YARAify Task Results
YARAify scan results for task ID 38ec56ec-ee39-11f0-9df4-42010aa4000b.
Scan Results
| Task ID: | 38ec56ec-ee39-11f0-9df4-42010aa4000b | |
|---|---|---|
| Task parameters: | clamav_scan: | True |
| unpack: | True | |
| share_file: | True | |
| Submission time: | 2026-01-10 15:29:58 UTC | |
| Scan time: | Scan took 6 seconds | |
| File name: | Shieldbrowser.exe | |
| File size: | 66'048 bytes | |
| File download: | Original Unpacked | |
| MIME type: | application/x-dosexec | |
| SHA256 hash: | 5d896a1e7acf19940db5d3dc02f125d84dddcdf8dfd344a87498d5fe157610a6 | |
| MD5 hash: | 478a1956d73a21b08567fe4ee38b6da2 | |
| SHA1 hash: | cf16b32b7282fc4ec565945f8043d70776058730 | |
| SHA3-384 hash: | f05b227472b661b8bd019795f38f71112ad3bf8bd31b5095ba0be0e66d10078cf5a8cda565953700b5ef8fc72cdca23e | |
| First seen: | 2026-01-10 15:29:58 UTC | |
| Last seen: | 2026-01-10 15:36:43 UTC | |
| Sightings: | 3 | |
| imphash : | f34d5f2d4577ed6d9ceec516c1f5a744 | |
| ssdeep : | 768:XhWBkc+d5iPpVei89J+X6BZrPym873tiHyYd1+DSCv7mqb2nSpwHsoFBhLO8G2iI:XUud+e5P8ZiHyYBGbbrwfG2iVclN | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| dhash icon : | n/a | |
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | AcRat |
|---|---|
| Author: | Nikos 'n0t' Totosis |
| Description: | AcRat Payload (based on AsyncRat) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | dcrat |
|---|---|
| Author: | jeFF0Falltrades |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | dcrat_kingrat |
|---|---|
| Author: | jeFF0Falltrades |
| TLP: | TLP:WHITE |
| Repository: | CAPE |
| Rule name: | dcrat_rkp |
|---|---|
| Author: | jeFF0Falltrades |
| Description: | Detects DCRat payloads |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_DcRatBy |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables containing the string DcRatBy |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables attemping to enumerate video devices using WMI |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | MAL_AsnycRAT |
|---|---|
| Author: | SECUINFRA Falcon Team |
| Description: | Detects AsnycRAT based on it's config decryption routine |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | MAL_AsyncRAT_Config_Decryption |
|---|---|
| Author: | SECUINFRA Falcon Team |
| Description: | Detects AsnycRAT based on it's config decryption routine |
| TLP: | TLP:WHITE |
| Rule name: | Mal_WIN_AsyncRat_RAT_PE |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect AsyncRAT implant. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | Multifamily_RAT_Detection |
|---|---|
| Author: | Lucas Acha (http://www.lukeacha.com) |
| Description: | Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | NETexecutableMicrosoft |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | Njrat |
|---|---|
| Author: | botherder https://github.com/botherder |
| Description: | Njrat |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | pe_imphash |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | Sus_CMD_Powershell_Usage |
|---|---|
| Author: | XiAnzheng |
| Description: | May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | SUSP_DOTNET_PE_List_AV |
|---|---|
| Author: | SECUINFRA Falcon Team |
| Description: | Detecs .NET Binary that lists installed AVs |
| TLP: | TLP:WHITE |
| Rule name: | win_asyncrat_unobfuscated |
|---|---|
| Author: | Matthew @ Embee_Research |
| Description: | Detects strings present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc) |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | classified |
|---|---|
| Author: | classified |
| Description: | classified |
| TLP : | TLP:AMBER |
| Rule name: | Windows_Generic_Threat_ce98c4bc |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Generickdz-9865912-0 |
|---|
| Signature: | Win.Malware.Zusy-10034587-0 |
|---|
| Signature: | Win.Packed.Generickdz-10058942-0 |
|---|
| Signature: | Win.Packed.Razy-9807129-0 |
|---|
| Signature: | Win.Trojan.AsyncRAT-9914220-0 |
|---|