SUSP_Nim_ShellCode_Loader_Aug22_1

Rule Info

Name
SUSP_Nim_ShellCode_Loader_Aug22_1
Author
Florian Roth
Description
Detects indicators found Nim shellcode loaders
Score
75
Reference
Internal Research
Date
2022-08-22
Minimum Yara
3.5.0
Rule Hash
caec12568bd489e545fac1ee00042b3d
Tags
['EXE', 'FILE', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_nim_shellcode_loader_aug22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
5
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2026-01-26 23:49:34
12
73
df6af0b83afca4c177111dd17d244cbfef235ab8d04cc8acd85946ab3d966c8e
2026-01-24 13:48:07
11
72
8929a55c8fc56cce6e8f8b0e4bdb82a60a194ac8fe82fff65a9e85cba2ad9e4e
2026-01-23 12:43:48
8
72
4bbc26b2aa121605cdb4ed53fe042722f074ca0dbc5c493769e66512d00aa30c
2026-01-23 11:37:14
9
72
47afe02d13fbc2ae199cc757d76f5e72791ad5152f8629b5d6d610f05ee2f474
2025-08-21 01:22:33
36
72
fc9c4eab2b35228996f8e4a2a76969ccb820b6f95dc4e408dc1580627bf1ed39
2025-03-19 06:16:40
49
74
8eb19ad44994e3b835920e6b39a197e6d258777c34daade1e6e3ef2f8fe7127c
2025-03-19 06:07:59
46
74
e71023a6526e3403faab0ba8541860001408f69097c5cca6059230c0afc0ea70
2025-03-19 00:24:27
41
74
f504833f3beb5aceaff1aa2d1e1dca0820231f6e51b59638da61ce033bfa45bc
2025-03-18 23:52:07
38
74
e9238a8a8b502627811ba967006f2d1d51cd96bdd781e38c28c49b8e0a2a2717
2025-03-18 23:44:03
36
74
f3fa56e4323496c32b280a75cd5a0cf48ad4a29d8cde353a12fb60f71851d395
2025-03-18 23:30:13
37
73
2a94052fcce26a6cb2feef15d8a837b83afcc4c2397b33c98e061ec475af70f9
2024-06-05 23:30:24
45
72
c1fc6d6aaf93a3815f30e568ab341c0210f7a56b76b05df32cba7fe283c7debe
2023-05-08 02:18:08
41
70
2ecf24a8be4e88b06d60644f6259447a86f46db23da23a909786bfbd2c94923c
2023-05-07 17:16:49
31
70
09154bda394c1548f3a78a350d50bfeabf7223609ad969caf81a8cd6aa692b88
2023-03-31 10:20:15
42
69
7c1285241581345d02a5a0e1940458e2e55b3d4b77e3ba42d3f2c001f99e9dc9
2022-11-24 06:11:42
8
71
1df6109aabadba63990853e35e8f0e04d33a7c5e61d4d5b1f61449d00a804891
2022-10-17 19:40:27
24
72
40c2cc5bda48122ebb02016b54f6788fb0167466a60f8395b21474ae6d37e424
2022-10-11 12:45:40
11
72
42a7d644e0cd24c34dda42e5ff973f71b3790dfdd39fb8cdaf87f6a88b9dbcc5
2022-10-07 02:29:33
2
71
ba6e298b14b1f4711bd434e2b55688282463972a88ac88dba312cef973b9e3db
2022-10-07 02:29:30
5
71
23b023f2fc0140ec7322a50fbc9c852957488cd4ef06382eea6967c7fb2981f8
2022-10-07 02:28:06
14
72
7bc3877dbd50f7d60b50a6d00bf0db83d86b8d24dfdcf472d149c70e6fd63d5d
2022-10-02 20:08:11
27
71
1c6a49a7d69a39d33ddf1e4bc36a840b42d0840912816fe28cb54dc98aed1f0b
2022-10-01 02:08:44
23
70
26e7dd946deca7cc7183909344c50e235ec2ce9991902dadb27aed25efc76095
2022-09-29 14:39:37
24
72
55ae74c9e4b4b25e414c4916dc85f0a59999c5aace5066d9d3479b815fdbc3b5
2022-08-23 01:52:27
40
71
17dcfd678baabb152dad73f8d2af3a6fe3504d98667f92795897c164a5983a39

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022