× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: bdff88930bfa070d55c4af70cb1f275a150f48c57256f68c16341fc5c1ffa94c
Dateiname: copier@fh-bochum.de_20160216_084903.xls
Erkennungsrate: 4 / 54
Analyse-Datum: 2016-02-16 11:48:01 UTC ( vor 1 Jahr, 11 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Arcabit HEUR.VBA.Trojan.d 20160216
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160216
NANO-Antivirus Trojan.Script.Downloader.eahofn 20160216
Qihoo-360 heur.macro.download.1i 20160216
Ad-Aware 20160216
AegisLab 20160216
Yandex 20160215
AhnLab-V3 20160216
Alibaba 20160216
ALYac 20160216
Antiy-AVL 20160216
Avast 20160216
AVG 20160216
Avira (no cloud) 20160216
Baidu-International 20160216
BitDefender 20160216
Bkav 20160215
ByteHero 20160216
CAT-QuickHeal 20160216
ClamAV 20160216
CMC 20160216
Comodo 20160216
Cyren 20160216
DrWeb 20160216
Emsisoft 20160216
ESET-NOD32 20160216
F-Prot 20160216
Fortinet 20160216
GData 20160216
Ikarus 20160216
Jiangmin 20160216
K7AntiVirus 20160216
K7GW 20160216
Kaspersky 20160216
Malwarebytes 20160216
McAfee 20160216
McAfee-GW-Edition 20160216
Microsoft 20160216
eScan 20160216
nProtect 20160216
Panda 20160215
Rising 20160216
Sophos AV 20160216
SUPERAntiSpyware 20160216
Symantec 20160215
Tencent 20160216
TheHacker 20160215
TrendMicro 20160216
TrendMicro-HouseCall 20160216
VBA32 20160215
VIPRE 20160216
ViRobot 20160216
Zillya 20160215
Zoner 20160216
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
alex
creation_datetime
2015-07-30 06:24:02
author
1
last_saved
2016-02-16 08:59:33
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
786432
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
11264
type_literal
stream
size
109
name
\x01CompObj
sid
25
type_literal
stream
size
236
name
\x05DocumentSummaryInformation
sid
24
type_literal
stream
size
204
name
\x05SummaryInformation
sid
23
type_literal
stream
size
13714
name
Workbook
sid
1
type_literal
stream
size
691
name
_VBA_PROJECT_CUR/PROJECT
sid
22
type_literal
stream
size
137
name
_VBA_PROJECT_CUR/PROJECTwm
sid
21
type_literal
stream
size
97
name
_VBA_PROJECT_CUR/UserForm1/\x01CompObj
sid
19
type_literal
stream
size
292
name
_VBA_PROJECT_CUR/UserForm1/\x03VBFrame
sid
20
type_literal
stream
size
94
name
_VBA_PROJECT_CUR/UserForm1/f
sid
17
type_literal
stream
size
180
name
_VBA_PROJECT_CUR/UserForm1/o
sid
18
type_literal
stream
size
12817
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
10
type_literal
stream
size
1159
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/UserForm1
sid
11
type_literal
stream
size
5161
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1661
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
14
type_literal
stream
size
122
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
15
type_literal
stream
size
392
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
5
type_literal
stream
size
103
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
6
type_literal
stream
size
899
name
_VBA_PROJECT_CUR/VBA/dir
sid
13
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
7
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
8
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
9
type_literal
stream
size
1342
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 7512 bytes
create-ole obfuscated open-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
33

CompObjUserType
???? Microsoft Office Excel 2003

ModifyDate
2016:02:16 07:59:33

TitleOfParts
1, 2, 3

SharedDoc
No

Author
1

FileType
XLS

AppVersion
12.0

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
alex

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:07:30 05:24:02

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

Compressed bundles
File identification
MD5 a6159252b39629cc28cb66db5b662611
SHA1 0b10ffb65ee6314fd7bfc758fbce2e5ae80c0733
SHA256 bdff88930bfa070d55c4af70cb1f275a150f48c57256f68c16341fc5c1ffa94c
ssdeep
1536:Folcac0iWYLLDhnxDV8ixx6FIehYTAeHVhj9sbyHLtyeGxmlrdgvk9rBMBVplelT:Folcac0iWYLLDhnxDV8ixx6FIehYTAeJ

File size 48.5 KB ( 49664 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Last Saved By: alex, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jul 29 05:24:02 2015, Last Saved Time/Date: Mon Feb 15 07:59:33 2016, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated macros open-file xls create-ole

VirusTotal metadata
First submission 2016-02-16 11:07:07 UTC ( vor 1 Jahr, 11 Monate )
Last submission 2016-07-21 12:51:00 UTC ( vor 1 Jahr, 6 Monate )
Dateinamen copier@talke.com_20160216_084903.xls
copier@cws-boco.com_20160216_084903.xls
copier@arlinger.de_20160216_084903.xls
copier@khd.com_20160216_084903.xls
copier@teamviewer.com_20160216_084903.xls
copier@photonamic.de_20160216_084903.xls
copier@hbk-zwickau.de_20160216_084903.xls
copier@fh-bochum.de_20160216_084903.xls
copier@internetwelt.de_20160216_084903.xls
c1488cbca8e31a7477eea426cb73c186
copier@_20160216_084903.xls
copier@fucku.com_20160113_021730.xls
copier@bema-tech.de_20160216_084903.xls
copier@lombego.de_20160216_084903.xls
copier@paul-herkt.de_20160216_084903.xls
copier@uni-oldenburg.de_20160216_084903.xls
copier@fiducoldex.com.co_20160216_084903.xls
copier@rockels.de_20160216_084903.xls
copier@scc.kit.edu_20160216_084903.xls
copier@svg-stuttgart.de_20160216_084903.xls
copier@rltg.de_20160216_084903.xls
copier@sadevteq.com_20160216_084903.xls
copier@dagbladet.no_20160216_084903.xls
copier@wunsiedel.de_20160216_084903.xls
malware.xls
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!