yextend not correctly scanning child xml files of .docx parent

[CoSeiso]

I've been using yextend to identify strings in .docx files that are indicative of the presence of a sub document. While testing, I realized what appears to be a bug in the way yextend scans .docx files.

The strings defined in the yara rule are:

"rId4"
"w:subDoc"

When ran against the test.docx file, the result is:

[
{
"scan_results": [],
"file_name": "/home/moretang/malware/test.docx",
"file_size": 19198,
"yara_ruleset_file_name": "/home/moretang/malware/subdoc_rules.yar",
"children": [
{
"file_name": "/home/moretang/malware/test.docx",
"file_size": 19198,
"yara_matches_found": false,
"file_signature_MD5": "978d6cdc38cbad918da526822a10aba0"
},
{
"yara_matches_found": false,
"file_size": 989,
"file_name": "word/document.xml",
"file_signature_MD5": "7a7c6fa0a200a4dbeda3e389068da2dc",
"scan_type": "Yara Scan (Office Open XML) "
}
],
"file_signature_MD5": "978d6cdc38cbad918da526822a10aba0"
}
]

When word/document.xml is manually extracted from test.docx and scanned, the output shows true matches:

[
{
"yara_matches_found": true,
"scan_results": [],
"file_name": "/home/moretang/malware/word/document.xml",
"yara_ruleset_file_name": "/home/moretang/malware/subdoc_rules.yar",
"file_size": 4356,
"children": [
{
"yara_matches_found": true,
"file_name": "/home/moretang/malware/word/document.xml",
"scan_type": "Yara Scan (XML Document)",
"yara_results": {
"embedded_doc": {
"description": ".docx subdoc identification",
"hit_count": "2",
"offsets": [
"0x8ae:$s1",
"0x89f:$s2"
]
}
},
"file_size": 4356,
"date": "2019-11-19",
"file_signature_MD5": "078e06af7c487a83d550b76a6c6fa56b"
}
],
"file_signature_MD5": "078e06af7c487a83d550b76a6c6fa56b"
}
]

Note that the hashes are different as well. Is anyone aware of the cause of this?

I do realize that the scan type is different between the two sets of results.

Thanks!