× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ecabe0a7fceb2dfdce96295d0ecceca0d8e0546c976a913f0e10c819af70fc0
File name: 1.xls
Detection ratio: 3 / 57
Analysis date: 2015-03-19 09:59:44 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Avast Other:Malware-gen [Trj] 20150319
AVware LooksLike.Macro.Malware.a (v) 20150319
VIPRE LooksLike.Macro.Malware.a (v) 20150319
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150318
AhnLab-V3 20150318
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
AVG 20150319
Avira (no cloud) 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150318
ByteHero 20150319
CAT-QuickHeal 20150318
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
ESET-NOD32 20150319
F-Prot 20150319
F-Secure 20150319
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150318
K7AntiVirus 20150319
K7GW 20150319
Kaspersky 20150319
Kingsoft 20150319
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
Norman 20150319
nProtect 20150319
Panda 20150318
Qihoo-360 20150319
Rising 20150318
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150318
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150318
ViRobot 20150319
Zillya 20150318
Zoner 20150319
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2015-03-18 19:45:18
author
Microsoft Office
last_saved
2015-03-19 08:07:20
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
company
Microsoft Corporation
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
30528
type_literal
stream
size
102
name
\x01CompObj
sid
29
type_literal
stream
size
276
name
\x05DocumentSummaryInformation
sid
28
type_literal
stream
size
236
name
\x05SummaryInformation
sid
27
type_literal
stream
size
13055
name
Workbook
sid
1
type_literal
stream
size
916
name
_VBA_PROJECT_CUR/PROJECT
sid
26
type_literal
stream
size
236
name
_VBA_PROJECT_CUR/PROJECTwm
sid
25
type_literal
stream
size
3387
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
sid
19
type_literal
stream
size
3462
type
macro
name
_VBA_PROJECT_CUR/VBA/Corob5
sid
16
type_literal
stream
size
1469
type
macro
name
_VBA_PROJECT_CUR/VBA/File55
sid
11
type_literal
stream
size
2750
type
macro
name
_VBA_PROJECT_CUR/VBA/File643
sid
12
type_literal
stream
size
3479
type
macro
name
_VBA_PROJECT_CUR/VBA/Heroro6
sid
8
type_literal
stream
size
3193
type
macro
name
_VBA_PROJECT_CUR/VBA/Loop4
sid
13
type_literal
stream
size
4455
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
20
type_literal
stream
size
990
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page1
sid
5
type_literal
stream
size
990
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page2
sid
6
type_literal
stream
size
990
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page3
sid
7
type_literal
stream
size
1299
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisBook
sid
4
type_literal
stream
size
5410
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
21
type_literal
stream
size
2972
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
23
type_literal
stream
size
704
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
24
type_literal
stream
size
158
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
9
type_literal
stream
size
530
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
10
type_literal
stream
size
171
name
_VBA_PROJECT_CUR/VBA/__SRP_4
sid
14
type_literal
stream
size
192
name
_VBA_PROJECT_CUR/VBA/__SRP_5
sid
15
type_literal
stream
size
265
name
_VBA_PROJECT_CUR/VBA/__SRP_6
sid
17
type_literal
stream
size
284
name
_VBA_PROJECT_CUR/VBA/__SRP_7
sid
18
type_literal
stream
size
822
name
_VBA_PROJECT_CUR/VBA/dir
sid
22
Macros and VBA code streams
[+] ThisBook.cls _VBA_PROJECT_CUR/VBA/ThisBook 40 bytes
auto-open
[+] Heroro6.bas _VBA_PROJECT_CUR/VBA/Heroro6 1643 bytes
exe-pattern run-dll
[+] File55.bas _VBA_PROJECT_CUR/VBA/File55 436 bytes
exe-pattern url-pattern
[+] File643.bas _VBA_PROJECT_CUR/VBA/File643 662 bytes
[+] Loop4.bas _VBA_PROJECT_CUR/VBA/Loop4 1273 bytes
handle-file open-file write-file
[+] Corob5.bas _VBA_PROJECT_CUR/VBA/Corob5 1299 bytes
obfuscated
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 1052 bytes
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 1906 bytes
create-ole open-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
Windows

CompObjUserType
???? Microsoft Excel 2003

ModifyDate
2015:03:19 07:07:20

TitleOfParts
Page1, Page2, Page3

SharedDoc
No

Author
Microsoft Office

Company
Microsoft Corporation

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
26

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:03:18 18:45:18

Security
None

CodePage
Windows Cyrillic

FileType
XLS

Software
Microsoft Excel

Compressed bundles
File identification
MD5 8a12c1d3fb8111eb13ba10ba03373326
SHA1 c7fcce3f2e11afd522f02991b3025de36bed0e4c
SHA256 0ecabe0a7fceb2dfdce96295d0ecceca0d8e0546c976a913f0e10c819af70fc0
ssdeep
1536:CYdvxHlcaQPy0iWYOcG4BDhnxDV8ix/7uDphYHceXVhca+fMHLtyeGxclrdgreOG:CYdvxHlcaAy0iWYOcG4BDhnxDV8ix/7r

File size 60.0 KB ( 61440 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Office, Last Saved By: ������������ Windows, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 17 18:45:18 2015, Last Saved Time/Date: Wed Mar 18 07:07:20 2015, Security: 0

TrID Microsoft Excel sheet (80.2%)
Generic OLE2 / Multistream Compound File (19.7%)
Tags
obfuscated open-file auto-open handle-file exe-pattern url-pattern macros run-dll attachment via-tor write-file xls create-ole

VirusTotal metadata
First submission 2015-03-19 07:49:02 UTC ( 4 years, 2 months ago )
Last submission 2016-07-20 21:44:24 UTC ( 2 years, 10 months ago )
File names 2015031714240625332(3).xls
VirusShare_8a12c1d3fb8111eb13ba10ba03373326
8a12c1d3fb8111eb13ba10ba03373326.xls
4fe6efd1aa792acfc8010af09b8058c0
decd0a65df88ac3a1e977fdd6a33894f
2015031714240625332(4).xls
c7fcce3f2e11afd522f02991b3025de36bed0e4c.xls
611866.xls
2015031714240625332[1].xls.000
2015031714240625332.xls
1fba47c883ee304be8bcf3e3a230049b
1.xls
attachment2.xls
1426771769_2015031714240625332-2.xls
711590932daf491da0aa497b350e38d5
decoded.41-BE-90-C5-AB-B3-C1-74-4A-C4-B2-52-43-66-1A-2E.xls
2015031714240625332.xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!