× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d312c9226bc8558424c9fcc69d12c4b4e72a9dd67a961196b752bf231d9aa69d
File name: d312c9226bc8558424c9fcc69d12c4b4e72a9dd67a961196b752bf231d9aa69d
Detection ratio: 14 / 61
Analysis date: 2017-11-16 16:53:47 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.815 20171116
ALYac VB:Trojan.Valyria.815 20171116
Arcabit VB:Trojan.Valyria.815 20171116
AVware Trojan-Downloader.O97M.Donoff.e (v) 20171116
BitDefender VB:Trojan.Valyria.815 20171116
Emsisoft VB:Trojan.Valyria.815 (B) 20171116
F-Secure VB:Trojan.Valyria.815 20171116
Fortinet VBA/Agent.FAH!tr 20171116
GData VB:Trojan.Valyria.815 20171116
MAX malware (ai score=86) 20171116
eScan VB:Trojan.Valyria.815 20171116
Qihoo-360 virus.office.qexvmc.1085 20171116
Rising Trojan.Obfus/VBA!1.A5A5 (CLASSIC) 20171116
VIPRE Trojan-Downloader.O97M.Donoff.e (v) 20171116
AegisLab 20171116
AhnLab-V3 20171116
Alibaba 20170911
Antiy-AVL 20171116
Avast 20171116
Avast-Mobile 20171116
AVG 20171116
Avira (no cloud) 20171116
Baidu 20171116
Bkav 20171116
CAT-QuickHeal 20171116
ClamAV 20171115
CMC 20171109
Comodo 20171116
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171116
Cyren 20171116
DrWeb 20171116
eGambit 20171116
Endgame 20171024
ESET-NOD32 20171116
F-Prot 20171116
Ikarus 20171116
Sophos ML 20170914
Jiangmin 20171116
K7AntiVirus 20171116
K7GW 20171116
Kaspersky 20171116
Kingsoft 20171116
Malwarebytes 20171116
McAfee 20171116
McAfee-GW-Edition 20171116
Microsoft 20171116
NANO-Antivirus 20171116
nProtect 20171116
Palo Alto Networks (Known Signatures) 20171116
Panda 20171116
SentinelOne (Static ML) 20171113
Sophos AV 20171116
SUPERAntiSpyware 20171116
Symantec 20171116
Symantec Mobile Insight 20171116
Tencent 20171116
TheHacker 20171112
TotalDefense 20171116
TrendMicro 20171116
TrendMicro-HouseCall 20171116
Trustlook 20171116
VBA32 20171116
ViRobot 20171116
Webroot 20171116
WhiteArmor 20171104
Yandex 20171116
Zillya 20171116
ZoneAlarm by Check Point 20171116
Zoner 20171116
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May execute code from Dynamically Linked Libraries.
Summary
last_author
PC
creation_datetime
2017-11-16 15:18:57
author
Windows User
last_saved
2017-11-16 15:21:49
application_name
Microsoft Excel
code_page
Latin I
Document summary
version
917504
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
13440
type_literal
stream
sid
18
name
\x01CompObj
size
107
type_literal
stream
sid
17
name
\x05DocumentSummaryInformation
size
244
type_literal
stream
sid
16
name
\x05SummaryInformation
size
212
type_literal
stream
sid
1
name
Workbook
size
146728
type_literal
stream
sid
14
name
_VBA_PROJECT_CUR/PROJECT
size
509
type_literal
stream
sid
15
name
_VBA_PROJECT_CUR/PROJECTwm
size
92
type_literal
stream
sid
5
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet1
size
977
type_literal
stream
sid
6
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet2
size
977
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet3
size
977
type_literal
stream
sid
13
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
4633
type_literal
stream
sid
8
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
2972
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
383
type_literal
stream
sid
10
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
1926
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
3120
type_literal
stream
sid
4
name
_VBA_PROJECT_CUR/VBA/dir
size
552
type_literal
stream
sid
12
type
macro
name
_VBA_PROJECT_CUR/VBA/gsfdbsdf
size
87680
Macros and VBA code streams
[+] gsfdbsdf.cls _VBA_PROJECT_CUR/VBA/gsfdbsdf 41118 bytes
auto-open run-dll
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
31

CompObjUserType
Microsoft Excel 2003 Worksheet

ModifyDate
2017:11:16 14:21:49

TitleOfParts
Sheet1, Sheet2, Sheet3

SharedDoc
No

Author
Windows User

FileType
XLS

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
PC

HeadingPairs
Worksheets, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2017:11:16 14:18:57

Security
None

CodePage
Windows Latin 1 (Western European)

Software
Microsoft Excel

File identification
MD5 2e2654db3b0650dd16729d5cb258f19b
SHA1 e9b0705510c0f1eada54959975983583b5a54b8f
SHA256 d312c9226bc8558424c9fcc69d12c4b4e72a9dd67a961196b752bf231d9aa69d
ssdeep
6144:BxEtjPOtioVjDGUU1qfDlavx+W2QnAa8ChDiaKr+FvwNAJj8ecPo8HnbO1z4Fu:3SKr+FvaAF8ec+iFu

File size 254.0 KB ( 260096 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Windows User, Last Saved By: PC, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Nov 15 14:18:57 2017, Last Saved Time/Date: Wed Nov 15 14:21:49 2017, Security: 0

TrID Microsoft Excel sheet (50.0%)
Microsoft Excel sheet (alternate) (37.6%)
Generic OLE2 / Multistream Compound File (12.3%)
Tags
macros auto-open xls attachment run-dll

VirusTotal metadata
First submission 2017-11-16 16:53:47 UTC ( 1 year, 2 months ago )
Last submission 2017-11-25 08:47:57 UTC ( 1 year, 1 month ago )
File names Product Enquiry.xls
__substg1.0_37010102
Zebra 30.xls
d312c9226bc8558424c9fcc69d12c4b4e72a9dd67a961196b752bf231d9aa69d
1032-e9b0705510c0f1eada54959975983583b5a54b8f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!