× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acf8997bd263dc4a094cf2e80957843363372e34c5233d899e8b16c4504ed2db
File name: 89WDZ.xls
Detection ratio: 2 / 57
Analysis date: 2015-03-11 11:30:34 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150311
VIPRE LooksLike.Macro.Malware.a (v) 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150310
AhnLab-V3 20150310
Alibaba 20150311
ALYac 20150311
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
Baidu-International 20150311
BitDefender 20150311
Bkav 20150310
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
Norman 20150311
nProtect 20150310
Panda 20150311
Qihoo-360 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Interacts with the Windows Registry.
Seems to contain code to deceive researchers and automatic analysis systems.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2015-03-08 14:40:44
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
38720
type_literal
stream
size
104
name
\x01CompObj
sid
50
type_literal
stream
size
256
name
\x05DocumentSummaryInformation
sid
49
type_literal
stream
size
220
name
\x05SummaryInformation
sid
48
type_literal
stream
size
4372
name
Workbook
sid
1
type_literal
stream
size
1275
name
_VBA_PROJECT_CUR/PROJECT
sid
47
type_literal
stream
size
503
name
_VBA_PROJECT_CUR/PROJECTwm
sid
46
type_literal
stream
size
2595
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
sid
8
type_literal
stream
size
12358
type
macro
name
_VBA_PROJECT_CUR/VBA/Class2
sid
9
type_literal
stream
size
4026
type
macro
name
_VBA_PROJECT_CUR/VBA/Class3
sid
10
type_literal
stream
size
1449
type
macro
name
_VBA_PROJECT_CUR/VBA/Class4
sid
11
type_literal
stream
size
1488
type
macro
name
_VBA_PROJECT_CUR/VBA/Class5
sid
12
type_literal
stream
size
5780
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
17
type_literal
stream
size
9136
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
sid
20
type_literal
stream
size
3472
type
macro
name
_VBA_PROJECT_CUR/VBA/Module3
sid
23
type_literal
stream
size
1011
type
macro
name
_VBA_PROJECT_CUR/VBA/Module4
sid
24
type_literal
stream
size
1005
type
macro
name
_VBA_PROJECT_CUR/VBA/Module5
sid
25
type_literal
stream
size
6206
type
macro
name
_VBA_PROJECT_CUR/VBA/Module6
sid
26
type_literal
stream
size
11739
type
macro
name
_VBA_PROJECT_CUR/VBA/Module8
sid
29
type_literal
stream
size
4580
type
macro
name
_VBA_PROJECT_CUR/VBA/Module9
sid
32
type_literal
stream
size
13198
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
42
type_literal
stream
size
4489
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
44
type_literal
stream
size
641
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
45
type_literal
stream
size
84
name
_VBA_PROJECT_CUR/VBA/__SRP_10
sid
40
type_literal
stream
size
121
name
_VBA_PROJECT_CUR/VBA/__SRP_11
sid
41
type_literal
stream
size
96
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
14
type_literal
stream
size
324
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
15
type_literal
stream
size
134
name
_VBA_PROJECT_CUR/VBA/__SRP_4
sid
18
type_literal
stream
size
288
name
_VBA_PROJECT_CUR/VBA/__SRP_5
sid
19
type_literal
stream
size
154
name
_VBA_PROJECT_CUR/VBA/__SRP_6
sid
21
type_literal
stream
size
362
name
_VBA_PROJECT_CUR/VBA/__SRP_7
sid
22
type_literal
stream
size
134
name
_VBA_PROJECT_CUR/VBA/__SRP_8
sid
27
type_literal
stream
size
288
name
_VBA_PROJECT_CUR/VBA/__SRP_9
sid
28
type_literal
stream
size
164
name
_VBA_PROJECT_CUR/VBA/__SRP_a
sid
30
type_literal
stream
size
399
name
_VBA_PROJECT_CUR/VBA/__SRP_b
sid
31
type_literal
stream
size
98
name
_VBA_PROJECT_CUR/VBA/__SRP_c
sid
34
type_literal
stream
size
267
name
_VBA_PROJECT_CUR/VBA/__SRP_d
sid
35
type_literal
stream
size
88
name
_VBA_PROJECT_CUR/VBA/__SRP_e
sid
37
type_literal
stream
size
158
name
_VBA_PROJECT_CUR/VBA/__SRP_f
sid
38
type_literal
stream
size
3122
type
macro
name
_VBA_PROJECT_CUR/VBA/dfsdf
sid
13
type_literal
stream
size
1099
name
_VBA_PROJECT_CUR/VBA/dir
sid
43
type_literal
stream
size
2079
type
macro
name
_VBA_PROJECT_CUR/VBA/load
sid
16
type_literal
stream
size
3290
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfdsf
sid
33
type_literal
stream
size
1943
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdf
sid
36
type_literal
stream
size
5770
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdffff
sid
39
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
1786
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 616 bytes
[+] Class2.cls _VBA_PROJECT_CUR/VBA/Class2 5376 bytes
[+] Class3.cls _VBA_PROJECT_CUR/VBA/Class3 1352 bytes
[+] Class4.cls _VBA_PROJECT_CUR/VBA/Class4 176 bytes
[+] Class5.cls _VBA_PROJECT_CUR/VBA/Class5 185 bytes
[+] dfsdf.bas _VBA_PROJECT_CUR/VBA/dfsdf 1214 bytes
anti-analysis registry run-dll
[+] load.bas _VBA_PROJECT_CUR/VBA/load 676 bytes
run-file
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 2271 bytes
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 3945 bytes
[+] Module3.bas _VBA_PROJECT_CUR/VBA/Module3 1253 bytes
[+] Module4.bas _VBA_PROJECT_CUR/VBA/Module4 116 bytes
[+] Module5.bas _VBA_PROJECT_CUR/VBA/Module5 106 bytes
[+] Module6.bas _VBA_PROJECT_CUR/VBA/Module6 2545 bytes
[+] Module8.bas _VBA_PROJECT_CUR/VBA/Module8 5215 bytes
[+] Module9.bas _VBA_PROJECT_CUR/VBA/Module9 1753 bytes
[+] sdfdsf.bas _VBA_PROJECT_CUR/VBA/sdfdsf 1677 bytes
exe-pattern anti-analysis create-ole enum-windows environ obfuscated run-dll run-file
[+] sdfsdfsdf.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdf 705 bytes
exe-pattern anti-analysis run-dll
[+] sdfsdfsdffff.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdffff 2485 bytes
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:03:08 13:40:44

