoftwareCompress-3 |
|---|
| Signature: | PUA.Win.Packer.Softwrap-1 |
|---|
| Signature: | PUA.Win.Packer.StonesPeEncrypt-6 |
|---|
| Signature: | PUA.Win.Packer.StonesPeEncrypt-8 |
|---|
| Signature: | PUA.Win.Packer.Upx-41 |
|---|
| Signature: | PUA.Win.Packer.Upx-44 |
|---|
| Signature: | PUA.Win.Packer.Upx-47 |
|---|
| Signature: | PUA.Win.Packer.Upx-49 |
|---|
| Signature: | PUA.Win.Packer.Upx-54 |
|---|
| Signature: | PUA.Win.Packer.UpxEclipseLayer-1 |
|---|
| Signature: | PUA.Win.Packer.VboxMte-1 |
|---|
| Signature: | PUA.Win.Packer.VirogenCrypt-1 |
|---|
| Signature: | PUA.Win.Packer.Winkript-5 |
|---|
| Signature: | PUA.Win.Packer.Y0dasCrypterMod-1 |
|---|
| Signature: | PUA.Win.Packer.Y0dasCryptor-1 |
|---|
| Signature: | PUA.Win.Packer.YodasProtector-31 |
|---|
| Signature: | PUA.Win.Packer.YodasProtector-33 |
|---|
| Signature: | PUA.Win.Packer.YodasProtector-34 |
|---|
| Signature: | PUA.Win.Packer.YodasProtector-36 |
|---|
| Signature: | PUA.Win.Trojan.Agent-37077 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | AutoIT_Compiled |
|---|---|
| Author: | @bartblaze |
| Description: | Identifies compiled AutoIT script (as EXE). |
| TLP: | TLP:WHITE |
| Repository: | bartblaze |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | meth_stackstrings |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | pdb_YARAify |
|---|---|
| Author: | @wowabiy314 |
| Description: | PDB |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter