YARAhub
You are currently viewing the YARAhub entry of the YARA rule Tool_FakeInstaller_2. Depending on the TLP classification of this YARA rule chosen by the author, further information about this YARA rule is available below.
YARA Rule Details: Tool_FakeInstaller_2
| Rule name: | Tool_FakeInstaller_2 |
|---|---|
| Author: | Nikos 'n0t' Totosis - @casperinous |
| Description: | Detects fake installers that decrypt RC4-encrypted payloads stored in PE resources with IDs 100, 101. |
| Reference MD5: | ab0553ff56ec4cd19d58b115c03513e6 |
| Likes: | 0 |
| Reference Link : | n/a |
| Malpedia Family : | n/a |
| Date added: | 2026-06-22 |
| Rule Matching TLP : | TLP:WHITE |
| Rule Sharing TLP : | TLP:RED |
| License : | https://creativecommons.org/licenses/by-nc/4.0/ |
| UUID: | 30b23166-3c4d-42ac-b3c2-91c7391edc0b |
| Static hits: | 0 |
| Unpacker hits: | 0 |
YARA Rule Content
The content of the YARA rule is shown below.
The author of this YARA rule has chosen to not share the YARA rule
YARA Rule Matches
The following table shows the most recent files matching this particular YARA rule.
| First seen (UTC) | SHA256 hash | Static matches | Unpacker matches |
|---|