YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ff5b55e4958ca0ecaecdd8637efe483f9af7dee334a290ce4149694a9fc17e1d.

SHA256 hash:	ff5b55e4958ca0ecaecdd8637efe483f9af7dee334a290ce4149694a9fc17e1d
File size:	5'644'288 bytes
File download:	Original
MIME type:	application/octet-stream
MD5 hash:	4999015fdeab8dd3ecd86e064596432a
SHA1 hash:	bcc1eb0bccbfc8a46a14ab5623c67f10b1ae0ddf
SHA3-384 hash:	557ebabaccd16cbc574217d785eb514b9efa827046db46eacdd1735e5d0641e4e6d0cda34eae12700403cf08c9f9b420
First seen:	2026-02-01 09:54:55 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	6144:vqqDbenSigvhT/5EVuSeRGLzVK50jWKicaDippp559o7xkxShxSkrSkdkTYwASrc:yqncgJFEBwPcrpz9Gwroeq
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	win_keybase_w0 Create hunting rule
Author:	@bartblaze
Description:	Identifies KeyBase aka Kibex.
TLP:	TLP:WHITE
Repository:	Malpedia

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-02-01 09:54:55 UTC Static: 5 Unpacker: 0 ClamAV: 0