YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash fa12665566e6ea47a09bb73c1ae4fae27b0eac25e95dd726c25c3a0ebf9241e9.

Scan Results


SHA256 hash: fa12665566e6ea47a09bb73c1ae4fae27b0eac25e95dd726c25c3a0ebf9241e9
File size:326'502 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 43d570890ddf397a90759ce8f9dd7696
SHA1 hash: 85cfb20ce1b24a6c948ccd51b47a034f6eda5f69
SHA3-384 hash: 2e2b23c7e15f3db00312d4e74f7f56a8b2f158eb1148b536d605a00df5d64ec62afee7407b069de6a94fc48cac3a6815
First seen:2022-11-24 19:48:48 UTC
Last seen:2022-11-25 06:36:32 UTC
Sightings:2
imphash : 2126fd947b23c689cf2a3fa4e77b5382
ssdeep : 6144:TY+32WWluqvHpVmXWEjFJRWci+WUd200r+UU5EYCTvaBju45:8nWwvHpVmXpjJIUd2+Uusvalx
TLSH : T137643A3AEB20B126FA478C7A78394E1615283C3562119E4BB3926B4D34766C3F9F474F
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:800cf823-6c8b-11ed-a71a-42010aa4000b
File name:400000.service.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.

Task Information


Task ID:03accb8c-6c31-11ed-a71a-42010aa4000b
File name:400000.service.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.