YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 29a3120b04e3a5b81ad04978616a339144bce531b74b292a60a71887602f0a87.

Scan Results

SHA256 hash:	29a3120b04e3a5b81ad04978616a339144bce531b74b292a60a71887602f0a87
File size:	1'805'699 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	12f62e032b46b0e2d85d87d2c575c77e
SHA1 hash:	6b94d0813d23e84fdb8712556c08da0a76307175
SHA3-384 hash:	96b3ab784cc3989ea166663cec1863c15d370e25ccef6dd0a23091f1912dde6230828cc57584399a8c294deaa1f05b3b
First seen:	2026-03-13 19:24:51 UTC
Last seen:	Never
Sightings:	1
imphash :	f0ea7b7844bbc5bfa9bb32efdcea957c Create hunting rule
ssdeep :	49152:00MDpF0egrb/TxvO90d7HjmAFd4A64nsfJCew2r5gCYPCBgwiz1xuq:vean1x
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	100820b2b2080000 Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	4ef5eb77-1f12-11f1-b47f-42010aa4000b
File name:	12f62e032b46b0e2d85d87d2c575c77e
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	SecuriteInfo.com.Win32.Dh-A.82232183.UNOFFICIAL Create hunting rule

Signature:	Win.Malware.Wingo-10059250-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	classified
Author:	classified
Description:	classified
TLP :	TLP:AMBER

Rule name:	CMD_Ping_Localhost Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	GoBinTest Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	classified

Rule name:	classified

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:	TLP:WHITE
Repository:	YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.