NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash de4c0554662cc3b8fd392b175b3c50d8c62896c5dc39e7ba2a19974dd35e5cd2.

Scan Results

SHA256 hash: de4c0554662cc3b8fd392b175b3c50d8c62896c5dc39e7ba2a19974dd35e5cd2
File size:339'491 bytes
File download: Original
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
MD5 hash: 15e7db40e6598169cf55ec464df06c9b
SHA1 hash: effdb701470518270dda1ce6ebc3e4eca1fa85a6
SHA3-384 hash: 9bbc47c428eb59f7b2896b3e45fe292e6d2beece965cba02de553f8cda5f636b0deec9545b1763578bb3ad0a2b18f343
First seen:2023-08-05 08:34:20 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 6144:7RMlgE+mJ9ABc/nv5k8IKAhBfsOwmLgzLc1pTcsGEdDIPmhsB0vRakfzeQZNh:7RMmEv2Bc/nvm8IKABfsYOmauFt
TLSH : T10074127FE28559F4C3398D3FD680E1908265F1E04167B32D47DD3928A34329FA95E2EA
Create hunting rule
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:df588c76-336a-11ee-a6d2-42010aa4000b
File name:15e7db40e6598169cf55ec464df06c9b
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.28370.badform.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Heur.4241.20754.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Macro.Downloader-23.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Script.SNH-gen.17583.1072.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Script.SNH-gen.31273.7098.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Troj.DocDl-ADNL.16627.20726.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Worflnt.C.182.22308.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.XML.Agent-5.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.EnjoyTheSilence.20210716.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.EvilMacroSheet.QakyAgainstTheWind.20210602.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.OXML.EvilMacroSheetMignightQakTrainToMemphis.20210527.UNOFFICIAL
Create hunting rule
Signature:TwinWave.EvilDoc.OXML.EvilMacroSheetMignightQakTrainToMemphis.M2.20210521.UNOFFICIAL
Create hunting rule
Signature:Xls.Downloader.GreenEnable092113-9891960-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:Microsoft_XLSX_with_Macrosheet
Create hunting rule
TLP:TLP:WHITE
Repository:InQuest

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.