YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 590a8b62755036ff49fba0b0e1af862e440a7d61f0640a147c6b317c585671a8.

Scan Results

SHA256 hash: 590a8b62755036ff49fba0b0e1af862e440a7d61f0640a147c6b317c585671a8
File size:35'955 bytes
File download: Original
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
MD5 hash: bdc289c434c0561b68511c7ff7438ead
SHA1 hash: b27ff12d5a4f4e7d75ee89ee14c4a02697fb602d
SHA3-384 hash: 9eb1e852fa0181a1ea08438d88d7e92fb3b83145fb9cba58ba837a1e6f3f541540842ccd8e5be6f08c493da824134d61
First seen:2026-04-02 03:53:31 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 768:VFahtNuPhlZDl+Khy4G9FdspQjIRGCvonb5kvYUJCw8:T5Phltlry4GZyQ8PgnFkvn8
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 0 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:842348f3-2e47-11f1-b47f-42010aa4000b
File name:bdc289c434c0561b68511c7ff7438ead
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:informational_win_ole_protected
Create hunting rule
Author:Jeff White (karttoon@gmail.com) @noottrak
Description:Identify OLE Project protection within documents.
TLP:TLP:WHITE
Repository:karttoon
Rule name:vbaproject_bin
Create hunting rule
Author:CD_R0M_
Description:{76 62 61 50 72 6f 6a 65 63 74 2e 62 69 6e} is hex for vbaproject.bin. Macros are often used by threat actors. Work in progress - Ran out of time
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.