YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 20ec5c70ba4d8001c27bd4aeb9a4ccedcf3d3d5bd65d69ff912f6b0e9a1d3d4b.

SHA256 hash:	20ec5c70ba4d8001c27bd4aeb9a4ccedcf3d3d5bd65d69ff912f6b0e9a1d3d4b
File size:	151'552 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	ce8d4356b86f5e00a028fefde09f873e
SHA1 hash:	3023b3e843baa25177d0c980ebe64f0a9244f90e
SHA3-384 hash:	1bbf3af860d882b056f150587af3f974c6a0bc8c9a42cc036e860838cfb532d3401e43456141f6b624e86ac51b2df142
First seen:	2026-04-27 21:05:15 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	1536:c+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtcxY5rdH:jbpDCw1p3vmLvsZIaVMoruiwDcGw
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	01ccc4d0c4f47c02 Create hunting rule

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Win.Malware.Lunam-6749633-0 Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2026-04-27 21:05:15 UTC Static: 2 Unpacker: 0 ClamAV: 1