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
1

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

Compressed bundles
File identification
MD5 77f3949c2130b268bb18061bcb483d16
SHA1 0cfa3176dabc688f894b59fa56e000b0bb2b8099
SHA256 acf8997bd263dc4a094cf2e80957843363372e34c5233d899e8b16c4504ed2db
ssdeep
768:8+Lb3wys3hWo2DaL51AujHQWXVxfbHOxdPpgGiHbJzO2mLVcBavwM3pwSmgU+dbL:dJrp2fjHQpmd03vJpTjHIUgf4Ivl6

File size 126.5 KB ( 129536 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Sat Mar 07 13:40:44 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated run-file enum-windows exe-pattern macros run-dll environ registry xls anti-analysis create-ole

VirusTotal metadata
First submission 2015-03-11 09:23:21 UTC ( 2 years, 8 months ago )
Last submission 2017-11-14 08:43:49 UTC ( 6 days, 16 hours ago )
File names myvtfile.exe
4770OAR.xls
c70133eb70fe35e4362d285455c8e55b
1d7b4dcd9b5e97b8090c4af9c231a90e
f9f87903002478b84c86768a3603a65a
7271EWS.xls
9246WNU.xls
3c2efb3ca09e5fb129671e5671696521
efaea7b66029476719fb51ef2a76f30c
c4f81e1e87551ce58626403b2d290fcb
7d3b983fc5b59705a242eb9173ce04d9
Rem_1873HI.xml
3570HPJ.xml
fa0f702bb1813d133f268625ead1be22
VIRUS.xls
Rem_1040RT.xml
93f242ba049d31cb7ee881f77a82760b
Rem_3489XC.xml
colasoft-913-X97M_TrojanDownloader.Agent.NEVtrojan.xls
89WDZ.xls
16a310972f46bc8ffdfd4318a3ca2c74
4200MRO.XLS
77f3949c2130b268bb18061bcb483d16_Rem_1873HI.xml
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!