YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f745d1b5eddc3c8435abeac78dc11144bfa5d61bd06f0671797b2e02bdd18034.

SHA256 hash:	f745d1b5eddc3c8435abeac78dc11144bfa5d61bd06f0671797b2e02bdd18034
File size:	14'189'024 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	1cc311d593eb077165c5af9c620b5c4c
SHA1 hash:	60c37dc385eb3b1a109cc2349dca751d1aec17f4
SHA3-384 hash:	2a1878b77f6b9f41c2d29c1176aebffb36f9055d1480e4e0b894c7a2618f2ca3e1efe23dab98c26d1404fc7b25afb499
First seen:	2026-04-12 16:57:27 UTC
Last seen:	Never
Sightings:	1
imphash :	3c10d2aa2614755ccdb513472bf0a6a1 Create hunting rule
ssdeep :	196608:2DksDkcDksDkBP8L9vwOrjDksDkcDksDkBP8L9vwOr:2DXDLDXDd5vVDXDLDXDd5v
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender Create hunting rule
Author:	ditekSHen
Description:	Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	meth_stackstrings Create hunting rule
Author:	Willi Ballenthin
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	NETDLLMicrosoft Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	skip20_sqllang_hook Create hunting rule
Author:	Mathieu Tartare <mathieu.tartare@eset.com>
Description:	YARA rule to detect if a sqllang.dll version is targeted by skip-2.0. Each byte pattern corresponds to a function hooked by skip-2.0. If $1_0 or $1_1 match, it is probably targeted as it corresponds to the hook responsible for bypassing the authentication.
Reference:	https://www.welivesecurity.com/
TLP:	TLP:WHITE
Repository:

Rule name:	Sus_All_Windows_PE_Malware Create hunting rule
Author:	DiegoAnalytics
Description:	Detects Windows PE malware of all types, avoids non-executables like .html
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	test_rule_vldslv Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-12 16:57:27 UTC Static: 16 Unpacker: 0 ClamAV: 0