YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash eee2c6afbc3d5b4028e375ab06992a5934fa256023ad57884be7b129fa520921.

Scan Results


SHA256 hash: eee2c6afbc3d5b4028e375ab06992a5934fa256023ad57884be7b129fa520921
File size:175'087 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 4275a520ed92dede5e5116f43d5ac6e0
SHA1 hash: b14d06759e9f3de1c106966d0c817ca03bde3967
SHA3-384 hash: 2ceb08825abd4675a4fe956dacb97d54371f7dc4c130b463c3aeece60a2dff69fbc7112287af537b7e9183f162007005
First seen:2026-06-29 04:28:08 UTC
Last seen:Never
Sightings:1
imphash : 2a655363fb771d2dd60d0b0af785758d
ssdeep : 3072:ss3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/G/FnncrbPu7H:sDeM7iNEkgiOb31k1ECoJ0G7H
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information


Task ID:ee038900-7372-11f1-ad5e-42010aa4000b
File name:400000.62aca863-09eb-48cd-bdcd-8c1de951fc6d.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Cymt-10023133-0
Signature:Win.Malware.F50e02b-10027316-0
Signature:Win.Malware.Snojan-6775202-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:DevCv5
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPX20030XMarkusOberhumerLaszloMolnarJohnReiser
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXv20MarkusLaszloReiser
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
TLP:TLP:WHITE
Repository:YARAify
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.