× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5b83418c7fbe3e3799decce6162525b1ca73eeb8854e5e599c4830bb54de9a4
File name: 3.xls
Detection ratio: 2 / 57
Analysis date: 2015-03-19 10:00:07 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150319
VIPRE LooksLike.Macro.Malware.a (v) 20150319
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150318
AhnLab-V3 20150318
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
Avast 20150319
AVG 20150319
Avira (no cloud) 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150318
ByteHero 20150319
CAT-QuickHeal 20150318
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
ESET-NOD32 20150319
F-Prot 20150319
F-Secure 20150319
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150318
K7AntiVirus 20150319
K7GW 20150319
Kaspersky 20150319
Kingsoft 20150319
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
Norman 20150319
nProtect 20150319
Panda 20150318
Qihoo-360 20150319
Rising 20150318
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150318
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150318
ViRobot 20150319
Zillya 20150318
Zoner 20150319
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2015-03-18 19:45:18
author
Microsoft Office
last_saved
2015-03-19 08:05:56
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
917504
company
Microsoft Corporation
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
30976
type_literal
stream
sid
29
name
\x01CompObj
size
102
type_literal
stream
sid
28
name
\x05DocumentSummaryInformation
size
276
type_literal
stream
sid
27
name
\x05SummaryInformation
size
236
type_literal
stream
sid
1
name
Workbook
size
13055
type_literal
stream
sid
26
name
_VBA_PROJECT_CUR/PROJECT
size
915
type_literal
stream
sid
25
name
_VBA_PROJECT_CUR/PROJECTwm
size
236
type_literal
stream
sid
19
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
size
3539
type_literal
stream
sid
16
type
macro
name
_VBA_PROJECT_CUR/VBA/Corob5
size
3462
type_literal
stream
sid
11
type
macro
name
_VBA_PROJECT_CUR/VBA/File55
size
1469
type_literal
stream
sid
12
type
macro
name
_VBA_PROJECT_CUR/VBA/File643
size
2750
type_literal
stream
sid
8
type
macro
name
_VBA_PROJECT_CUR/VBA/Heroro6
size
3479
type_literal
stream
sid
13
type
macro
name
_VBA_PROJECT_CUR/VBA/Loop4
size
3193
type_literal
stream
sid
20
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
4452
type_literal
stream
sid
5
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page1
size
998
type_literal
stream
sid
6
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page2
size
998
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Page3
size
998
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisBook
size
1587
type_literal
stream
sid
21
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
5440
type_literal
stream
sid
23
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
2972
type_literal
stream
sid
24
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
704
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
158
type_literal
stream
sid
10
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
530
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
171
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
192
type_literal
stream
sid
17
name
_VBA_PROJECT_CUR/VBA/__SRP_6
size
265
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_7
size
284
type_literal
stream
sid
22
name
_VBA_PROJECT_CUR/VBA/dir
size
825
Macros and VBA code streams
[+] ThisBook.cls _VBA_PROJECT_CUR/VBA/ThisBook 40 bytes
auto-open
[+] Heroro6.bas _VBA_PROJECT_CUR/VBA/Heroro6 1643 bytes
exe-pattern run-dll
[+] File55.bas _VBA_PROJECT_CUR/VBA/File55 436 bytes
exe-pattern url-pattern
[+] File643.bas _VBA_PROJECT_CUR/VBA/File643 662 bytes
[+] Loop4.bas _VBA_PROJECT_CUR/VBA/Loop4 1273 bytes
handle-file open-file write-file
[+] Corob5.bas _VBA_PROJECT_CUR/VBA/Corob5 1299 bytes
obfuscated
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 1052 bytes
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 1903 bytes
create-ole open-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
Windows

CompObjUserType
???? Microsoft Excel 2003

ModifyDate
2015:03:19 07:05:56

TitleOfParts
Page1, Page2, Page3

SharedDoc
No

Author
Microsoft Office

Company
Microsoft Corporation

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
26

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:03:18 18:45:18

Security
None

CodePage
Windows Cyrillic

FileType
XLS

Software
Microsoft Excel

Compressed bundles
File identification
MD5 ad70d83de81a11a12190059afff0ef78
SHA1 199b72bcfd458f57e309a3d98c18c644a6cf564d
SHA256 c5b83418c7fbe3e3799decce6162525b1ca73eeb8854e5e599c4830bb54de9a4
ssdeep
1536:hYdvxHlcaQPy0iWYOcG4BDhnxDV8ix/7uDphYHceXVhca+fMHLtyeGxclrdgiIuY:hYdvxHlcaAy0iWYOcG4BDhnxDV8ix/7s

File size 60.5 KB ( 61952 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Office, Last Saved By: ������������ Windows, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 17 18:45:18 2015, Last Saved Time/Date: Wed Mar 18 07:05:56 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file auto-open exe-pattern handle-file url-pattern macros run-dll attachment write-file xls create-ole

VirusTotal metadata
First submission 2015-03-19 07:52:03 UTC ( 4 years, 2 months ago )
Last submission 2016-11-09 22:49:54 UTC ( 2 years, 6 months ago )
File names 2015031714240625332(3).xls
decoded.4B-11-B2-EE-D0-17-8E-0E-72-0A-A6-CC-C2-28-8B-57.xls
5c666754a57e363c09670d518f39b764
ad70d83de81a11a12190059afff0ef78.xls
3.xls
attachment1.xls
2015031714240625332(2).xls
REDACTED_FILE_NAME.xls
VirusShare_ad70d83de81a11a12190059afff0ef78
bca15a79760b5727e1270e8b3c7e810d
2015031714240625332.xls
xls_BADbadB2
cded3a58bcb8d32ed056f993fa12ce79
4be81add331a823b30a417d589d014ef
DecodedBase64.bin
636706.xls
Copy_3_of_2015031714240625332.xls
199b72bcfd458f57e309a3d98c18c644a6cf564d.xls
2015031714240625332(1).xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!