YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash fda23d93b04018a7ea1f6fee9cc14b38ae165e2b0ba36664b32b93beff1e4030.

Scan Results

SHA256 hash: fda23d93b04018a7ea1f6fee9cc14b38ae165e2b0ba36664b32b93beff1e4030
File size:364'544 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 061c72a02a79caf5bd8ef27565cfb601
SHA1 hash: 33bfe3955df46af337c39dec39dd7f166fea7293
SHA3-384 hash: 26bd488826c0fc4d964c8a61dda2bf6f29da531387594c2cfb336c44bda7ea920cfbe9e00884d5d251bccc767d5df4ca
First seen:2026-04-27 14:40:35 UTC
Last seen:Never
Sightings:1
imphash : 9a7e4883d5793bf81d0e5cefa9ed71c6
Create hunting rule
ssdeep : 6144:Kdbu1J7PCaXxMLGxKWR1mlkVl+lIzohdMxB+RNGrQLFR461+nO7zs0IBVLH:muqyxMLNplyon0BB
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : e4c48ac880a48484
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:0d4e9fd9-4247-11f1-badc-42010aa4000b
File name:061c72a02a79caf5bd8ef27565cfb601
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Shelma-9863151-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:Suspicious_Process
Create hunting rule
Author:Security Research Team
Description:Suspicious process creation
TLP:TLP:WHITE
Repository:YARAify
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.