YARAify | YARA Scan Results

SHA256 hash:	688d98d5c9bea350ebdd7550d1d927fe55baaa9daf2e139512a629c40deda1d9
File size:	3'495'528 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	2c89cd01f443a82e0c897d5d2cc895ca
SHA1 hash:	0e5a7daf45c96b5045956c9f6c91c0eac9545aac
SHA3-384 hash:	3699bb8ed70120801d7b237d7e9654ef237782663a05fdfa552168caf322c5f6605f920ae7b1b52730aeba596554c0a4
First seen:	2026-04-07 09:26:23 UTC
Last seen:	2026-04-07 10:27:32 UTC
Sightings:	6
imphash :	3271ee162568f50a6810be9b8973807f Create hunting rule
ssdeep :	49152:EOy8gBxMVfVA2S2QmZ9ljinwGtJPjdQclk9:E/4XjH2ny1
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

Task Information

Task ID:	62ecca02-326c-11f1-b47f-42010aa4000b
File name:	688d98d5c9bea350ebdd7550d1d927fe55baaa9daf2e139512a629c40deda1d9.exe
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.

Disabled by submitter

Task Information

Task ID:	7e474cb4-3264-11f1-b47f-42010aa4000b
File name:	verification.google
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	5abe2616-3264-11f1-b47f-42010aa4000b
File name:	verification.google
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	3702d163-3264-11f1-b47f-42010aa4000b
File name:	verification.google
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	1387d19c-3264-11f1-b47f-42010aa4000b
File name:	verification.google
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	d8188b7e-3263-11f1-b47f-42010aa4000b
File name:	2c89cd01f443a82e0c897d5d2cc895ca
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

No matches

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:	TLP:WHITE
Repository:	CD-R0M

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_duffcopy_amd64 Create hunting rule
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants
TLP:	TLP:WHITE
Repository:

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits
TLP:	TLP:WHITE
Repository:

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants
TLP:	TLP:WHITE
Repository:

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:	TLP:WHITE

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.

Disabled by submitter

YARAify Scan Results

Scan Results

Tasks

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

YARAify Scan Results

Scan Results Rescan

Tasks

2026-04-07 10:27:32 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-04-07 09:31:02 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-04-07 09:30:02 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-04-07 09:29:02 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-04-07 09:28:03 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-04-07 09:26:23 UTC Static: 19 Unpacker: 0 ClamAV: 0

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Scan Results