YARAify Task Results
YARAify scan results for task ID bf198191-fb0b-11ec-9250-42010aa4000b.
Scan Results
| Task ID: | bf198191-fb0b-11ec-9250-42010aa4000b | |
|---|---|---|
| Task parameters: | clamav_scan: | True |
| unpack: | True | |
| share_file: | True | |
| Submission time: | 2022-07-03 20:07:21 UTC | |
| Scan time: | Scan took 12 seconds | |
| File name: | malware_in_themes_css.php | |
| File size: | 10'968 bytes | |
| File download: | Original | |
| MIME type: | text/html | |
| SHA256 hash: | 4e7a018d007a02dabdc93418b61bf299326d6480ecf5938ca2793a6b584a7b09 | |
| MD5 hash: | 2bb4e73b2f6133182d851396aee85908 | |
| SHA1 hash: | 78cf77a62eb2d8814ab32ecce5aa6ea7e18757cf | |
| SHA3-384 hash: | c59dd90bba7d0baea32865390f57c01dbc48e8e5d40db35699539249181389d89d9f37ef2ca967cd02d11fa3b21a038d | |
| First seen: | 2022-07-03 20:07:20 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | n/a | |
| ssdeep : | 192:e0h0Lspty0moQput1VLsp+0moQpIb3ALsp+0moQpIv:eegcywtX9ybU9yv | |
| TLSH : | T1A632103A76DB598E6436F07C4E55A159F67AC22B10248F467D2C80D47F307B04EE6B8E | |
| telfhash : | n/a | |
| dhash icon : | n/a | |
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | webshell_php_generic_eval |
|---|---|
| Author: | Arnim Rupp |
| Description: | Generic PHP webshell which uses any eval/exec function in the same line with user input |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | {HEX}php.malware.magento.598.UNOFFICIAL |
|---|
| Signature: | YARA.eval_post.UNOFFICIAL |
|---|