× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a901c12b6733909b6fd69a6865c5746d3ea8ec07ac24450815b5247edfb2aa71
File name: Invoice-83230.xls
Detection ratio: 0 / 57
Analysis date: 2015-04-14 08:09:58 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20150414
AegisLab 20150414
Yandex 20150413
AhnLab-V3 20150414
Alibaba 20150414
ALYac 20150414
Antiy-AVL 20150414
Avast 20150414
AVG 20150414
Avira (no cloud) 20150414
AVware 20150414
Baidu-International 20150414
BitDefender 20150414
Bkav 20150413
ByteHero 20150414
CAT-QuickHeal 20150414
ClamAV 20150414
CMC 20150413
Comodo 20150414
Cyren 20150414
DrWeb 20150414
Emsisoft 20150414
ESET-NOD32 20150413
F-Prot 20150414
F-Secure 20150414
Fortinet 20150414
GData 20150414
Ikarus 20150414
Jiangmin 20150413
K7AntiVirus 20150414
K7GW 20150414
Kaspersky 20150414
Kingsoft 20150414
Malwarebytes 20150414
McAfee 20150414
McAfee-GW-Edition 20150413
Microsoft 20150414
eScan 20150414
NANO-Antivirus 20150414
Norman 20150414
nProtect 20150413
Panda 20150413
Qihoo-360 20150414
Rising 20150413
Sophos 20150414
SUPERAntiSpyware 20150414
Symantec 20150414
Tencent 20150414
TheHacker 20150414
TotalDefense 20150413
TrendMicro 20150414
TrendMicro-HouseCall 20150414
VBA32 20150412
VIPRE 20150414
ViRobot 20150414
Zillya 20150413
Zoner 20150413
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
last_author
GN
creation_datetime
2015-04-14 05:51:17
author
GN
last_saved
2015-04-14 06:40:10
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
company
GOSNIIPP
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
26240
type_literal
stream
sid
33
name
\x01CompObj
size
104
type_literal
stream
sid
32
name
\x05DocumentSummaryInformation
size
264
type_literal
stream
sid
31
name
\x05SummaryInformation
size
200
type_literal
stream
sid
1
name
Workbook
size
2744
type_literal
stream
sid
30
name
_VBA_PROJECT_CUR/PROJECT
size
802
type_literal
stream
sid
29
name
_VBA_PROJECT_CUR/PROJECTwm
size
203
type_literal
stream
sid
10
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
12453
type_literal
stream
sid
13
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
size
4562
type_literal
stream
sid
16
type
macro
name
_VBA_PROJECT_CUR/VBA/Module3
size
3170
type_literal
stream
sid
19
type
macro
name
_VBA_PROJECT_CUR/VBA/Module4
size
1809
type_literal
stream
sid
22
type
macro
name
_VBA_PROJECT_CUR/VBA/Module5
size
6373
type_literal
stream
sid
25
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
5135
type_literal
stream
sid
27
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
3354
type_literal
stream
sid
28
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
625
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
1606
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
791
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
536
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
240
type_literal
stream
sid
17
name
_VBA_PROJECT_CUR/VBA/__SRP_6
size
560
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_7
size
103
type_literal
stream
sid
20
name
_VBA_PROJECT_CUR/VBA/__SRP_8
size
260
type_literal
stream
sid
21
name
_VBA_PROJECT_CUR/VBA/__SRP_9
size
103
type_literal
stream
sid
23
name
_VBA_PROJECT_CUR/VBA/__SRP_a
size
804
type_literal
stream
sid
24
name
_VBA_PROJECT_CUR/VBA/__SRP_b
size
296
type_literal
stream
sid
5
name
_VBA_PROJECT_CUR/VBA/__SRP_c
size
508
type_literal
stream
sid
6
name
_VBA_PROJECT_CUR/VBA/__SRP_d
size
149
type_literal
stream
sid
26
name
_VBA_PROJECT_CUR/VBA/dir
size
691
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
size
1104
type_literal
stream
sid
8
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
size
1104
type_literal
stream
sid
9
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
size
1104
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
size
2099
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 4245 bytes
exe-pattern handle-file obfuscated open-file run-dll write-file
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 735 bytes
[+] Module3.bas _VBA_PROJECT_CUR/VBA/Module3 439 bytes
create-ole open-file
[+] Module4.bas _VBA_PROJECT_CUR/VBA/Module4 139 bytes
create-ole
[+] Module5.bas _VBA_PROJECT_CUR/VBA/Module5 885 bytes
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
GN

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:04:14 05:40:10

TitleOfParts
1, 2, 3

SharedDoc
No

Author
GN

Company
GOSNIIPP

CodePage
Windows Cyrillic

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
28

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:04:14 04:51:17

Security
None

FileType
XLS

Software
Microsoft Excel

File identification
MD5 1e010195d2e5f6096095078482624995
SHA1 67e14f7aee9a7aca5a0edca773de0d1fd3bcab8e
SHA256 a901c12b6733909b6fd69a6865c5746d3ea8ec07ac24450815b5247edfb2aa71
ssdeep
768:jlz+8vn7Uzzi6plefbn68soObjEhtItWS:M8vYzxQD8TohtgZ

File size 62.5 KB ( 64000 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: GN, Last Saved By: GN, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Apr 13 04:51:17 2015, Last Saved Time/Date: Mon Apr 13 05:40:10 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file exe-pattern handle-file macros run-dll attachment write-file xls create-ole

VirusTotal metadata
First submission 2015-04-14 07:28:06 UTC ( 2 years, 1 month ago )
Last submission 2017-01-10 08:26:37 UTC ( 4 months, 1 week ago )
File names Invoice-79199.xls
67e14f7aee9a7aca5a0edca773de0d1fd3bcab8e.xls
fd5eecc58a1199448e7cc432798d5381
Invoice-50030.xls
Invoice-74945.xls
1e010195d2e5f6096095078482624995.xls
Invoice-63428.xls
Invoice-13132.xls
Invoice-44124.xls
Invoice-34956.xls
Invoice-79806.xls
Invoice-83230.xls
Invoice-38661.xls
Invoice-00832.xls
c1d3326a515a54b648f6bc570cfca017
Invoice-63655.xls
61b2cbf731efc2f8478a8f6df51f7529
ff282adad4d8516a9caec2dc33d8ef61
Invoice-85930.xls
1d800424c2e9a3e0bbdfce0e5e2911b6
d6d7b2c3609c9094b842de1ff8018bb4
Invoice-51669.xls
Invoice-36919.xls
6b45dfdfef1320bb5b38f02a8cd7f20e
Invoice-52934.xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!