Windows
Analysis Report
Payment Advice.xls
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- EXCEL.EXE (PID: 3348 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) - AcroRd32.exe (PID: 3560 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | File opened: | Jump to behavior |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD003AA7BB/\x1Ole' : | ||
Source: | Stream path 'MBD003AA7BB/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD003AA7BA/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'Package' entropy: | ||
Source: | Stream path 'MBD003AA7BA/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 1 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Exploit.CVE-2017-0199 | ||
100% | Avira | TR/AVI.Agent.xoswb | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/AVI.Agent.xoswb |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559094 |
Start date and time: | 2024-11-20 07:51:32 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Payment Advice.xls |
Detection: | MAL |
Classification: | mal76.expl.winXLS@3/16@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
01:53:12 | API Interceptor |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34B427A9.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7440 |
Entropy (8bit): | 5.6312448977812695 |
Encrypted: | false |
SSDEEP: | 96:PV1Ipi7blJaXn/08zDefAm/luoOHo6MiDbDda91RjTBbPxmPAWmOHDx:PVxvTNAK4oOIGbK1RvVwPAWmOHDx |
MD5: | DEA1DEA8BEA479821FA2AC1C565B6E56 |
SHA1: | 86865637336A9FEFA98AC5ABD189A848BE8852D4 |
SHA-256: | 64832E2264B5A851EE2CC7E048DA437D6F41B1C3DCAA385971DAA1B502A11125 |
SHA-512: | 1E1858F58748BF88DAB254F524943AC2C8576B4546AA67E37DFFE8917396A1CCCBA3964554AA77C599DD1CA184A56B8AFC3406A14C880A1B88D163EB04BACA1C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7720F2A3.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3191264 |
Entropy (8bit): | 2.0118490192617995 |
Encrypted: | false |
SSDEEP: | 6144:nA0Ki15RlURvLuky+NkuCVAKERludvLuk0Vgk9CVnOKAOK1:P5RlMHk5ERlyDkr8a |
MD5: | 04A17584C7203C47419D4AC2163B98C6 |
SHA1: | 485E17A82AE4672AC8D4B542CA0F509B80C0C4DF |
SHA-256: | EBA2B7C929B2EAA16FB1F733B7ACDDDFD80635A7211B3FBE400FF2796C17827E |
SHA-512: | 043092951F27E81FF96DA084E8112107D6F00DAEE83ADA80132BEC696E56309D16FDDED39F7F3810CA58BB6357CC6A75718CDD2F7B4342CF82D0421B7681A88C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A3EA7214.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1504468 |
Entropy (8bit): | 1.7693060102813485 |
Encrypted: | false |
SSDEEP: | 3072:L+6i9zy7v2/uEB1A/meRlmRYT9FANxg2WUZUKdRLuk0VgHPLk9CVi:LKERludvLuk0Vgk9CVi |
MD5: | EF3C18CC49B02153C770DB977B2E7435 |
SHA1: | D436E0F820DDBBA10DB4D3F1243ED3AA6468C057 |
SHA-256: | F328FB5B6055B687344190BB13D8DD6CDF6EA76D4AAAE6C5112DEC1B32ACE3C2 |
SHA-512: | 2081EF5EE87A360894B8726494F30DFEEFF7D922E733D2E633A3D010DE56C6A4CAEADEEBE4CD12A28658AE250ADE3B093F2FAB032B92A31D511D9C99A12AF337 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DF444448.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3064680 |
Entropy (8bit): | 1.8507381356738084 |
Encrypted: | false |
SSDEEP: | 6144:NaeRlcBvLukyV6kTCVQKERludvLuk0Vgk9CVX:oeRlM7kmERlyDku |
MD5: | 93774BB9AECD3837D6496AE965D1BD80 |
SHA1: | AE60D6A30E74BB5BE492CA71B82205D5C6B850C4 |
SHA-256: | 6CDB58A3C6906A6DD49DB83340ACC7AF0B7C7BBA5C01D8B0A9F562AEBDC85897 |
SHA-512: | 3810C4CDE003BAF916D626A41C0534BF421F5CDBF64D897F385FEDA36F556B6FECC27DB294A39F89C82DF0570424DE2EBB789E0B2294D42BFF80A64756257BD6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E21B720F.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1296688 |
Entropy (8bit): | 3.5917537931564727 |
Encrypted: | false |
SSDEEP: | 6144:eMg23s01u2uIfTlw35YFhkndm9wHiT53ZkyOmCl6PV2yuxOKoOKg:OOWQTi35nH1RW7vAf |
