× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5d0be778d0ef6a0940bf5dfc4201499adb8e998ab14d979e80d282d4ab7a263
File name: CAR015 129011.xls
Detection ratio: 0 / 57
Analysis date: 2015-02-25 10:34:21 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150225
AegisLab 20150225
Yandex 20150224
AhnLab-V3 20150225
Alibaba 20150225
ALYac 20150225
Antiy-AVL 20150225
Avast 20150225
AVG 20150225
Avira (no cloud) 20150225
AVware 20150225
Baidu-International 20150225
BitDefender 20150225
Bkav 20150225
ByteHero 20150225
CAT-QuickHeal 20150225
ClamAV 20150225
CMC 20150223
Comodo 20150225
Cyren 20150225
DrWeb 20150225
Emsisoft 20150225
ESET-NOD32 20150225
F-Prot 20150225
F-Secure 20150225
Fortinet 20150225
GData 20150225
Ikarus 20150225
Jiangmin 20150224
K7AntiVirus 20150225
K7GW 20150225
Kaspersky 20150225
Kingsoft 20150225
Malwarebytes 20150225
McAfee 20150225
McAfee-GW-Edition 20150225
Microsoft 20150225
eScan 20150225
NANO-Antivirus 20150225
Norman 20150225
nProtect 20150225
Panda 20150224
Qihoo-360 20150225
Rising 20150224
Sophos AV 20150225
SUPERAntiSpyware 20150225
Symantec 20150225
Tencent 20150225
TheHacker 20150225
TotalDefense 20150224
TrendMicro 20150225
TrendMicro-HouseCall 20150225
VBA32 20150225
VIPRE 20150225
ViRobot 20150225
Zillya 20150224
Zoner 20150223
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
1
creation_datetime
1996-10-09 00:32:33
author
Microsoft Corporation
last_saved
2015-01-22 06:52:43
application_name
Microsoft Excel
code_page
Cyrillic
Document summary
version
730895
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
25920
type_literal
stream
sid
33
name
\x01CompObj
size
104
type_literal
stream
sid
32
name
\x05DocumentSummaryInformation
size
256
type_literal
stream
sid
31
name
\x05SummaryInformation
size
220
type_literal
stream
sid
1
name
Workbook
size
4372
type_literal
stream
sid
30
name
_VBA_PROJECT_CUR/PROJECT
size
1103
type_literal
stream
sid
29
name
_VBA_PROJECT_CUR/PROJECTwm
size
365
type_literal
stream
sid
8
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class1
size
999
type_literal
stream
sid
24
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class10
size
1000
type_literal
stream
sid
9
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class2
size
999
type_literal
stream
sid
10
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class3
size
999
type_literal
stream
sid
14
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class4
size
999
type_literal
stream
sid
15
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class5
size
999
type_literal
stream
sid
16
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class6
size
999
type_literal
stream
sid
20
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class7
size
999
type_literal
stream
sid
22
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class8
size
999
type_literal
stream
sid
23
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Class9
size
999
type_literal
stream
sid
11
type
macro
name
_VBA_PROJECT_CUR/VBA/Module1
size
2059
type_literal
stream
sid
21
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Module2
size
683
type_literal
stream
sid
25
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
4965
type_literal
stream
sid
27
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
1895
type_literal
stream
sid
28
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
256
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
84
type_literal
stream
sid
13
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
112
type_literal
stream
sid
18
name
_VBA_PROJECT_CUR/VBA/__SRP_4
size
98
type_literal
stream
sid
19
name
_VBA_PROJECT_CUR/VBA/__SRP_5
size
240
type_literal
stream
sid
17
type
macro
name
_VBA_PROJECT_CUR/VBA/dfgfdg
size
2634
type_literal
stream
sid
26
name
_VBA_PROJECT_CUR/VBA/dir
size
907
type_literal
stream
sid
5
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421
size
976
type_literal
stream
sid
6
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422
size
976
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423
size
976
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430
size
1143
Macros and VBA code streams
[+] Module1.bas _VBA_PROJECT_CUR/VBA/Module1 674 bytes
[+] dfgfdg.bas _VBA_PROJECT_CUR/VBA/dfgfdg 905 bytes
download environ run-dll run-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

LastModifiedBy
1

CompObjUserType
???? Microsoft Office Excel

ModifyDate
2015:01:22 05:52:43

TitleOfParts
1, 2, 3

SharedDoc
No

Author
Microsoft Corporation

FileType
XLS

AppVersion
11.9999

LinksUpToDate
No

CodePage
Windows Cyrillic

CompObjUserTypeLen
28

HeadingPairs
, 3

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
1996:10:08 23:32:33

Security
None

ScaleCrop
No

Software
Microsoft Excel

Compressed bundles
File identification
MD5 d46eb50cacee7e95b8371ea6e274c9fe
SHA1 32000056d225974d6a655cc65c82dc78ec547e9b
SHA256 f5d0be778d0ef6a0940bf5dfc4201499adb8e998ab14d979e80d282d4ab7a263
ssdeep
384:c+LbHIJuGp8y/eM+hUrFMS9dBm8fmLXs1k7kv:c+LboJJRUqFMS9dxmw1j

File size 42.5 KB ( 43520 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Corporation, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Oct 07 23:32:33 1996, Last Saved Time/Date: Wed Jan 21 05:52:43 2015, Security: 0

TrID Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)
Tags
run-file macros run-dll environ download xls attachment

VirusTotal metadata
First submission 2015-02-25 08:19:03 UTC ( 2 years, 9 months ago )
Last submission 2016-11-09 20:22:36 UTC ( 1 year, 1 month ago )
File names ccb8fe82287c56a04a27e4e81b2fc37e
63accd387b07ea127817055e38d106ed
logmein_pro_receipt.xls
48e517525bbc9b69fd69ec915d00d495
ac6fce3d687e13397a8c76c0a2ee540b
Copy_7_of_logmein_pro_receipt.xls
678591c910bedfaa9ff3ca59c73ec30c
CAR015 129011.xls
e44992e740ec3eae095d881e2ac66fe1
f74b711bd43510993f4b7462008d33f7
f91f5bb0f42dba0ee72ef300ac9189f5
CAR015X129011.xls
8cef93dede7a04dbea51b0a96def79aa
284eaff1fbe7e06ef817a6f3a1870f47
d46eb50cacee7e95b8371ea6e274c9fe.xls
1906f0f1b31a440270732f2b68d677a0
a8bed79f7748c3ea28c7e77f38201573
867233b8e7499eebfd6bedc7c7cc5e4e
32000056d225974d6a655cc65c82dc78ec547e9b.xls
6c6560659e12733b1c20daef8986018c
80fdbbcbf99f309361bc6b9e37c0b871
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!