YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7b2c9b33fdb21936b2d10a5f4b9a1f25397a23a23acc1de55ce193ce4c9be1d3.

Scan Results

SHA256 hash: 7b2c9b33fdb21936b2d10a5f4b9a1f25397a23a23acc1de55ce193ce4c9be1d3
File size:1'730'370 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 104c981d48e7d6f095ea283eb7d8db17
SHA1 hash: 458a3e2b98d8f78fa89ef1da31af771f3bb429e1
SHA3-384 hash: 2649d3c26f40ff7db6bd286d38269c4bfd35028fa0749aaef87a21cdb6ccb3ce268032ea11dac568c40348a71f6265e5
First seen:2026-03-29 17:28:40 UTC
Last seen:Never
Sightings:1
imphash : 520a74baebec716e6d66a6c2676bb313
Create hunting rule
ssdeep : 49152:xIgjdsk9WnO+kIgjdsk9WnOMIgjdsk9WnO:2gjOk9WOqgjOk9WOrgjOk9WO
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon : 026160c8ad568000
Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:ba106643-2b94-11f1-b47f-42010aa4000b
File name:104c981d48e7d6f095ea283eb7d8db17
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.Dropper.18158.4520.UNOFFICIAL
Create hunting rule
Signature:Win.Trojan.Generic-9939768-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:dgaagas
Create hunting rule
Author:Harshit
Description:Uses certutil.exe to download a file named test.txt
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
TLP:TLP:WHITE
Repository:
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:TLP:WHITE
Repository:YARAify

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.