| SHA256: | 6dbc95b9f11dd56f557f7912fe89c71c03b2f22d52b7884a6a290f898f9b8cba |
| Detection ratio: | 11 / 59 |
| Analysis date: | 2018-01-16 15:45:43 UTC ( 1 year, 3 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Fortinet | VBA/Agent.C6A!tr.dldr | 20180116 |
| Ikarus | Trojan-Downloader.VBA.Agent | 20180116 |
| McAfee | RDN/Generic Downloader.x | 20180116 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20180116 |
| Panda | O97M/Downloader | 20180116 |
| Qihoo-360 | virus.office.qexvmc.1090 | 20180116 |
| Rising | Downloader.VBA/Agent!1.AF34 (CLASSIC) | 20180116 |
| Symantec | Trojan.Mdropper | 20180116 |
| TrendMicro | X2KM_DLOADR.JT | 20180116 |
| TrendMicro-HouseCall | X2KM_DLOADR.JT | 20180116 |
| Zoner | Probably W97Shell | 20180116 |
| Ad-Aware | 20180116 | |
| AegisLab | 20180116 | |
| AhnLab-V3 | 20180116 | |
| Alibaba | 20180116 | |
| ALYac | 20180116 | |
| Antiy-AVL | 20180116 | |
| Arcabit | 20180116 | |
| Avast | 20180116 | |
| Avast-Mobile | 20180116 | |
| AVG | 20180116 | |
| Avira (no cloud) | 20180116 | |
| AVware | 20180103 | |
| Baidu | 20180116 | |
| BitDefender | 20180116 | |
| Bkav | 20180116 | |
| CAT-QuickHeal | 20180116 | |
| ClamAV | 20180116 | |
| CMC | 20180116 | |
| Comodo | 20180116 | |
| CrowdStrike Falcon (ML) | 20171016 | |
| Cybereason | 20171103 | |
| Cylance | 20180116 | |
| Cyren | 20180116 | |
| DrWeb | 20180116 | |
| eGambit | 20180116 | |
| Emsisoft | 20180116 | |
| Endgame | 20171130 | |
| ESET-NOD32 | 20180116 | |
| F-Prot | 20180116 | |
| F-Secure | 20180116 | |
| GData | 20180116 | |
| Sophos ML | 20170914 | |
| Jiangmin | 20180116 | |
| K7AntiVirus | 20180116 | |
| K7GW | 20180116 | |
| Kaspersky | 20180116 | |
| Kingsoft | 20180116 | |
| Malwarebytes | 20180116 | |
| MAX | 20180116 | |
| McAfee-GW-Edition | 20180116 | |
| Microsoft | 20180116 | |
| eScan | 20180116 | |
| nProtect | 20180116 | |
| Palo Alto Networks (Known Signatures) | 20180116 | |
| SentinelOne (Static ML) | 20180115 | |
| Sophos AV | 20180116 | |
| SUPERAntiSpyware | 20180116 | |
| Symantec Mobile Insight | 20180116 | |
| Tencent | 20180116 | |
| TheHacker | 20180115 | |
| Trustlook | 20180116 | |
| VBA32 | 20180116 | |
| VIPRE | 20180116 | |
| ViRobot | 20180116 | |
| Webroot | 20180116 | |
| WhiteArmor | 20180110 | |
| Yandex | 20180112 | |
| Zillya | 20180115 | |
| ZoneAlarm by Check Point | 20180116 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is
opened.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2017-08-11 14:05:58
last_saved
2018-01-16 10:25:15
last_printed
2017-09-05 17:29:21
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
code_page
Cyrillic
OLE Streams
Macros and VBA code streams
ExifTool file metadata
MIMEType
application/vnd.ms-excel
CompObjUserType
Microsoft Excel 2003 Worksheet
ModifyDate
2018:01:16 09:25:15
TitleOfParts
Foglio1
SharedDoc
No
FileType
XLS
AppVersion
14.0
LinksUpToDate
No
ScaleCrop
No
CompObjUserTypeLen
31
HeadingPairs
Worksheets, 1
FileTypeExtension
xls
HyperlinksChanged
No
CreateDate
2017:08:11 13:05:58
LastPrinted
2017:09:05 16:29:21
Security
None
CodePage
Windows Cyrillic
Software
Microsoft Excel
Compressed bundles
File identification
MD5 d4da8e466d244ee4cb02ad8c3afe5487
SHA1 ee86c415ddd561c627deb15f0b12990c15c8d36a
SHA256 6dbc95b9f11dd56f557f7912fe89c71c03b2f22d52b7884a6a290f898f9b8cba
ssdeep
1536:cMI7/xEtjPOtioVjDGUU1qfDlaGGx+cLYIxYDyyh1bfd7a:cMo/xEtjPOtioVjDGUU1qfDlaGGx+cLY
File size
86.5 KB ( 88576 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Last Printed: Mon Sep 04 16:29:21 2017, Create Time/Date: Thu Aug 10 13:05:58 2017, Last Saved Time/Date: Mon Jan 15 09:25:15 2018, Security: 0
| TrID |
Microsoft Excel sheet (50.0%) Microsoft Excel sheet (alternate) (37.6%) Generic OLE2 / Multistream Compound File (12.3%) |
Tags
obfuscated
run-file
auto-open
macros
attachment
xls
VirusTotal metadata
First submission
2018-01-16 09:43:13 UTC ( 1 year, 3 months ago )
Last submission
2018-05-09 12:31:28 UTC ( 11 months, 2 weeks ago )
| File names |
gennaio_v.santagata.xls gennaio_printer.xls gennaio_nicola.xls gennaio_mariapia.depompeis.xls gennaio_stefano.xls gennaio_maurizio_vir.xls gennaio_nsammito.xls gennaio_acquisti.xls gennaio_carlo.chidini.xls gennaio_paolo.savona.xls gennaio_bruscaglia.xls gennaio_ois.xls gennaio_logistik.xls gennaio_administrator.xls 2018-01-18-malspam-attachment-gennaio_sales.xls gennaio_m.pagliuca.xls gennaio_mastella.xls gennaio_giacomo.fontan.xls gennaio_ensa.xls gennaio_info.xls gennaio_ordini.xls gennaio_amministrazione.xls gennaio_gustavomarcello.siro.xls gennaio_manfred134.xls gennaio_anna.gibello.xls |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!