× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6dbc95b9f11dd56f557f7912fe89c71c03b2f22d52b7884a6a290f898f9b8cba
Detection ratio: 11 / 59
Analysis date: 2018-01-16 15:45:43 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Fortinet VBA/Agent.C6A!tr.dldr 20180116
Ikarus Trojan-Downloader.VBA.Agent 20180116
McAfee RDN/Generic Downloader.x 20180116
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180116
Panda O97M/Downloader 20180116
Qihoo-360 virus.office.qexvmc.1090 20180116
Rising Downloader.VBA/Agent!1.AF34 (CLASSIC) 20180116
Symantec Trojan.Mdropper 20180116
TrendMicro X2KM_DLOADR.JT 20180116
TrendMicro-HouseCall X2KM_DLOADR.JT 20180116
Zoner Probably W97Shell 20180116
Ad-Aware 20180116
AegisLab 20180116
AhnLab-V3 20180116
Alibaba 20180116
ALYac 20180116
Antiy-AVL 20180116
Arcabit 20180116
Avast 20180116
Avast-Mobile 20180116
AVG 20180116
Avira (no cloud) 20180116
AVware 20180103
Baidu 20180116
BitDefender 20180116
Bkav 20180116
CAT-QuickHeal 20180116
ClamAV 20180116
CMC 20180116
Comodo 20180116
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180116
Cyren 20180116
DrWeb 20180116
eGambit 20180116
Emsisoft 20180116
Endgame 20171130
ESET-NOD32 20180116
F-Prot 20180116
F-Secure 20180116
GData 20180116
Sophos ML 20170914
Jiangmin 20180116
K7AntiVirus 20180116
K7GW 20180116
Kaspersky 20180116
Kingsoft 20180116
Malwarebytes 20180116
MAX 20180116
McAfee-GW-Edition 20180116
Microsoft 20180116
eScan 20180116
nProtect 20180116
Palo Alto Networks (Known Signatures) 20180116
SentinelOne (Static ML) 20180115
Sophos AV 20180116
SUPERAntiSpyware 20180116
Symantec Mobile Insight 20180116
Tencent 20180116
TheHacker 20180115
Trustlook 20180116
VBA32 20180116
VIPRE 20180116
ViRobot 20180116
Webroot 20180116
WhiteArmor 20180110
Yandex 20180112
Zillya 20180115
ZoneAlarm by Check Point 20180116
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2017-08-11 14:05:58
last_saved
2018-01-16 10:25:15
last_printed
2017-09-05 17:29:21
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
8320
type_literal
stream
sid
16
name
\x01CompObj
size
107
type_literal
stream
sid
15
name
\x05DocumentSummaryInformation
size
224
type_literal
stream
sid
14
name
\x05SummaryInformation
size
188
type_literal
stream
sid
1
name
Workbook
size
68609
type_literal
stream
sid
13
name
_VBA_PROJECT_CUR/PROJECT
size
427
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/PROJECTwm
size
62
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet1
size
977
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisWorkbook
size
5499
type_literal
stream
sid
8
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
2834
type_literal
stream
sid
10
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
1426
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
106
type_literal
stream
sid
5
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
548
type_literal
stream
sid
6
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
481
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/dir
size
524
Macros and VBA code streams
[+] ThisWorkbook.cls _VBA_PROJECT_CUR/VBA/ThisWorkbook 1983 bytes
auto-open obfuscated run-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserType
Microsoft Excel 2003 Worksheet

ModifyDate
2018:01:16 09:25:15

TitleOfParts
Foglio1

SharedDoc
No

FileType
XLS

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
31

HeadingPairs
Worksheets, 1

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2017:08:11 13:05:58

LastPrinted
2017:09:05 16:29:21

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 d4da8e466d244ee4cb02ad8c3afe5487
SHA1 ee86c415ddd561c627deb15f0b12990c15c8d36a
SHA256 6dbc95b9f11dd56f557f7912fe89c71c03b2f22d52b7884a6a290f898f9b8cba
ssdeep
1536:cMI7/xEtjPOtioVjDGUU1qfDlaGGx+cLYIxYDyyh1bfd7a:cMo/xEtjPOtioVjDGUU1qfDlaGGx+cLY

File size 86.5 KB ( 88576 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Last Printed: Mon Sep 04 16:29:21 2017, Create Time/Date: Thu Aug 10 13:05:58 2017, Last Saved Time/Date: Mon Jan 15 09:25:15 2018, Security: 0

TrID Microsoft Excel sheet (50.0%)
Microsoft Excel sheet (alternate) (37.6%)
Generic OLE2 / Multistream Compound File (12.3%)
Tags
obfuscated run-file auto-open macros attachment xls

VirusTotal metadata
First submission 2018-01-16 09:43:13 UTC ( 1 year, 3 months ago )
Last submission 2018-05-09 12:31:28 UTC ( 11 months, 2 weeks ago )
File names gennaio_v.santagata.xls
gennaio_printer.xls
gennaio_nicola.xls
gennaio_mariapia.depompeis.xls
gennaio_stefano.xls
gennaio_maurizio_vir.xls
gennaio_nsammito.xls
gennaio_acquisti.xls
gennaio_carlo.chidini.xls
gennaio_paolo.savona.xls
gennaio_bruscaglia.xls
gennaio_ois.xls
gennaio_logistik.xls
gennaio_administrator.xls
2018-01-18-malspam-attachment-gennaio_sales.xls
gennaio_m.pagliuca.xls
gennaio_mastella.xls
gennaio_giacomo.fontan.xls
gennaio_ensa.xls
gennaio_info.xls
gennaio_ordini.xls
gennaio_amministrazione.xls
gennaio_gustavomarcello.siro.xls
gennaio_manfred134.xls
gennaio_anna.gibello.xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!