MD5: | 9DDA150CE7CAF9FEA68E1AF0084FD0F1 |
SHA1: | 75CACBC8BEB5E226C44A79B489F76EB4CF01990F |
SHA-256: | 62774D456C891B03F72B0C6ADF8264ADF98E66129D1C876A5915D889553AB5A5 |
SHA-512: | CF65990EFD7688CFE5FA3BB0C8894EBABF3A1FDAF2951EA2346A301377051D9FFAFCE06F10ACC44803D929CE64DA2D45B18675B58BAF0FFB9580394ABD561E98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 24052 |
Entropy (8bit): | 7.652425367216495 |
Encrypted: | false |
SSDEEP: | 384:EaNYaTXe5BPJ2cpRYnyAt3TtsVaWtmGJA8+6qdPGlDLRoucPQFVJG:Ea6aje5BP7RMYt9h44wQFV4 |
MD5: | AE24ADB29E22854D176245019B60E937 |
SHA1: | 28E9F74782AA0D138EE52E3191248F827BF27A1D |
SHA-256: | 5BF5C455288A0B5184B23744506939B604BF402E346AFAE18269BBE888412129 |
SHA-512: | 10AE2624E874CBA663DA08AA0C0FEBE19421FD01F72D54957F22A028A58A33BD4078C6A9CCA7CDAB94FC59030894BEA018141E6920AF4E926155C7EE49B6507D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 684032 |
Entropy (8bit): | 7.93920328752962 |
Encrypted: | false |
SSDEEP: | 12288:SI90mnOAj+5nXpL3VRqfPSMCfhhBKJ+XleX4IOmkqJ5PL+xDuapdfq3:jTOA4tlRwSNjBKJ+XI4Rmf5T+Zbq |
MD5: | 5E59CA1B10907FE670DB2A4DEAA170DC |
SHA1: | 89E163AA6AD81EA006059B3E8BD92D6B97BAC8FA |
SHA-256: | DB7A1506D52B11DC5B32F707B497497C51096B8F8C48A3B7B9DC6662E3D07923 |
SHA-512: | A4996ACC94B4F3458C5986B63BFF20D4F23FB714C149FC495A264CE3637674E82B63D15E2A0B21838431527F7FAC80D1BDBE9C9CAF63774D4E5180CE921A179A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 676352 |
Entropy (8bit): | 7.983690898182405 |
Encrypted: | false |
SSDEEP: | 12288:jI90mnOAj+5nXpL3VRqfPSMCfhhBKJ+XleX4IOmkqJ5PL+xDuapdfq3:sTOA4tlRwSNjBKJ+XI4Rmf5T+Zbq |
MD5: | 3994EB1ED60D61B021A03F64DC46E86E |
SHA1: | 40E76D500B6E95389550572C5B742E602C19B9D8 |
SHA-256: | CD3B55D5409CA130078E38ABDA33F83241AD0F372D3979762B675D42A8E23785 |
SHA-512: | DFCB012E0E498E07F34BD54F0149E811B29871323777EDA33D197701905CE4B64C0E2E5C3E302493E04A4BA5DA5615126B4EFC5FD402590515F5614413EB7684 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6739662216458647 |
Encrypted: | false |
SSDEEP: | 12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R |
MD5: | C61F99FE7BEE945FC31B62121BE075CD |
SHA1: | 083BBD0568633FECB8984002EB4FE8FA08E17DD9 |
SHA-256: | 1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732 |
SHA-512: | 46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7513521539333206 |
Encrypted: | false |
SSDEEP: | 24:CMLhbFnirW0rAHV4Ji9Tp5fGtFTIvs5/KUC6m6C9xRjNi1uiHIzVp9:CMBFF0kKJoTetFTFZKR6axR6uiozVb |
MD5: | 8A8D71BED4B5760F2F82C680C2C8CACC |
SHA1: | FA589EA7BA858C514079289BCEA3625432110427 |
SHA-256: | 78CF9C5CCAC6BEF4326F7514D4083BBC223347412A3D2975EDA8AD679D4EEB2B |
SHA-512: | 8D06BAC9D7433AAAD1126CF922F133FF2946A830507BFA0308677D3D81E5559A708D7733BB87C9CA70A8146DD6C2DB5B50A4D97F9442FE615483711B12445BC9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 935936 |
Entropy (8bit): | 7.986032953834692 |
Encrypted: | false |
SSDEEP: | 24576:GTOA4tlRwSNjBKJ+XI4Rmf5T+ZbqMnUspWk:3lR/NjBKJCgfFcqGUspWk |
MD5: | DA9AE8C1C57A5D633DF72DE0356103AF |
SHA1: | 8C1B5C78F8FD4F16B730BE1A023443612A959970 |
SHA-256: | 7BF1723E0A07F7064938EB779F53F358D1BE83EB7F46B4476AF3B5892BFB3B7A |
SHA-512: | B48A4164E28780B82DE1FC1D848182513DD9159A8F1B4690EC28B86E9F991B2541F4654852DC96228FA8F59ACAF96DAD4A6FBFA42DBB7ECACC0764526462EDB5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 935936 |
Entropy (8bit): | 7.986032953834692 |
Encrypted: | false |
SSDEEP: | 24576:GTOA4tlRwSNjBKJ+XI4Rmf5T+ZbqMnUspWk:3lR/NjBKJCgfFcqGUspWk |
MD5: | DA9AE8C1C57A5D633DF72DE0356103AF |
SHA1: | 8C1B5C78F8FD4F16B730BE1A023443612A959970 |
SHA-256: | 7BF1723E0A07F7064938EB779F53F358D1BE83EB7F46B4476AF3B5892BFB3B7A |
