YARAify Task Results

YARAify scan results for task ID 70682ee9-ee5a-11f0-9df4-42010aa4000b.

Scan Results

Task ID:70682ee9-ee5a-11f0-9df4-42010aa4000b
Task parameters:clamav_scan:True
unpack:True
share_file:True
Submission time:2026-01-10 19:27:44 UTC
Scan time:Scan took 9 seconds
File name:WhatsApp Installer.exe
File size:1'106'976 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
SHA256 hash: 1f8c98a24f1dc2e22a18ce4218972ce83b7da4d54142d2ca0caeb05225dbc4a9
MD5 hash: ac44b3bbb1b77c16941e3e2ed418ee30
SHA1 hash: c18ddbba921da950f4c5e30e5b2f8731571bb872
SHA3-384 hash: 8f440feaf2915a04e7afa4b66ed5ad874f24ec2ab51e97d2774eabf8f571f937e90a20a25c45f1ea52f8f0c41c962f34
First seen:2026-01-09 21:54:52 UTC
Last seen:2026-01-10 19:27:44 UTC
Sightings:2
imphash : f34d5f2d4577ed6d9ceec516c1f5a744
Create hunting rule
ssdeep : 12288:6LQP2cqyCx+Tac0RDffXJjyYpCWoNHSy5viczgJ00Iyggot+TRofXJjyNpXM0:Dc+2DR7BWYpCWo440UdmoBWNpXM0
TLSH :n/a
telfhash :n/a
dhash icon : c4ccb392f1f192cc
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:pe_imphash
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Runtime_Broker_Variant_1
Create hunting rule
Author:Sn0wFr0$t
Description:Detecting malicious Runtime Broker
TLP:TLP:WHITE
Repository:YARAify
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

ClamAV Results

The file matched the following open source and commercial ClamAV rules.