YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 258c87e353059ed7250405b263f012a90d5036c1dd3002409c39dd1453a2c5f1.

SHA256 hash:	258c87e353059ed7250405b263f012a90d5036c1dd3002409c39dd1453a2c5f1
File size:	1'841'910 bytes
File download:	Original
MIME type:	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
MD5 hash:	745123764ecd443f797233256741ba62
SHA1 hash:	6f44ab5d5664fa0a4ed080402a2305a96b25dc69
SHA3-384 hash:	e2feee1ed075c226973859ec4e70aa45c8c599a7a9d211a92dd7feb2fcdbede976a2c5cd683a4a7ca67a935e222c9df8
First seen:	2025-12-16 23:35:03 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	49152:yPQ0BfBzP+dDhrAck0yuWBs+j1RrraJioeJQc7HpZhOsGJ1ZBA+:yihsck0pp21Rrtoeic7UXy+
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 0 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	informational_win_ole_protected Create hunting rule
Author:	Jeff White (karttoon@gmail.com) @noottrak
Description:	Identify OLE Project protection within documents.
TLP:	TLP:WHITE
Repository:	karttoon

Rule name:	TA505_Maldoc_21Nov_2 Create hunting rule
Author:	Arkbird_SOLG
Description:	invitation (1).xls
Reference:	https://twitter.com/58_158_177_102/status/1197432303057637377
TLP:	TLP:WHITE
Repository:	StrangerealIntel

Rule name:	vbaproject_bin Create hunting rule
Author:	CD_R0M_
Description:	{76 62 61 50 72 6f 6a 65 63 74 2e 62 69 6e} is hex for vbaproject.bin. Macros are often used by threat actors. Work in progress - Ran out of time
TLP:	TLP:WHITE
Repository:	CD-R0M

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-16 23:35:03 UTC Static: 3 Unpacker: 0 ClamAV: 0