× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0
File name: 988271023-PRCL-07.xls
Detection ratio: 6 / 53
Analysis date: 2016-01-22 12:51:34 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160122
ESET-NOD32 VBA/TrojanDownloader.Agent.APL 20160122
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160122
GData Macro.Trojan-Downloader.Agent.KZ 20160122
Sophos AV Troj/DocDl-AVR 20160122
VIPRE LooksLike.Macro.Malware.gen!x1 (v) 20160122
Ad-Aware 20160122
AegisLab 20160122
Yandex 20160121
AhnLab-V3 20160121
Alibaba 20160122
ALYac 20160122
Antiy-AVL 20160122
Avast 20160122
AVG 20160121
Baidu-International 20160122
BitDefender 20160122
Bkav 20160122
ByteHero 20160122
CAT-QuickHeal 20160122
ClamAV 20160122
CMC 20160111
Comodo 20160122
Cyren 20160122
DrWeb 20160122
Emsisoft 20160122
F-Prot 20160122
Fortinet 20160122
Ikarus 20160122
Jiangmin 20160122
K7AntiVirus 20160122
K7GW 20160122
Kaspersky 20160122
Malwarebytes 20160122
McAfee 20160122
McAfee-GW-Edition 20160122
Microsoft 20160122
eScan 20160122
NANO-Antivirus 20160122
nProtect 20160122
Panda 20160121
Qihoo-360 20160122
Rising 20160122
SUPERAntiSpyware 20160122
Symantec 20160121
Tencent 20160122
TheHacker 20160119
TrendMicro 20160122
TrendMicro-HouseCall 20160122
VBA32 20160121
ViRobot 20160122
Zillya 20160121
Zoner 20160122
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-07-30 06:24:02
author
1
last_saved
2016-01-22 09:12:33
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
9472
type_literal
stream
size
102
name
\x01CompObj
sid
22
type_literal
stream
size
236
name
\x05DocumentSummaryInformation
sid
21
type_literal
stream
size
200
name
\x05SummaryInformation
sid
20
type_literal
stream
size
13218
name
Workbook
sid
1
type_literal
stream
size
623
name
_VBA_PROJECT_CUR/PROJECT
sid
19
type_literal
stream
size
131
name
_VBA_PROJECT_CUR/PROJECTwm
sid
18
type_literal
stream
size
13851
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
8
type_literal
stream
size
7210
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
sid
11
type_literal
stream
size
8775
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
1530
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
16
type_literal
stream
size
282
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
17
type_literal
stream
size
114
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
9
type_literal
stream
size
271
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
10
type_literal
stream
size
134
name
_VBA_PROJECT_CUR/VBA/__SRP_4
sid
12
type_literal
stream
size
391
name
_VBA_PROJECT_CUR/VBA/__SRP_5
sid
13
type_literal
stream
size
622
name
_VBA_PROJECT_CUR/VBA/dir
sid
15
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
1317
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 6190 bytes
exe-pattern create-file create-ole download open-file run-file
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 2700 bytes
obfuscated open-file run-file write-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
26

CompObjUserType
???? Microsoft Excel 2003

ModifyDate
2016:01:22 08:12:33

TitleOfParts
1, 2, 3

SharedDoc
No

Author
1

FileType
XLS

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
1

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:07:30 05:24:02

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

Compressed bundles
File identification
MD5 3a7bb0191c58d41abdea173556b45ae3
SHA1 9c0907c814d2ff6d834eb4cb114ad1c9dfc4dc6c
SHA256 886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0
ssdeep
1536:ZYdvxHlcaQPy0iWYOcG4BDhnxDV8ix/7uDphYHceXVhca+fMHLtyeGxclrdgEisO:ZYdvxHlcaAy0iWYOcG4BDhnxDV8ix/7D

File size 58.0 KB ( 59392 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jul 29 05:24:02 2015, Last Saved Time/Date: Thu Jan 21 08:12:33 2016, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file exe-pattern create-file run-file macros attachment download write-file xls create-ole

VirusTotal metadata
First submission 2016-01-22 12:08:36 UTC ( 1 year, 10 months ago )
Last submission 2016-09-26 19:00:22 UTC ( 1 year, 1 month ago )
File names 988271023_prcl.xls
8073a82405f0159156214cdca1fe8aaa
04ead87de94b2d4ee6371bf36b02d2bd
501444928de5c071da0d77e7e747945d
fd78cb52e33f1707095707649c8f6a62
988271023-PRCL.xls
988271023-PRCL2.xls
Malware_MSOLE2_886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0
fdbf311822ba309881003821559f36fe
VIRUS_988271023-PRCL.xlsVVV
ac35a8bb644b8f093bc25d030a7e98c3
215f5c64293f385d9df55ca54053f59b
988271023-prcl.xls
5e5a21678e5c0673b3bcbab97998d37b
1532b9e850685debc64e43ff2dd60830
988271023-PRCL - probabile virus.xls
988271023-PRCL-07.xls
5b6337bb3adb96539ef1b56a91387152
VIRUS_988271023-PRCL.xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!