YARAify Task Results

YARAify scan results for task ID 7ba55fab-e04b-11f0-9df4-42010aa4000b.

Scan Results

Task ID:7ba55fab-e04b-11f0-9df4-42010aa4000b
Task parameters:clamav_scan:True
unpack:True
share_file:True
Submission time:2025-12-23 22:05:25 UTC
Scan time:Scan took 3 seconds
File name:AnyDeskSetup.exe
File size:46'592 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
SHA256 hash: cc4104cebf928912478bcda19b3d09e59931feb6961df87d2f38d812b95f2464
MD5 hash: f553778815a7d7ca85aeeb9d54646884
SHA1 hash: 1355be555c6d97b2ed646577ab1c4c36b307a67f
SHA3-384 hash: f0ab16658c6f1fe0e0f8eb6748d9197279397df335fde81da9bea83cf928a66adbd45006589750f51572a7ae8233edc1
First seen:2025-12-23 22:05:13 UTC
Last seen:2025-12-24 07:23:42 UTC
Sightings:4
imphash : f34d5f2d4577ed6d9ceec516c1f5a744
Create hunting rule
ssdeep : 768:juICdTYEXlTWU/+qhmo2qb5qJEVqva55OPImzjbogXliBDgJ+DizKU9+KiLBDZKh:juICdTYUN2SRnf3m3b/X0BK+DqbiddKh
TLSH :n/a
telfhash :n/a
dhash icon :n/a

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AsyncRat
Create hunting rule
Author:kevoreilly, JPCERT/CC Incident Response Group
Description:AsyncRat Payload
TLP:TLP:WHITE
Repository:CAPE
Rule name:asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:CAPE
Rule name:asyncrat_kingrat
Create hunting rule
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:CAPE
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse
Create hunting rule
Author:ditekSHen
Description:Detects file containing reversed ASEP Autorun registry keys
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MAL_AsnycRAT
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:MAL_AsyncRAT_Config_Decryption
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Rule name:Mal_WIN_AsyncRat_RAT_PE
Create hunting rule
Author:Phatcharadol Thangplub
Description:Use to detect AsyncRAT implant.
TLP:TLP:WHITE
Repository:YARAify
Rule name:malware_asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:JPCERTCC
Rule name:malware_asyncrat
Create hunting rule
Description:detect AsyncRat in memory
Reference:https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
TLP:TLP:WHITE
Repository:JPCERTCC
Rule name:msil_suspicious_use_of_strreverse
Create hunting rule
Author:dr4k0nia
Description:Detects mixed use of Microsoft.CSharp and VisualBasic to use StrReverse
TLP:TLP:WHITE
Repository:
Rule name:Multifamily_RAT_Detection
Create hunting rule
Author:Lucas Acha (http://www.lukeacha.com)
Description:Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Njrat
Create hunting rule
Author:botherder https://github.com/botherder
Description:Njrat
TLP:TLP:WHITE
Repository:
Rule name:pe_imphash
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_DOTNET_PE_List_AV
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detecs .NET Binary that lists installed AVs
TLP:TLP:WHITE
Rule name:SUSP_Reverse_Run_Key
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects a Reversed Run Key
TLP:TLP:WHITE
Repository:SIFalcon
Rule name:win_asyncrat_bytecodes
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects bytecodes present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
TLP:TLP:WHITE
Repository:embee-research
Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
TLP:TLP:WHITE
Repository:Sandnet
Rule name:win_asyncrat_unobfuscated
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects strings present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
TLP:TLP:WHITE
Repository:YARAify
Rule name:win_asyncrat_w0
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:Malpedia
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:Windows_Generic_Threat_ce98c4bc
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Packed.AsyncRAT-9856570-1
Create hunting rule
Signature:Win.Packed.Razy-9625918-0
Create hunting rule