YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 8bc7530a75b730ad5bffef72f3a56e16fb3dfda0aeb1a428bdfe54780e6217cd.
Scan Results
| SHA256 hash: | 8bc7530a75b730ad5bffef72f3a56e16fb3dfda0aeb1a428bdfe54780e6217cd | |
|---|---|---|
| File size: | 44'032 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | 80397c2368e3c648a6cfce4a5781dcfc | |
| SHA1 hash: | 584f11b872b7dca4eb143748e395d0b23bb292b0 | |
| SHA3-384 hash: | 30e7491b6c8e82e8e9cf4176016e89d1eb6d1380a6ab8f4911cf8149bb773fb75f4f124d3995c2908a79ca9c76134318 | |
| First seen: | 2026-03-14 15:30:39 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 9433b671ca36c1f732e87d57dc242bf5 | |
| ssdeep : | 768:75npM3gFcD/vba7zH3OJn/4houzaLKJ5ZmATQTZ19i:75npdcD/vbsjY4WvLKb7TQd1 | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 92b2f0aaeef2727a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | c17327ef-1fba-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 80397c2368e3c648a6cfce4a5781dcfc | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
No matches
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | SUSP_XORed_URL_In_EXE |
|---|---|
| Author: | Florian Roth (Nextron Systems) |
| Description: | Detects an XORed URL in an executable |
| Reference: | https://twitter.com/stvemillertime/status/1237035794973560834 |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | SUSP_XORed_URL_in_EXE_RID2E46 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects an XORed URL in an executable |
| Reference: | https://twitter.com/stvemillertime/status/1237035794973560834 |
| TLP: | TLP:WHITE |
| Rule name: | VECT_Ransomware |
|---|---|
| Author: | Mustafa Bakhit |
| Description: | Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter