YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f5a35b0fd9acd5fe5a89f5860f70d49fe14a147a99d240cd5da8e7bf37aee98c.

Scan Results

SHA256 hash: f5a35b0fd9acd5fe5a89f5860f70d49fe14a147a99d240cd5da8e7bf37aee98c
File size:322'584 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 1b9720b75cbef6409bb7d964e4fdc41e
SHA1 hash: 491d6d56bc8f78c0d712530a197a44e650dbcbc6
SHA3-384 hash: 2e487ce708ef6b5b5ac0069022bbd750c9c483e210505a8602dbacf47762ced94dc7624af0611c5d622c9709e608daed
First seen:2026-04-02 15:50:36 UTC
Last seen:Never
Sightings:1
imphash : a8286b574ff850cd002ea6282d15aa40
Create hunting rule
ssdeep : 6144:yrabUzkuvcBYC47l2x1V/GgGyjAj43W9jXdpcDfUEA1KtmsY:yrDkuveY3SV/dK4gjrcV7tK
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 92e0a496a2cada72
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:b0add4a0-2eab-11f1-b47f-42010aa4000b
File name:1b9720b75cbef6409bb7d964e4fdc41e
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.InstallRex-1.UNOFFICIAL
Create hunting rule
Signature:Win.Adware.Agent-1388696
Create hunting rule
Signature:Win.Adware.Agent-1388697
Create hunting rule
Signature:Win.Trojan.Antifw-173
Create hunting rule
Signature:Win.Trojan.Antifw-4
Create hunting rule
Signature:Win.Trojan.Installerex-249
Create hunting rule
Signature:Win.Trojan.Installerex-250
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
TLP:TLP:WHITE
Repository:
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:PUP_InstallRex_AntiFWb
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Malware InstallRex / AntiFW
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.