YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 0935bb03b2968c98e215359013f9ecbf38dddd233261eb78ee7efbccafccdd86.

Scan Results

SHA256 hash:	0935bb03b2968c98e215359013f9ecbf38dddd233261eb78ee7efbccafccdd86
File size:	1'812'601 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	080d4530f1331d11db6dfe40745c98be
SHA1 hash:	54621aebf4a3a588fb9cc4d6bb5ef2ce9b349c20
SHA3-384 hash:	0356a58f6b635045883bf879d51649a25e5008a2fdaf95e417376198fc0526dfed11a3701d56413a3a7bd98229f2595a
First seen:	2026-04-02 15:50:56 UTC
Last seen:	Never
Sightings:	1
imphash :	f0ea7b7844bbc5bfa9bb32efdcea957c Create hunting rule
ssdeep :	49152:00MDpF0egrb/TxvO90d7HjmAFd4A64nsfJCew2r5gCYPCBgwiz1xuxFdz:vean18jz
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	100820b2b2080000 Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	bce16f5d-2eab-11f1-b47f-42010aa4000b
File name:	080d4530f1331d11db6dfe40745c98be
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	SecuriteInfo.com.Win32.Dh-A.82232183.UNOFFICIAL Create hunting rule

Signature:	Win.Malware.Wingo-10059248-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	classified
Author:	classified
Description:	classified
TLP :	TLP:AMBER

Rule name:	CMD_Ping_Localhost Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	GoBinTest Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	classified

Rule name:	classified

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:	TLP:WHITE
Repository:	YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.