× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c916540dcab796e7c034bfd948c54d9b87665c62334d8fea8d3724d9b1e9cfc9
File name: Informacion.xls
Detection ratio: 1 / 54
Analysis date: 2014-06-28 11:43:27 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Kaspersky Trojan-Downloader.VBS.Agent.ain 20140628
Ad-Aware 20140628
AegisLab 20140628
Yandex 20140627
AhnLab-V3 20140628
AntiVir 20140628
Antiy-AVL 20140628
Avast 20140628
AVG 20140628
Baidu-International 20140628
BitDefender 20140628
Bkav 20140625
ByteHero 20140628
CAT-QuickHeal 20140628
ClamAV 20140628
CMC 20140627
Commtouch 20140628
Comodo 20140628
DrWeb 20140628
Emsisoft 20140628
ESET-NOD32 20140628
F-Prot 20140628
F-Secure 20140628
Fortinet 20140628
GData 20140628
Ikarus 20140628
Jiangmin 20140628
K7AntiVirus 20140627
K7GW 20140627
Kingsoft 20140628
Malwarebytes 20140628
McAfee 20140628
McAfee-GW-Edition 20140627
Microsoft 20140628
eScan 20140628
NANO-Antivirus 20140628
Norman 20140628
nProtect 20140627
Panda 20140628
Qihoo-360 20140628
Rising 20140623
Sophos AV 20140628
SUPERAntiSpyware 20140628
Symantec 20140628
Tencent 20140628
TheHacker 20140624
TotalDefense 20140627
TrendMicro 20140628
TrendMicro-HouseCall 20140628
VBA32 20140627
VIPRE 20140628
ViRobot 20140628
Zillya 20140627
Zoner 20140626
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May perform operations with other files.
May try to run other files, shell commands or applications.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
application_name
Microsoft Excel
creation_datetime
2014-06-18 08:16:39
last_saved
2014-06-24 13:32:28
code_page
Latin I
Document summary
version
983040
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
10368
type_literal
stream
size
107
name
\x01CompObj
sid
17
type_literal
stream
size
244
name
\x05DocumentSummaryInformation
sid
16
type_literal
stream
size
200
name
\x05SummaryInformation
sid
15
type_literal
stream
size
16341
name
Workbook
sid
1
type_literal
stream
size
543
name
_VBA_PROJECT_CUR/PROJECT
sid
14
type_literal
stream
size
86
name
_VBA_PROJECT_CUR/PROJECTwm
sid
13
type_literal
stream
size
8628
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
4
type_literal
stream
size
991
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet1
sid
8
type_literal
stream
size
999
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/ThisWorkbook
sid
7
type_literal
stream
size
3154
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
9
type_literal
stream
size
1924
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
11
type_literal
stream
size
370
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
12
type_literal
stream
size
283
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
5
type_literal
stream
size
496
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
6
type_literal
stream
size
561
name
_VBA_PROJECT_CUR/VBA/dir
sid
10
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 3797 bytes
exe-pattern auto-open create-ole environ handle-file obfuscated open-file run-dll run-file write-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserType
Microsoft Excel 2003 Worksheet

ModifyDate
2014:06:24 12:32:28

TitleOfParts
Sheet1

SharedDoc
No

FileType
XLS

AppVersion
15.0

LinksUpToDate
No

CodePage
Windows Latin 1 (Western European)

CompObjUserTypeLen
31

HeadingPairs
Worksheets, 1

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2014:06:18 07:16:39

Security
None

ScaleCrop
No

Software
Microsoft Excel

File identification
MD5 cb5698c64e8708b81b3fcb097f48cb63
SHA1 dc43439169407d0051cc9c63a678c68c597645c4
SHA256 c916540dcab796e7c034bfd948c54d9b87665c62334d8fea8d3724d9b1e9cfc9
ssdeep
768:8Ck3hOdsylKlgryzc4bNhZFGzE+cL2knAJAOiCyBSJMacSgBHkqoWl9P6ZZ:Nk3hOdsylKlgryzc4bNhZFGzE+cL2kne

File size 39.5 KB ( 40448 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Jun 17 07:16:39 2014, Last Saved Time/Date: Mon Jun 23 12:32:28 2014, Security: 0

TrID Microsoft Excel sheet (50.0%)
Microsoft Excel sheet (alternate) (37.6%)
Generic OLE2 / Multistream Compound File (12.3%)
Tags
obfuscated run-file auto-open exe-pattern handle-file open-file macros run-dll environ write-file xls create-ole

VirusTotal metadata
First submission 2014-06-26 12:06:23 UTC ( 4 years, 5 months ago )
Last submission 2014-09-10 07:18:52 UTC ( 4 years, 3 months ago )
File names c916540dcab796e7c034bfd948c54d9b87665c62334d8fea8d3724d9b1e9cfc9
Informacion.xls
vti-rescan
file-7172303_xls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!