× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 3f8de3a9ac3146dd26bf890508b00e38649ebf9f1cd62f3814d9bfb3e0ef26e7
ファイル名: 3D=3Diso-2022-jpBGyRCSkw=.bin
検出率: 38 / 57
分析日時: 2018-11-11 08:53:04 UTC (3 ヶ月, 1 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware W97m.Downloader.FXV 20181111
AhnLab-V3 X97M/Downloader 20181110
ALYac W97m.Downloader.FXV 20181111
Antiy-AVL Trojan[Downloader]/MSExcel.Agent.fc 20181111
Arcabit HEUR.VBA.Trojan.e 20181111
Avast VBA:Downloader-FFT [Trj] 20181111
AVG VBA:Downloader-FFT [Trj] 20181111
Avira (no cloud) X97M/Agent.3060412 20181111
Baidu VBA.Trojan-Downloader.Agent.bmn 20181109
BitDefender W97m.Downloader.FXV 20181111
CAT-QuickHeal X97M.Downloader.AYY 20181108
ClamAV Doc.Macro.MaliciousHeuristic-6329080-0 20181111
Cyren X97M/Downloader.CR 20181111
DrWeb W97M.DownLoader.1792 20181111
Emsisoft W97m.Downloader.FXV (B) 20181111
Endgame malicious (high confidence) 20181108
ESET-NOD32 PowerShell/TrojanDownloader.Agent.Q 20181111
F-Prot X97M/Downloader.CR 20181111
F-Secure W97m.Downloader.FXV 20181111
Fortinet WM/Agent.DLA!tr.dldr 20181111
GData Macro.Trojan.Obfus.BE 20181111
Kaspersky Trojan-Downloader.MSExcel.Agent.fd 20181111
MAX malware (ai score=85) 20181111
McAfee RDN/downloader.cat 20181111
McAfee-GW-Edition BehavesLike.Downloader.kr 20181111
Microsoft TrojanDownloader:W97M/Adnel.R 20181111
eScan W97m.Downloader.FXV 20181111
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181111
Qihoo-360 virus.office.qexvmc.1070 20181111
Rising Downloader.Adnel!8.381 (TOPIS:MugtPWX8HFR) 20181111
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/DocDl-JGM 20181111
Symantec Trojan.Mdropper 20181110
Tencent OLE.Win32.Macro.703765 20181111
TrendMicro X2KM_POWMET.SM 20181111
TrendMicro-HouseCall X2KM_POWMET.SM 20181111
ZoneAlarm by Check Point Trojan-Downloader.MSExcel.Agent.fd 20181111
Zoner TrojanAgent.Generic 20181111
AegisLab 20181111
Alibaba 20180921
Avast-Mobile 20181111
Babable 20180918
Bkav 20181110
CMC 20181111
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181111
eGambit 20181111
Sophos ML 20181108
Jiangmin 20181111
K7AntiVirus 20181111
K7GW 20181109
Kingsoft 20181111
Malwarebytes 20181111
Palo Alto Networks (Known Signatures) 20181111
Panda 20181111
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181111
TheHacker 20181108
TotalDefense 20181111
Trustlook 20181111
VBA32 20181109
ViRobot 20181110
Webroot 20181111
Yandex 20181109
Zillya 20181109
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2015-06-30 09:42:10
last_saved
2017-06-14 07:14:52
last_printed
2015-07-02 05:20:30
application_name
Microsoft Macintosh Excel
code_page
Cyrillic
Document summary
version
917504
code_page
-535
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
8256
type_literal
stream
sid
16
name
\x01CompObj
size
107
type_literal
stream
sid
15
name
\x05DocumentSummaryInformation
size
280
type_literal
stream
sid
14
name
\x05SummaryInformation
size
200
type_literal
stream
sid
1
name
Workbook
size
40780
type_literal
stream
sid
13
name
_VBA_PROJECT_CUR/PROJECT
size
421
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/PROJECTwm
size
62
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet1
size
985
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisWorkbook
size
10743
type_literal
stream
sid
8
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
4402
type_literal
stream
sid
10
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
1892
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
106
type_literal
stream
sid
5
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
2486
type_literal
stream
sid
6
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
859
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/dir
size
523
Macros and VBA code streams
[+] ThisWorkbook.cls _VBA_PROJECT_CUR/VBA/ThisWorkbook 5212 bytes
auto-open obfuscated run-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserType
Microsoft Excel 2003 Worksheet

ModifyDate
2017:06:14 06:14:52

TitleOfParts
, !Print_Area

SharedDoc
No

FileType
XLS

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
31

HeadingPairs
Worksheets, 1, Named Ranges, 1

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2015:06:30 08:42:10

LastPrinted
2015:07:02 04:20:30

Security
None

CodePage
Unicode (UTF-8)

Software
Microsoft Macintosh Excel

File identification
MD5 5f82089845cbba0d7da706849a3585cb
SHA1 e12cc52999fa4671a62973983f46efd7b6f0f14c
SHA256 3f8de3a9ac3146dd26bf890508b00e38649ebf9f1cd62f3814d9bfb3e0ef26e7
ssdeep
1536:0sk3hOdsylKlgryzc4bNhZFGzE+cL4LgldAOHSImenhDQtPjHPzT62oNYQKQax8m:Dk3hOdsylKlgryzc4bNhZFGzE+cL4Lg2

File size 68.5 KB ( 70147 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application: Microsoft Macintosh Excel, Last Printed: Wed Jul 01 04:20:30 2015, Create Time/Date: Mon Jun 29 08:42:10 2015, Last Saved Time/Date: Tue Jun 13 06:14:52 2017, Security: 0

TrID Microsoft Excel sheet (50.0%)
Microsoft Excel sheet (alternate) (37.6%)
Generic OLE2 / Multistream Compound File (12.3%)
Tags
obfuscated macros run-file auto-open xls

VirusTotal metadata
First submission 2017-06-14 09:03:17 UTC (1 年, 8 ヶ月前)
Last submission 2017-06-15 07:27:27 UTC (1 年, 8 ヶ月前)
ファイル名 3D_=3D_iso-2022-jp_B_GyRCSkw=.xls
3D=3Diso-2022-jpBGyRCSkw=.bin
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。