YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 4ee54dc3ce0a6fe2aa67f9563ee28beec61122b87e8019795c652b4af6ac60ab.

Scan Results

SHA256 hash: 4ee54dc3ce0a6fe2aa67f9563ee28beec61122b87e8019795c652b4af6ac60ab
File size:75'776 bytes
File download: Original
MIME type:application/msword
MD5 hash: 468fe241f39f3ca71892320165a3238e
SHA1 hash: ef5cbb3a1492823e6039657520c09b5a991b7aa3
SHA3-384 hash: f3b0a01037d8e42119fb10f71617bdb63f67e9105d659a0291026de8658a5ee60d7d9bc079fd3c1bbdccb36dcb35d88b
First seen:2026-05-18 07:57:01 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 768:7OBlvbUT8YO0RG7oc0XcX3vFRjTDi5ZH/VscbQMELCyA4IFLp2xv9oj/Lu:2bUT8YOTX3vnc/VsYQMELCyAJLpCv
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:271ea409-528f-11f1-badc-42010aa4000b
File name:468fe241f39f3ca71892320165a3238e
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:informational_win_ole_protected
Create hunting rule
Author:Jeff White (karttoon@gmail.com) @noottrak
Description:Identify OLE Project protection within documents.
TLP:TLP:WHITE
Repository:karttoon

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.