× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acf8997bd263dc4a094cf2e80957843363372e34c5233d899e8b16c4504ed2db
File name: 89WDZ.xls
Detection ratio: 2 / 57
Analysis date: 2015-03-11 11:30:34 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150311
VIPRE LooksLike.Macro.Malware.a (v) 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150310
AhnLab-V3 20150310
Alibaba 20150311
ALYac 20150311
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
Baidu-International 20150311
BitDefender 20150311
Bkav 20150310
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
Norman 20150311
nProtect 20150310
Panda 20150311
Qihoo-360 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Interacts with the Windows Registry.
Seems to contain code to deceive researchers and automatic analysis systems.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2015-03-08 14:40:44
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
38720
type_literal
stream
sid
50
name
\x01CompObj
size
104
type_literal
stream
sid
49
name
\x05DocumentSummaryInformation
size
256
type_literal
stream
sid
48
name
\x05SummaryInformation
size
220
type_literal
stream
sid
1
name
Workbook
size
4372
type_literal
stream
sid
47
name
_VBA_PROJECT_CUR/PROJECT
size
1275
type_literal
stream
sid
46
name
_VBA_PROJECT_CUR/PROJECTwm
size
503
type_literal
stream
sid
8
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
size
2595
type_literal
stream
sid
9
type
macro
name
_VBA_PROJECT_CUR/VBA/Class2
size
12358
type_literal
stream
sid
10
type
macro
name
_VBA_PROJECT_CUR/VBA/Class3
size
4026
type_literal
stream
sid
11
type
macro
name
_VBA_PROJECT_CUR/VBA/Class4
size
1449
type_literal
stream
sid
12
type
macro
name
_VBA_PROJECT_CUR/VBA/Class5
size
1488
type_literal
stream
sid
17
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
5780
type_literal
stream
sid
20
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
size
9136
type_literal
stream
sid
23
type
macro
name
_VBA_PROJECT_CUR/VBA/Module3
size
3472
type_literal
stream
sid
24
type
macro
name
_VBA_PROJECT_CUR/VBA/Module4
size
1011
type_literal
stream
sid
25
type
macro
name
_VBA_PROJECT_CUR/VBA/Module5
size
1005
type_literal
stream
sid
26
type
macro
name
_VBA_PROJECT_CUR/VBA/Module6
size
6206
type_literal
stream
sid
29
type
macro
name
_VBA_PROJECT_CUR/VBA/Module8
size
11739
type_literal
stream
sid
32
type
macro
name
_VBA_PROJECT_CUR/VBA/Module9
size
4580
type_literal
stream
sid
42
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
13198
type_literal
stream
sid
44
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
4489
type_literal
stream
sid
45
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
641
type_literal
stream
sid
40
name
_VBA_PROJECT_CUR/VBA/__SRP_10
size
84
type_literal
stream
sid
41
name
_VBA_PROJECT_CUR/VBA/__SRP_11
size
121
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
96
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
324
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
134
type_literal
stream
sid
19
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
288
type_literal
stream
sid
21
name
_VBA_PROJECT_CUR/VBA/__SRP_6
size
154
type_literal
stream
sid
22
name
_VBA_PROJECT_CUR/VBA/__SRP_7
size
362
type_literal
stream
sid
27
name
_VBA_PROJECT_CUR/VBA/__SRP_8
size
134
type_literal
stream
sid
28
name
_VBA_PROJECT_CUR/VBA/__SRP_9
size
288
type_literal
stream
sid
30
name
_VBA_PROJECT_CUR/VBA/__SRP_a
size
164
type_literal
stream
sid
31
name
_VBA_PROJECT_CUR/VBA/__SRP_b
size
399
type_literal
stream
sid
34
name
_VBA_PROJECT_CUR/VBA/__SRP_c
size
98
type_literal
stream
sid
35
name
_VBA_PROJECT_CUR/VBA/__SRP_d
size
267
type_literal
stream
sid
37
name
_VBA_PROJECT_CUR/VBA/__SRP_e
size
88
type_literal
stream
sid
38
name
_VBA_PROJECT_CUR/VBA/__SRP_f
size
158
type_literal
stream
sid
13
type
macro
name
_VBA_PROJECT_CUR/VBA/dfsdf
size
3122
type_literal
stream
sid
43
name
_VBA_PROJECT_CUR/VBA/dir
size
1099
type_literal
stream
sid
16
type
macro
name
_VBA_PROJECT_CUR/VBA/load
size
2079
type_literal
stream
sid
33
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfdsf
size
3290
type_literal
stream
sid
36
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdf
size
1943
type_literal
stream
sid
39
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdffff
size
5770
type_literal
stream
sid
5
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
size
976
type_literal
stream
sid
6
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
size
976
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
size
976
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
size
1786
Macros and VBA code streams
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 616 bytes
[+] Class2.cls _VBA_PROJECT_CUR/VBA/Class2 5376 bytes
[+] Class3.cls _VBA_PROJECT_CUR/VBA/Class3 1352 bytes
[+] Class4.cls _VBA_PROJECT_CUR/VBA/Class4 176 bytes
[+] Class5.cls _VBA_PROJECT_CUR/VBA/Class5 185 bytes
[+] dfsdf.bas _VBA_PROJECT_CUR/VBA/dfsdf 1214 bytes
anti-analysis registry run-dll
[+] load.bas _VBA_PROJECT_CUR/VBA/load 676 bytes
run-file
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 2271 bytes
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 3945 bytes
[+] Module3.bas _VBA_PROJECT_CUR/VBA/Module3 1253 bytes
[+] Module4.bas _VBA_PROJECT_CUR/VBA/Module4 116 bytes
[+] Module5.bas _VBA_PROJECT_CUR/VBA/Module5 106 bytes
[+] Module6.bas _VBA_PROJECT_CUR/VBA/Module6 2545 bytes
[+] Module8.bas _VBA_PROJECT_CUR/VBA/Module8 5215 bytes
[+] Module9.bas _VBA_PROJECT_CUR/VBA/Module9 1753 bytes
[+] sdfdsf.bas _VBA_PROJECT_CUR/VBA/sdfdsf 1677 bytes
exe-pattern anti-analysis create-ole enum-windows environ obfuscated run-dll run-file
[+] sdfsdfsdf.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdf 705 bytes
exe-pattern anti-analysis run-dll
[+] sdfsdfsdffff.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdffff 2485 bytes
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:03:08 13:40:44

