× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98b1ae63a582fbb998959648c7fdee5be9ce7a4341c4bb474fe7b64997197784
File name: 2.xls
Detection ratio: 2 / 57
Analysis date: 2015-03-19 09:59:59 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150319
VIPRE LooksLike.Macro.Malware.a (v) 20150319
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150318
AhnLab-V3 20150318
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
Avast 20150319
AVG 20150319
Avira (no cloud) 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150318
ByteHero 20150319
CAT-QuickHeal 20150318
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
ESET-NOD32 20150319
F-Prot 20150319
F-Secure 20150319
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150318
K7AntiVirus 20150319
K7GW 20150319
Kaspersky 20150319
Kingsoft 20150319
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
Norman 20150319
nProtect 20150319
Panda 20150318
Qihoo-360 20150319
Rising 20150318
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150318
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150318
ViRobot 20150319
Zillya 20150318
Zoner 20150319
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2015-03-18 19:45:18
author
Microsoft Office
last_saved
2015-03-19 08:06:50
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
company
Microsoft Corporation
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
34560
type_literal
stream
sid
45
name
\x01CompObj
size
102
type_literal
stream
sid
44
name
\x05DocumentSummaryInformation
size
276
type_literal
stream
sid
43
name
\x05SummaryInformation
size
236
type_literal
stream
sid
1
name
Workbook
size
13055
type_literal
stream
sid
42
name
_VBA_PROJECT_CUR/PROJECT
size
911
type_literal
stream
sid
41
name
_VBA_PROJECT_CUR/PROJECTwm
size
236
type_literal
stream
sid
31
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
size
6166
type_literal
stream
sid
28
type
macro
name
_VBA_PROJECT_CUR/VBA/Corob5
size
4570
type_literal
stream
sid
19
type
macro
name
_VBA_PROJECT_CUR/VBA/File55
size
1612
type_literal
stream
sid
22
type
macro
name
_VBA_PROJECT_CUR/VBA/File643
size
3228
type_literal
stream
sid
16
type
macro
name
_VBA_PROJECT_CUR/VBA/Heroro6
size
3479
type_literal
stream
sid
25
type
macro
name
_VBA_PROJECT_CUR/VBA/Loop4
size
3869
type_literal
stream
sid
34
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
6130
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page1
size
1187
type_literal
stream
sid
10
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page2
size
1187
type_literal
stream
sid
13
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page3
size
1187
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisBook
size
1687
type_literal
stream
sid
37
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
5747
type_literal
stream
sid
39
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
5917
type_literal
stream
sid
40
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
928
type_literal
stream
sid
8
name
_VBA_PROJECT_CUR/VBA/__SRP_10
size
408
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/__SRP_11
size
106
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_12
size
408
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/VBA/__SRP_13
size
106
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/VBA/__SRP_14
size
408
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/VBA/__SRP_15
size
106
type_literal
stream
sid
20
name
_VBA_PROJECT_CUR/VBA/__SRP_16
size
126
type_literal
stream
sid
21
name
_VBA_PROJECT_CUR/VBA/__SRP_17
size
106
type_literal
stream
sid
17
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
158
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
530
type_literal
stream
sid
26
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
1307
type_literal
stream
sid
27
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
192
type_literal
stream
sid
29
name
_VBA_PROJECT_CUR/VBA/__SRP_6
size
1397
type_literal
stream
sid
30
name
_VBA_PROJECT_CUR/VBA/__SRP_7
size
284
type_literal
stream
sid
23
name
_VBA_PROJECT_CUR/VBA/__SRP_8
size
373
type_literal
stream
sid
24
name
_VBA_PROJECT_CUR/VBA/__SRP_9
size
172
type_literal
stream
sid
32
name
_VBA_PROJECT_CUR/VBA/__SRP_a
size
2866
type_literal
stream
sid
33
name
_VBA_PROJECT_CUR/VBA/__SRP_b
size
478
type_literal
stream
sid
35
name
_VBA_PROJECT_CUR/VBA/__SRP_c
size
1883
type_literal
stream
sid
36
name
_VBA_PROJECT_CUR/VBA/__SRP_d
size
174
type_literal
stream
sid
5
name
_VBA_PROJECT_CUR/VBA/__SRP_e
size
812
type_literal
stream
sid
6
name
_VBA_PROJECT_CUR/VBA/__SRP_f
size
156
type_literal
stream
sid
38
name
_VBA_PROJECT_CUR/VBA/dir
size
829
Macros and VBA code streams
[+] ThisBook.cls _VBA_PROJECT_CUR/VBA/ThisBook 40 bytes
auto-open
[+] Heroro6.bas _VBA_PROJECT_CUR/VBA/Heroro6 1643 bytes
exe-pattern run-dll
[+] File55.bas _VBA_PROJECT_CUR/VBA/File55 436 bytes
exe-pattern url-pattern
[+] File643.bas _VBA_PROJECT_CUR/VBA/File643 662 bytes
[+] Loop4.bas _VBA_PROJECT_CUR/VBA/Loop4 1273 bytes
handle-file open-file write-file
[+] Corob5.bas _VBA_PROJECT_CUR/VBA/Corob5 1299 bytes
obfuscated
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 1052 bytes
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 1902 bytes
create-ole open-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
Windows

CompObjUserType
???? Microsoft Excel 2003

ModifyDate
2015:03:19 07:06:50

TitleOfParts
Page1, Page2, Page3

SharedDoc
No

Author
Microsoft Office

Company
Microsoft Corporation

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
26

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:03:18 18:45:18

Security
None

CodePage
Windows Cyrillic

FileType
XLS

Software
Microsoft Excel

Compressed bundles
File identification
MD5 ee3dd31abd4fc9af4214df7d385c5c4e
SHA1 6e5c8735d8c20dbb6d407b386c4c474a4a8974ab
SHA256 98b1ae63a582fbb998959648c7fdee5be9ce7a4341c4bb474fe7b64997197784
ssdeep
1536:aYdvxHlcaQPy0iWYOcG4BDhnxDV8ix/7uDphYHceXVhca+fMHLtyeGxclrdg48Oo:aYdvxHlcaAy0iWYOcG4BDhnxDV8ix/72

File size 86.0 KB ( 88064 bytes )
File type MS Excel Spreadsheet
Magic literal
Windows, Version 6.1, Code page: 1251, Author: Microsoft Office, Last Saved By: ������������ Windows, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 17 18:45:18 2015, Last Saved Time/Date: Wed Mar 18 07:06:50 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file auto-open exe-pattern handle-file url-pattern macros run-dll attachment write-file xls create-ole

VirusTotal metadata
First submission 2015-03-19 07:47:46 UTC ( 4 years, 2 months ago )
Last submission 2016-07-21 07:35:29 UTC ( 2 years, 10 months ago )
File names decoded.xls
2015031714240625332.xls
37475.bin
attachment0.xls
VirusShare_ee3dd31abd4fc9af4214df7d385c5c4e
efe02122dab6e5781dcc3a04b15e1a04
cceace95b20fcfc284fa79dc5a614341
decoded.12611866.xls
8caf0f8ba17101a26ac0bbe91327cb2c
18cff2fb3d16e1a236061f69134470dd
2.xls
65538-201503~1.xls
2015031714240625332.xls
a.xls
2015031714240625332.xls
decoded.611866.xls
66238821b9482ed2e27ca2729fc7ae12
37746.bin
1426771769_2015031714240625332-1.xls
2015031714240625332(1).xls
zzz
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!