| SHA256: | 022b950339342fdd91ea9e38460490c6c9339298ca050edd6bfbf57b2d07cc01 |
| File name: | 48d1391fe615171612ac85244a58dfe418edfd32.xls |
| Detection ratio: | 2 / 55 |
| Analysis date: | 2017-02-07 23:24:02 UTC ( 23 hours, 33 minutes ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Arcabit | HEUR.VBA.Trojan.e | 20170207 |
| Rising | Macro.Agent.dy (classic) | 20170207 |
| ALYac | 20170207 | |
| AVG | 20170207 | |
| AVware | 20170207 | |
| Ad-Aware | 20170207 | |
| AegisLab | 20170207 | |
| AhnLab-V3 | 20170207 | |
| Alibaba | 20170122 | |
| Antiy-AVL | 20170207 | |
| Avast | 20170207 | |
| Avira (no cloud) | 20170207 | |
| Baidu | 20170207 | |
| BitDefender | 20170207 | |
| Bkav | 20170207 | |
| CAT-QuickHeal | 20170207 | |
| CMC | 20170207 | |
| ClamAV | 20170207 | |
| Comodo | 20170207 | |
| CrowdStrike Falcon (ML) | 20170130 | |
| Cyren | 20170207 | |
| DrWeb | 20170207 | |
| ESET-NOD32 | 20170207 | |
| Emsisoft | 20170207 | |
| F-Prot | 20170207 | |
| F-Secure | 20170207 | |
| Fortinet | 20170207 | |
| GData | 20170207 | |
| Ikarus | 20170207 | |
| Invincea | 20170203 | |
| Jiangmin | 20170207 | |
| K7AntiVirus | 20170207 | |
| K7GW | 20170207 | |
| Kaspersky | 20170207 | |
| Kingsoft | 20170208 | |
| Malwarebytes | 20170207 | |
| McAfee | 20170207 | |
| McAfee-GW-Edition | 20170207 | |
| eScan | 20170207 | |
| Microsoft | 20170207 | |
| NANO-Antivirus | 20170207 | |
| Panda | 20170207 | |
| Qihoo-360 | 20170208 | |
| SUPERAntiSpyware | 20170207 | |
| Sophos | 20170207 | |
| Symantec | 20170207 | |
| Tencent | 20170208 | |
| TheHacker | 20170205 | |
| TotalDefense | 20170207 | |
| TrendMicro | 20170207 | |
| TrendMicro-HouseCall | 20170207 | |
| Trustlook | 20170208 | |
| VBA32 | 20170207 | |
| VIPRE | 20170207 | |
| ViRobot | 20170207 | |
| WhiteArmor | 20170202 | |
| Yandex | 20170208 | |
| Zillya | 20170207 | |
| Zoner | 20170207 | |
| nProtect | 20170207 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is
opened.
Summary
application_name
Microsoft Excel
creation_datetime
2006-09-16 01:00:00
last_saved
2017-02-07 20:58:10
code_page
Latin I
Document summary
version
786432
code_page
Latin I
OLE Streams
Macros and VBA code streams
ExifTool file metadata
MIMEType
application/vnd.ms-excel
CompObjUserType
Microsoft Office Excel 2003 Worksheet
ModifyDate
2017:02:07 19:58:10
TitleOfParts
Sheet1
SharedDoc
No
FileType
XLS
AppVersion
12.0
LinksUpToDate
No
ScaleCrop
No
CompObjUserTypeLen
38
HeadingPairs
Worksheets, 1
FileTypeExtension
xls
HyperlinksChanged
No
CreateDate
2006:09:16 00:00:00
Security
None
CodePage
Windows Latin 1 (Western European)
Software
Microsoft Excel
File identification
MD5 074c031d35b36af9029fb64391a85d75
SHA1 48d1391fe615171612ac85244a58dfe418edfd32
SHA256 022b950339342fdd91ea9e38460490c6c9339298ca050edd6bfbf57b2d07cc01
ssdeep
1536:hmZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAE+h0BmJp2/59uNBWN:hmZ+RwPONXoRjDhIcp0fDlaGGx+cL26w
File size
56.0 KB ( 57344 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Sep 15 00:00:00 2006, Last Saved Time/Date: Mon Feb 06 19:58:10 2017, Security: 0
| TrID |
Microsoft Excel sheet (48.0%) Microsoft Excel sheet (alternate) (39.2%) Generic OLE2 / Multistream Compound File (12.8%) |
Tags
macros
auto-open
xls
VirusTotal metadata
First submission
2017-02-07 23:24:02 UTC ( 23 hours, 33 minutes ago )
Last submission
2017-02-08 10:13:07 UTC ( 12 hours, 44 minutes ago )
| File names |
URGENT DOC.xls 48d1391fe615171612ac85244a58dfe418edfd32.xls |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!