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
1

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

Compressed bundles
File identification
MD5 77f3949c2130b268bb18061bcb483d16
SHA1 0cfa3176dabc688f894b59fa56e000b0bb2b8099
SHA256 acf8997bd263dc4a094cf2e80957843363372e34c5233d899e8b16c4504ed2db
ssdeep
768:8+Lb3wys3hWo2DaL51AujHQWXVxfbHOxdPpgGiHbJzO2mLVcBavwM3pwSmgU+dbL:dJrp2fjHQpmd03vJpTjHIUgf4Ivl6

File size 126.5 KB ( 129536 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Sat Mar 07 13:40:44 2015, Security: 0

TrID Microsoft Excel sheet (80.2%)
Generic OLE2 / Multistream Compound File (19.7%)
Tags
obfuscated run-file enum-windows exe-pattern macros run-dll environ registry xls anti-analysis create-ole

VirusTotal metadata
First submission 2015-03-11 09:23:21 UTC ( 4 years, 2 months ago )
Last submission 2017-11-14 08:43:49 UTC ( 1 year, 6 months ago )
File names myvtfile.exe
4770OAR.xls
c70133eb70fe35e4362d285455c8e55b
1d7b4dcd9b5e97b8090c4af9c231a90e
f9f87903002478b84c86768a3603a65a
7271EWS.xls
9246WNU.xls
3c2efb3ca09e5fb129671e5671696521
efaea7b66029476719fb51ef2a76f30c
c4f81e1e87551ce58626403b2d290fcb
7d3b983fc5b59705a242eb9173ce04d9
Rem_1873HI.xml
3570HPJ.xml
fa0f702bb1813d133f268625ead1be22
VIRUS.xls
Rem_1040RT.xml
93f242ba049d31cb7ee881f77a82760b
Rem_3489XC.xml
colasoft-913-X97M_TrojanDownloader.Agent.NEVtrojan.xls
89WDZ.xls
16a310972f46bc8ffdfd4318a3ca2c74
4200MRO.XLS
77f3949c2130b268bb18061bcb483d16_Rem_1873HI.xml
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!