× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54a00046f9841e947c3a146c240923563408f70bb5958dd091eeaddf3adf1635
File name: IN629087.xls
Detection ratio: 43 / 58
Analysis date: 2017-08-10 01:55:07 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.ALI 20170810
AegisLab Troj.Downloader.Msword!c 20170810
AhnLab-V3 X97M/Downloader 20170810
ALYac Trojan.Downloader.DOC.gen 20170810
Antiy-AVL Trojan[Downloader]/MSWord.Agent.xw 20170810
Arcabit HEUR.VBA.Trojan.d 20170810
Avast VBA:Downloader-AFV [Trj] 20170810
AVG VBA:Downloader-AFV [Trj] 20170810
Avira (no cloud) X2000M/Dldr.Locker.pd 20170809
AVware Trojan-Downloader.W97M.Adnel.b (v) 20170810
Baidu VBA.Trojan-Downloader.Agent.ru 20170809
BitDefender W97M.Downloader.ALI 20170810
CAT-QuickHeal X97M.Dropper.QM 20170809
ClamAV Xls.Dropper.Agent-1822877 20170810
Comodo TrojWare.Win32.TrojanDownloader.Inject.MSE~ 20170810
Cyren X97M/Downloader.CD 20170810
DrWeb W97M.DownLoader.788 20170810
Emsisoft W97M.Downloader.ALI (B) 20170810
ESET-NOD32 VBA/TrojanDownloader.Agent.AMP 20170810
F-Prot X97M/Downloader.CD 20170810
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170810
Fortinet X97M/TrojanDownloader.586D!tr 20170810
GData Macro.Trojan-Downloader.Agent.KZ 20170810
Ikarus Trojan-Downloader.VBA.Agent 20170809
Jiangmin Trojan-Downloader/MSWord.Agent.xw 20170810
Kaspersky Trojan-Downloader.MSWord.Agent.xx 20170810
MAX malware (ai score=84) 20170810
McAfee W97M/Downloader.atg 20170810
McAfee-GW-Edition W97M/Downloader.atg 20170809
Microsoft TrojanDownloader:O97M/Adnel 20170810
eScan W97M.Downloader.ALI 20170809
NANO-Antivirus Trojan.Script.MLW.dzkitc 20170810
nProtect Trojan-Downloader/X97M.Dollars 20170810
Panda O97M/Downloader 20170809
Qihoo-360 virus.office.obfuscated.1 20170810
Rising Macro.Agent.z (classic) 20170810
Sophos AV Troj/DocDl-ANF 20170810
Symantec W97M.Downloader 20170810
Tencent Word.Trojan-downloader.Agent.Aljj 20170810
TrendMicro-HouseCall X2KM_DRIDEX.YYSPX 20170810
VIPRE Trojan-Downloader.W97M.Adnel.b (v) 20170810
ViRobot X97M.S.Downloader.82432.B 20170809
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.xx 20170810
Alibaba 20170810
Bkav 20170809
CMC 20170809
CrowdStrike Falcon (ML) 20170804
Cylance 20170810
Endgame 20170721
Sophos ML 20170607
K7AntiVirus 20170809
K7GW 20170809
Kingsoft 20170810
Malwarebytes 20170810
Palo Alto Networks (Known Signatures) 20170810
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170810
Symantec Mobile Insight 20170810
TheHacker 20170807
TotalDefense 20170809
Trustlook 20170810
VBA32 20170809
Webroot 20170810
WhiteArmor 20170731
Yandex 20170807
Zillya 20170809
Zoner 20170810
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
MXP
creation_datetime
2015-12-16 09:39:56
author
MXP
last_saved
2015-12-16 10:21:36
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
company
Microsoft Corporation
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
17344
type_literal
stream
size
104
name
\x01CompObj
sid
19
type_literal
stream
size
276
name
\x05DocumentSummaryInformation
sid
18
type_literal
stream
size
200
name
\x05SummaryInformation
sid
17
type_literal
stream
size
2706
name
Workbook
sid
1
type_literal
stream
size
564
name
_VBA_PROJECT_CUR/PROJECT
sid
16
type_literal
stream
size
107
name
_VBA_PROJECT_CUR/PROJECTwm
sid
15
type_literal
stream
size
50826
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
8
type_literal
stream
size
7860
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
2796
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
13
type_literal
stream
size
1128
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
14
type_literal
stream
size
632
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
9
type_literal
stream
size
3584
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
10
type_literal
stream
size
598
name
_VBA_PROJECT_CUR/VBA/dir
sid
12
type_literal
stream
size
984
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
984
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
984
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
1263
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 25679 bytes
exe-pattern create-file create-ole download obfuscated open-file run-file write-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

Company
Microsoft Corporation

ModifyDate
2015:12:16 09:21:36

TitleOfParts
1, 2, 3

SharedDoc
No

Author
MXP

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
MXP

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:12:16 08:39:56

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 7bcf4a947a74866debbcdeae068541fe
SHA1 bdfd0b235e2a07d59a1adad416eeb72620e0985e
SHA256 54a00046f9841e947c3a146c240923563408f70bb5958dd091eeaddf3adf1635
ssdeep
768:OEC+72PSKPzEYB/WdkhPb1AR14gDzvzR7+ZYClANcb7SAIGgTB8CtIQ+Ts0mngw:lBKYMPJAR14g/zR7SC47SSyaR4lnV

File size 80.5 KB ( 82432 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: MXP, Last Saved By: MXP, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Dec 15 08:39:56 2015, Last Saved Time/Date: Tue Dec 15 09:21:36 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file exe-pattern create-file run-file macros attachment download write-file xls create-ole

VirusTotal metadata
First submission 2015-12-16 12:22:22 UTC ( 1 year, 8 months ago )
Last submission 2016-11-10 12:07:55 UTC ( 9 months, 1 week ago )
File names IN12904747.xls
IN87685.xls
IN45516917.xls
IN31469.xls
IN583598.xls
IN27185.xls
IN534500.xls
IN723107.xls
IN1137719.xls
dfe548bef0a60e3a14671135a2b080c8
IN596621.xls
IN20579724.xls
IN9503810.xls
IN64657.xls.virus
IN56042.xls
IN06492913.xls
IN28634.xls
IN05449.xls
IN629087.xls
IN48077718.xls
IN56037943.xls
IN5930433.xls
IN23014056.xls
IN0736615 - AP.xls
IN41684.xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!