× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e92bfd84a3ec520dd1748b078efbe4e19b75489e509bea0abda9fc16e5c8866a
File name: malware1.xls
Detection ratio: 4 / 54
Analysis date: 2015-12-17 12:17:56 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151217
AVware LooksLike.Macro.Malware.gen!x3 (v) 20151217
F-Secure Trojan:W97M/MaliciousMacro.GEN 20151217
VIPRE LooksLike.Macro.Malware.gen!x3 (v) 20151217
Ad-Aware 20151217
AegisLab 20151217
Yandex 20151217
AhnLab-V3 20151217
Alibaba 20151208
ALYac 20151217
Antiy-AVL 20151217
Avast 20151217
AVG 20151217
Avira (no cloud) 20151217
Baidu-International 20151217
BitDefender 20151217
Bkav 20151217
ByteHero 20151217
CAT-QuickHeal 20151217
ClamAV 20151217
CMC 20151217
Comodo 20151217
Cyren 20151217
DrWeb 20151217
Emsisoft 20151217
ESET-NOD32 20151217
F-Prot 20151217
Fortinet 20151217
GData 20151217
Ikarus 20151217
Jiangmin 20151217
K7AntiVirus 20151217
K7GW 20151217
Kaspersky 20151217
Malwarebytes 20151217
McAfee 20151217
McAfee-GW-Edition 20151217
Microsoft 20151217
eScan 20151217
NANO-Antivirus 20151217
nProtect 20151217
Panda 20151215
Rising 20151217
Sophos AV 20151217
SUPERAntiSpyware 20151217
Symantec 20151216
Tencent 20151217
TheHacker 20151215
TrendMicro 20151217
TrendMicro-HouseCall 20151217
VBA32 20151216
ViRobot 20151217
Zillya 20151217
Zoner 20151217
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
Microsoft Office
creation_datetime
2015-12-17 08:21:49
author
Microsoft Office
last_saved
2015-12-17 09:24:16
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
company
Microsoft Corporation
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
12928
type_literal
stream
size
104
name
\x01CompObj
sid
19
type_literal
stream
size
276
name
\x05DocumentSummaryInformation
sid
18
type_literal
stream
size
232
name
\x05SummaryInformation
sid
17
type_literal
stream
size
2744
name
Workbook
sid
1
type_literal
stream
size
562
name
_VBA_PROJECT_CUR/PROJECT
sid
16
type_literal
stream
size
107
name
_VBA_PROJECT_CUR/PROJECTwm
sid
15
type_literal
stream
size
45674
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
sid
8
type_literal
stream
size
6163
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
1784
name
_VBA_PROJECT_CUR/VBA/__SRP_0
sid
13
type_literal
stream
size
470
name
_VBA_PROJECT_CUR/VBA/__SRP_1
sid
14
type_literal
stream
size
254
name
_VBA_PROJECT_CUR/VBA/__SRP_2
sid
9
type_literal
stream
size
1205
name
_VBA_PROJECT_CUR/VBA/__SRP_3
sid
10
type_literal
stream
size
596
name
_VBA_PROJECT_CUR/VBA/dir
sid
12
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
sid
5
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
sid
6
type_literal
stream
size
976
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
sid
7
type_literal
stream
size
1219
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
sid
4
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 30803 bytes
exe-pattern create-file create-ole download obfuscated open-file run-file write-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserTypeLen
28

CompObjUserType
???? Microsoft Office Excel

Company
Microsoft Corporation

ModifyDate
2015:12:17 08:24:16

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Office

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

ScaleCrop
No

LastModifiedBy
Microsoft Office

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:12:17 07:21:49

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 d0e230f32839be076ad596cae8488f1f
SHA1 ccab8d5a48b0501e5df9e854c0df1e8e83cf2369
SHA256 e92bfd84a3ec520dd1748b078efbe4e19b75489e509bea0abda9fc16e5c8866a
ssdeep
768:e9bG9HHP1U7RBdNJAGH2wnGe4/MCz7DEQAK4grfx:J9PerLHVtQX54g

File size 69.5 KB ( 71168 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Office, Last Saved By: Microsoft Office, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Dec 16 07:21:49 2015, Last Saved Time/Date: Wed Dec 16 08:24:16 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
obfuscated open-file exe-pattern create-file run-file macros download write-file xls create-ole

VirusTotal metadata
First submission 2015-12-17 11:48:58 UTC ( 1 year, 11 months ago )
Last submission 2016-11-10 14:40:47 UTC ( 1 year ago )
File names G-A0287580036267754265.xls
malware1.xls
file10.xls
08d7b737916e67ec5ca214ab643f20d1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!