× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 106e168db790aa3178f6d32405e0344b027706e81d3d286dfc175ce709601259
File name: LSDB.xls
Detection ratio: 2 / 57
Analysis date: 2015-03-11 11:44:17 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150311
VIPRE LooksLike.Macro.Malware.a (v) 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150310
AhnLab-V3 20150310
Alibaba 20150311
ALYac 20150312
Antiy-AVL 20150311
Avast 20150311
AVG 20150312
Avira (no cloud) 20150311
Baidu-International 20150311
BitDefender 20150311
Bkav 20150311
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
Norman 20150311
nProtect 20150310
Panda 20150311
Qihoo-360 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150312
TrendMicro-HouseCall 20150312
VBA32 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Interacts with the Windows Registry.
Seems to contain code to deceive researchers and automatic analysis systems.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2015-03-08 14:42:44
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
38656
type_literal
stream
size
104
name
\x01CompObj
sid
50
type_literal
stream
size
256
name
\x05DocumentSummaryInformation
sid
49
type_literal
stream
size
220
name
\x05SummaryInformation
sid
48
type_literal
stream
size
4372
name
Workbook
sid
1
type_literal
stream
size
1280
name
_VBA_PROJECT_CUR/PROJECT
sid
47
type_literal
stream
size
503
name
_VBA_PROJECT_CUR/PROJECTwm
sid
46
type_literal
stream
size
2595
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
sid
8
type_literal
stream
size
12358
type
macro
name
_VBA_PROJECT_CUR/VBA/Class2
sid
9
type_literal
stream
size
4026
type
macro
name
_VBA_PROJECT_CUR/VBA/Class3
sid
10
type_literal
stream
size
1449
type
macro
name
_VBA_PROJECT_CUR/VBA/Class4
sid
11
type_literal
stream
size
1488
type
macro
name
_VBA_PROJECT_CUR/VBA/Class5
sid
12
type_literal
stream
size
5780
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
17
type_literal
stream
size
9136
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
sid
20
type_literal
stream
size
3472
type
macro
name
_VBA_PROJECT_CUR/VBA/Module3
sid
23
type_literal
stream
size
1011
type
macro
name
_VBA_PROJECT_CUR/VBA/Module4
sid
24
type_literal
stream
size
1005
type
macro
name
_VBA_PROJECT_CUR/VBA/Module5
sid
25
type_literal
stream
size
6206
type
macro
name
_VBA_PROJECT_CUR/VBA/Module6
sid
26
type_literal
stream
size
11739
type
macro
name
_VBA_PROJECT_CUR/VBA/Module8
sid
29
type_literal
stream
size
4580
type
macro
name
_VBA_PROJECT_CUR/VBA/Module9
sid
32
type_literal
stream
size
13143
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
42
type_literal
stream
size
4458
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
44
type_literal
stream
size
641
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
45
type_literal
stream
size
84
name
_VBA_PROJECT_CUR/VBA/__SRP_10
sid
40
type_literal
stream
size
121
name
_VBA_PROJECT_CUR/VBA/__SRP_11
sid
41
type_literal
stream
size
96
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
14
type_literal
stream
size
324
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
15
type_literal
stream
size
134
name
_VBA_PROJECT_CUR/VBA/__SRP_4
sid
18
type_literal
stream
size
288
name
_VBA_PROJECT_CUR/VBA/__SRP_5
sid
19
type_literal
stream
size
154
name
_VBA_PROJECT_CUR/VBA/__SRP_6
sid
21
type_literal
stream
size
362
name
_VBA_PROJECT_CUR/VBA/__SRP_7
sid
22
type_literal
stream
size
134
name
_VBA_PROJECT_CUR/VBA/__SRP_8
sid
27
type_literal
stream
size
288
name
_VBA_PROJECT_CUR/VBA/__SRP_9
sid
28
type_literal
stream
size
164
name
_VBA_PROJECT_CUR/VBA/__SRP_a
sid
30
type_literal
stream
size
399
name
_VBA_PROJECT_CUR/VBA/__SRP_b
sid
31
type_literal
stream
size
98
name
_VBA_PROJECT_CUR/VBA/__SRP_c
sid
34
type_literal
stream
size
267
name
_VBA_PROJECT_CUR/VBA/__SRP_d
sid
35
type_literal
stream
size
88
name
_VBA_PROJECT_CUR/VBA/__SRP_e
sid
37
type_literal
stream
size
158
name
_VBA_PROJECT_CUR/VBA/__SRP_f
sid
38
type_literal
stream
size
3122
type
macro
name
_VBA_PROJECT_CUR/VBA/dfsdf
sid
13
type_literal
stream
size
1099
name
_VBA_PROJECT_CUR/VBA/dir
sid
43
type_literal
stream
size
2068
type
macro
name
_VBA_PROJECT_CUR/VBA/load
sid
16
type_literal
stream
size
3290
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfdsf
sid
33
type_literal
stream
size
1943
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdf
sid
36
type_literal
stream
size
5770
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdffff
sid
39
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
1722
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 616 bytes
[+] Class2.cls _VBA_PROJECT_CUR/VBA/Class2 5376 bytes
[+] Class3.cls _VBA_PROJECT_CUR/VBA/Class3 1352 bytes
[+] Class4.cls _VBA_PROJECT_CUR/VBA/Class4 176 bytes
[+] Class5.cls _VBA_PROJECT_CUR/VBA/Class5 185 bytes
[+] dfsdf.bas _VBA_PROJECT_CUR/VBA/dfsdf 1214 bytes
anti-analysis registry run-dll
[+] load.bas _VBA_PROJECT_CUR/VBA/load 676 bytes
run-file
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 2271 bytes
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 3945 bytes
[+] Module3.bas _VBA_PROJECT_CUR/VBA/Module3 1253 bytes
[+] Module4.bas _VBA_PROJECT_CUR/VBA/Module4 116 bytes
[+] Module5.bas _VBA_PROJECT_CUR/VBA/Module5 106 bytes
[+] Module6.bas _VBA_PROJECT_CUR/VBA/Module6 2545 bytes
[+] Module8.bas _VBA_PROJECT_CUR/VBA/Module8 5215 bytes
[+] Module9.bas _VBA_PROJECT_CUR/VBA/Module9 1753 bytes
[+] sdfdsf.bas _VBA_PROJECT_CUR/VBA/sdfdsf 1677 bytes
exe-pattern anti-analysis create-ole enum-windows environ obfuscated run-dll run-file
[+] sdfsdfsdf.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdf 705 bytes
exe-pattern anti-analysis run-dll
[+] sdfsdfsdffff.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdffff 2485 bytes
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:03:08 13:42:44

