YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash fd8b7e6bbd1d018b65641f8007e436416708f3396740d091786c85644333110d.

Scan Results


SHA256 hash: fd8b7e6bbd1d018b65641f8007e436416708f3396740d091786c85644333110d
File size:159'744 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: bc1f3af0c7a2dbd8c0d819b155b18ed2
SHA1 hash: 58747def76488e4519244a0a6f4b8a69682a2048
SHA3-384 hash: c16c14790e1de46edb6fc9a36847c143b8a0378ebfc44ef039df687b76361f71af23510d4083d1e6e8121a7f8579be57
First seen:2023-01-25 09:32:13 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 3072:GnkEcSBmbgLVuXvGlpiIW40e+hfjwgLuV0k6O:1EcSBm50Q40b6Ek
TLSH : T1EEF38D1074C1C07AEE9A1A717C608BAD9C3FFAF14B389EEB23A4993D1D706D10125D6E
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:264a24a8-9c93-11ed-98c2-42010aa4000b
File name:aa0000.document89669816.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:cobalt_strike_tmp01925d3f
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
TLP:TLP:WHITE
Repository:yaraify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.