× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7af5902e5922a9a89c4464a36b5c4f6d98e8d613a412581d7f64c2fab4ce2fb
File name: Rem_8392TN.xml
Detection ratio: 2 / 57
Analysis date: 2015-03-11 11:48:00 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.a (v) 20150311
VIPRE LooksLike.Macro.Malware.a (v) 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150310
AhnLab-V3 20150310
Alibaba 20150311
ALYac 20150311
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
Baidu-International 20150311
BitDefender 20150311
Bkav 20150311
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
Norman 20150311
nProtect 20150310
Panda 20150311
Qihoo-360 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Interacts with the Windows Registry.
Seems to contain code to deceive researchers and automatic analysis systems.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2015-03-08 14:43:53
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
38656
type_literal
stream
sid
50
name
\x01CompObj
size
104
type_literal
stream
sid
49
name
\x05DocumentSummaryInformation
size
256
type_literal
stream
sid
48
name
\x05SummaryInformation
size
220
type_literal
stream
sid
1
name
Workbook
size
4372
type_literal
stream
sid
47
name
_VBA_PROJECT_CUR/PROJECT
size
1278
type_literal
stream
sid
46
name
_VBA_PROJECT_CUR/PROJECTwm
size
503
type_literal
stream
sid
8
type
macro
name
_VBA_PROJECT_CUR/VBA/Class1
size
2595
type_literal
stream
sid
9
type
macro
name
_VBA_PROJECT_CUR/VBA/Class2
size
12358
type_literal
stream
sid
10
type
macro
name
_VBA_PROJECT_CUR/VBA/Class3
size
4026
type_literal
stream
sid
11
type
macro
name
_VBA_PROJECT_CUR/VBA/Class4
size
1449
type_literal
stream
sid
12
type
macro
name
_VBA_PROJECT_CUR/VBA/Class5
size
1488
type_literal
stream
sid
17
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
5780
type_literal
stream
sid
20
type
macro
name
_VBA_PROJECT_CUR/VBA/Module2
size
9136
type_literal
stream
sid
23
type
macro
name
_VBA_PROJECT_CUR/VBA/Module3
size
3472
type_literal
stream
sid
24
type
macro
name
_VBA_PROJECT_CUR/VBA/Module4
size
1011
type_literal
stream
sid
25
type
macro
name
_VBA_PROJECT_CUR/VBA/Module5
size
1005
type_literal
stream
sid
26
type
macro
name
_VBA_PROJECT_CUR/VBA/Module6
size
6206
type_literal
stream
sid
29
type
macro
name
_VBA_PROJECT_CUR/VBA/Module8
size
11739
type_literal
stream
sid
32
type
macro
name
_VBA_PROJECT_CUR/VBA/Module9
size
4580
type_literal
stream
sid
42
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
13143
type_literal
stream
sid
44
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
4458
type_literal
stream
sid
45
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
641
type_literal
stream
sid
40
name
_VBA_PROJECT_CUR/VBA/__SRP_10
size
84
type_literal
stream
sid
41
name
_VBA_PROJECT_CUR/VBA/__SRP_11
size
121
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
96
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
324
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
134
type_literal
stream
sid
19
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
288
type_literal
stream
sid
21
name
_VBA_PROJECT_CUR/VBA/__SRP_6
size
154
type_literal
stream
sid
22
name
_VBA_PROJECT_CUR/VBA/__SRP_7
size
362
type_literal
stream
sid
27
name
_VBA_PROJECT_CUR/VBA/__SRP_8
size
134
type_literal
stream
sid
28
name
_VBA_PROJECT_CUR/VBA/__SRP_9
size
288
type_literal
stream
sid
30
name
_VBA_PROJECT_CUR/VBA/__SRP_a
size
164
type_literal
stream
sid
31
name
_VBA_PROJECT_CUR/VBA/__SRP_b
size
399
type_literal
stream
sid
34
name
_VBA_PROJECT_CUR/VBA/__SRP_c
size
98
type_literal
stream
sid
35
name
_VBA_PROJECT_CUR/VBA/__SRP_d
size
267
type_literal
stream
sid
37
name
_VBA_PROJECT_CUR/VBA/__SRP_e
size
88
type_literal
stream
sid
38
name
_VBA_PROJECT_CUR/VBA/__SRP_f
size
158
type_literal
stream
sid
13
type
macro
name
_VBA_PROJECT_CUR/VBA/dfsdf
size
3122
type_literal
stream
sid
43
name
_VBA_PROJECT_CUR/VBA/dir
size
1099
type_literal
stream
sid
16
type
macro
name
_VBA_PROJECT_CUR/VBA/load
size
2068
type_literal
stream
sid
33
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfdsf
size
3290
type_literal
stream
sid
36
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdf
size
1943
type_literal
stream
sid
39
type
macro
name
_VBA_PROJECT_CUR/VBA/sdfsdfsdffff
size
5770
type_literal
stream
sid
5
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
size
976
type_literal
stream
sid
6
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
size
976
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
size
976
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
size
1722
Macros and VBA code streams
[+] Class1.cls _VBA_PROJECT_CUR/VBA/Class1 616 bytes
[+] Class2.cls _VBA_PROJECT_CUR/VBA/Class2 5376 bytes
[+] Class3.cls _VBA_PROJECT_CUR/VBA/Class3 1352 bytes
[+] Class4.cls _VBA_PROJECT_CUR/VBA/Class4 176 bytes
[+] Class5.cls _VBA_PROJECT_CUR/VBA/Class5 185 bytes
[+] dfsdf.bas _VBA_PROJECT_CUR/VBA/dfsdf 1214 bytes
anti-analysis registry run-dll
[+] load.bas _VBA_PROJECT_CUR/VBA/load 676 bytes
run-file
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 2271 bytes
[+] Module2.bas _VBA_PROJECT_CUR/VBA/Module2 3945 bytes
[+] Module3.bas _VBA_PROJECT_CUR/VBA/Module3 1253 bytes
[+] Module4.bas _VBA_PROJECT_CUR/VBA/Module4 116 bytes
[+] Module5.bas _VBA_PROJECT_CUR/VBA/Module5 106 bytes
[+] Module6.bas _VBA_PROJECT_CUR/VBA/Module6 2545 bytes
[+] Module8.bas _VBA_PROJECT_CUR/VBA/Module8 5215 bytes
[+] Module9.bas _VBA_PROJECT_CUR/VBA/Module9 1753 bytes
[+] sdfdsf.bas _VBA_PROJECT_CUR/VBA/sdfdsf 1677 bytes
exe-pattern anti-analysis create-ole enum-windows environ obfuscated run-dll run-file
[+] sdfsdfsdf.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdf 705 bytes
exe-pattern anti-analysis run-dll
[+] sdfsdfsdffff.bas _VBA_PROJECT_CUR/VBA/sdfsdfsdffff 2485 bytes
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
1