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
1

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 7ccc506f4ac81b9df0f6edebea53fdf2
SHA1 d482dc5b94dee7dc4c4dd17ec0ca327ec04e5295
SHA256 106e168db790aa3178f6d32405e0344b027706e81d3d286dfc175ce709601259
ssdeep
1536:hagqrKZvyaQE0fXZ1vn54BTO7UDf4igAd:e96CXXvn54lO7U

File size 126.5 KB ( 129536 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Sat Mar 07 13:42:44 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated run-file enum-windows exe-pattern macros run-dll environ registry xls anti-analysis create-ole

VirusTotal metadata
First submission 2015-03-11 09:26:42 UTC ( 2 years, 8 months ago )
Last submission 2016-11-09 21:55:52 UTC ( 1 year ago )
File names c401c1ac9dc527eac0cf1e100fa8fefc
Rem_2362IE.xml
c1be8e640ea56bf6449941dd37104dcf
ff9b541d77c2a52d2c3cc3b5b871130b
FEOQ.xls
2f27a6d13f3d63e63e55b7c4e3bf59ac
72FJNF.xls
fc1e2df8677eba3ca1834d881f94b9e9
1723AQZG.xls
168JDSO.xls
Rem_3531SX.xml
Rem_2498AG.xml
LSDB.xls
834WYLI.xml
19TWSU.xls
834WYLI.xml_
b49d24ba1f39c784dc3af4cbd4b2a5b2
770JCM.xml
Rem_1969OI.xml
482e76254d6e4cb989f93bdc09ac6ab7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!