× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c51b60afd53c78a31d96673a9ff33bf6d4eec17c774e8cf1dde2018b90b425a
File name: VirusShare_013c90d7a07e365e82fd8ed0103efbe9
Detection ratio: 44 / 58
Analysis date: 2017-07-21 15:23:22 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Downloader.JRHR 20170721
AegisLab Troj.Dropper.MSExcel.Agent.cf!c 20170721
AhnLab-V3 X97M/Downloader 20170721
ALYac Trojan.Downloader.JRHR 20170721
Arcabit HEUR.VBA.Trojan.d 20170721
Avast MO97:Downloader-HW [Trj] 20170721
AVG MO97:Downloader-HW [Trj] 20170721
Avira (no cloud) WM/Dotty.23040 20170721
AVware LooksLike.Macro.Malware.f (v) 20170721
Baidu VBA.Trojan-Downloader.Agent.ch 20170721
BitDefender Trojan.Downloader.JRHR 20170721
CAT-QuickHeal X97M.Dropper.AY 20170721
ClamAV Doc.Dropper.Agent-1427566 20170721
Cyren X97M/DridLdr.F 20170721
DrWeb X97M.DownLoader.9 20170721
Emsisoft Trojan.Downloader.JRHR (B) 20170721
ESET-NOD32 VBA/TrojanDownloader.Agent.FC 20170721
F-Prot X97M/DridLdr.F 20170721
F-Secure Trojan.Downloader.JRHR 20170721
Fortinet XM/Agent.CF!tr 20170721
GData Trojan.Downloader.JRHR 20170721
Ikarus Trojan-Downloader.VBA.Agent 20170721
Jiangmin Trojan-Dropper/MSExcel.Agent.cf 20170721
K7AntiVirus Trojan ( 0001140e1 ) 20170721
K7GW Trojan ( 0001140e1 ) 20170721
Kaspersky Trojan-Dropper.MSExcel.Agent.cf 20170721
MAX malware (ai score=81) 20170721
McAfee W97M/Downloader.abj 20170721
McAfee-GW-Edition W97M/Downloader.abj 20170721
Microsoft TrojanDownloader:W97M/Adnel.B 20170721
eScan Trojan.Downloader.JRHR 20170721
NANO-Antivirus Trojan.Script.Agent.dntiyy 20170721
Panda W97/Downloader.WML 20170721
Qihoo-360 virus.office.qexvmc.1100 20170721
Sophos AV Troj/DocDl-DE 20170721
Symantec W97M.Downloader 20170721
Tencent Excel.Trojan-dropper.Agent.Bnw 20170721
TotalDefense Tnega.XAXL!suspicious 20170721
TrendMicro X97M_DLOADR.J 20170721
TrendMicro-HouseCall X97M_DLOADR.J 20170721
VIPRE LooksLike.Macro.Malware.f (v) 20170721
ViRobot W97M.S.Downloader.23040 20170721
Yandex Trojan.MacroDown.Gen.TN 20170721
ZoneAlarm by Check Point Trojan-Dropper.MSExcel.Agent.cf 20170721
Alibaba 20170721
Antiy-AVL 20170721
Bkav 20170721
CMC 20170721
Comodo 20170721
CrowdStrike Falcon (ML) 20170710
Cylance 20170721
Endgame 20170713
Sophos ML 20170607
Kingsoft 20170721
Malwarebytes 20170721
nProtect 20170721
Palo Alto Networks (Known Signatures) 20170721
Rising 20170721
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170721
Symantec Mobile Insight 20170720
TheHacker 20170719
Trustlook 20170721
VBA32 20170721
Webroot 20170721
WhiteArmor 20170721
Zillya 20170721
Zoner 20170721
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2014-12-08 21:49:08
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
10688
type_literal
stream
size
104
name
\x01CompObj
sid
14
type_literal
stream
size
256
name
\x05DocumentSummaryInformation
sid
13
type_literal
stream
size
220
name
\x05SummaryInformation
sid
12
type_literal
stream
size
7876
name
Workbook
sid
1
type_literal
stream
size
583
name
_VBA_PROJECT_CUR/PROJECT
sid
11
type_literal
stream
size
83
name
_VBA_PROJECT_CUR/PROJECTwm
sid
10
type_literal
stream
size
2816
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
8
type_literal
stream
size
542
name
_VBA_PROJECT_CUR/VBA/dir
sid
9
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
2760
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2014:12:08 20:49:08

TitleOfParts
1, 2, Excel

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
1

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 013c90d7a07e365e82fd8ed0103efbe9
SHA1 cf103af76d477d41d25b549c3a17569382631171
SHA256 2c51b60afd53c78a31d96673a9ff33bf6d4eec17c774e8cf1dde2018b90b425a
ssdeep
192:gx5Hh439gyLPUVWYqJo+kIy1PfT468H/y/VDCnnQn1bcYDHBjFNjZDa6X:I7WYqJofIypL46QaNGnQn1oYDHBp

File size 22.5 KB ( 23040 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Sun Dec 07 20:49:08 2014, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
xls attachment

VirusTotal metadata
First submission 2014-12-23 09:59:45 UTC ( 2 years, 8 months ago )
Last submission 2017-07-21 15:23:22 UTC ( 1 month ago )
File names d5a1b26bc8905f9f85be6ad4f4a8c6d2
47823fb13d6184d4f6d525c1bc400637
ee82943e81c2e6a275545a856f6b1c46
PZDF16.xls
FCAO26.xls
suspect.xls
WWCN68.xls
ULAQ29.xls
2c51b60afd53c78a31d96673a9ff33bf6d4eec17c774e8cf1dde2018b90b425a.bin
DZAP77.xls
JOWZ58.xls
9ecaf0b4d8c29adc47e2f89d43438c04
BNSK17.xls
013c90d7a07e365e82fd8ed0103efbe9.malware
013c90d7a07e365e82fd8ed0103efbe9.xls
ad97af986dff9cea7a72e2aa142acdd1
SODO31.xls
NKPA35.xls
TKXP27.xls
contents
LJRP77.xls
SVOJ19.xls
DOOH79.xls
RNBJ81.xls
a6d7ac1a078ad391f165546fead2373a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!