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:03:08 13:43:53

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

CodePage
Windows Cyrillic

CompObjUserTypeLen
28

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

ScaleCrop
No

Software
Microsoft Excel

File identification
MD5 1f423d2d9a43c54a81e44fe692de80da
SHA1 d0252ec42e5ec94baa0cb1351d434b729f61c9a5
SHA256 c7af5902e5922a9a89c4464a36b5c4f6d98e8d613a412581d7f64c2fab4ce2fb
ssdeep
1536:cxX8tXRSx/8E3NP+1vq5DBTAeUDf4Cv6AJ:JOxdPWvq5DlAeU

File size 126.5 KB ( 129536 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Sat Mar 07 13:43:53 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated run-file enum-windows exe-pattern macros run-dll environ registry xls anti-analysis create-ole

VirusTotal metadata
First submission 2015-03-11 09:25:29 UTC ( 2 years, 8 months ago )
Last submission 2016-11-09 23:04:13 UTC ( 1 year ago )
File names Rem_3229YW.xml
649e71a1bb7c53531f09b7fcd3f64e54
9318GSV.xls
Rem_4567DB.xml
Rem_1163PD.xml
333MMJ.xml
Rem_0127NT.xml
5437WFL.xls
d6734da7456509d30bc6442525900394
dcf99c0fc2e4308771590322c29f2252
Rem_6036CK.xml
6325VDPH.xls
59JYH.xls
3559LRD.xls
1383BNP.xls
VirusShare_1f423d2d9a43c54a81e44fe692de80da
5904d1da8f5d934301e69b6f3c44cb74
87OGU.xls
9287990e7d0daf34655d738a9e9bc9f1
85d94880d3b45cde3e1853ccedc28945
Rem_0070XR.xml
Rem_8392TN.xml
BEWL.xls
810894a7d205b4b3562be44a5afc7485
40b433f0788f99049a85f222a3855ce1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!