SHA-512: | B48A4164E28780B82DE1FC1D848182513DD9159A8F1B4690EC28B86E9F991B2541F4654852DC96228FA8F59ACAF96DAD4A6FBFA42DBB7ECACC0764526462EDB5 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.9803914567037655 |
TrID: |
|
File name: | Payment Advice.xls |
File size: | 1'136'640 bytes |
MD5: | 56821dcc602eb746c433a33f0b89808e |
SHA1: | 757059c1429ac7250ed56ddab56f8c893d265c7e |
SHA256: | 58a80743333e461c9a69b9201ad29f667baa8d95789f66f11c49232b4a58005d |
SHA512: | b684e8990bb2d5be7b687ede6f4ae6cb5ce3605cc5013f97c1c239ef41d8797985b4b9de22e4ac90b462626984f31410fd831bc61c52dcd5e76bc97b66bcc533 |
SSDEEP: | 24576:Suq9PLiijE2Z5Z2amSRQnNF84LJQoheMaJw:SuEPLiij7Z5ZKSRYFjLJQohsw |
TLSH: | 95352326FD85DB4BE697AA321C83D8B220547C93FE6413452B31F71E287D8B56F83486 |
File Content Preview: | ........................>.......................................................................................................j.......l.......n.............................................................................................................. |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-11-19 10:26:07 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . o h . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fc 6f 68 fd 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . o x . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fc 6f 78 ed 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . o 5 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fc 6f 35 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . o . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fc 6f df da 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.3020681057018666 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . I q m : . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD003AA7BA/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD003AA7BA/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 781878 |
Entropy: | 7.996379131960943 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . j A 3 . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 6a 41 33 c9 e9 01 00 00 fc 08 00 00 13 00 e1 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dd 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD003AA7BB/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 529 |
Entropy: | 5.161514005406144 |
Base64 Encoded: | False |
Data ASCII: | . . . . . , N L 2 . . . . . . . . . . . . 3 . . . y . . . K . / . . . h . t . t . p . s . : . / . / . p . r . o . v . i . t . . . u . k . / . u . E . h . 6 . t . W . ? . & . f . a . c . e . = . r . o . m . a . n . t . i . c . & . a . r . m . e . n . i . a . n . = . d . i . v . e . r . g . e . n . t . & . s . t . e . p . - . a . u . n . t . = . u . p . b . e . a . t . & . p . r . o . d . u . c . t . = . f . a . i . r . & . c . r . i . c . k . e . t . . . . J 1 X . . . . F . R D % r a S . . z u . Z . { L N ) |
Data Raw: | 01 00 00 02 1f ac 2c 4e ac 4c ae 32 00 00 00 00 00 00 00 00 00 00 00 00 33 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 2f 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 70 00 72 00 6f 00 76 00 69 00 74 00 2e 00 75 00 6b 00 2f 00 75 00 45 00 68 00 36 00 74 00 57 00 3f 00 26 00 66 00 61 00 63 00 65 00 3d 00 72 00 6f 00 6d 00 61 00 6e 00 74 00 69 00 63 00 26 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 330953 |
Entropy: | 7.998779275173815 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . F 5 O . % Q / 6 Q . . . f 1 . + 3 . D . L . . . . . . . ^ . . . \\ . p . k ' P L / 3 . . @ . . u w . . s f 9 < * B * > . ! . z d 3 o . + 2 } . . 1 3 3 P . . . q 9 S + [ . . I H . B . . . \\ a . . . o ` . . . = . . . " F s . . . I . x h . a ~ . . U 9 . . . . . . . . n J . . . . 9 . . . . ' . . . . c . . . . q = . . . o 6 = ^ R . . p a . J @ . . . . . . t " . . . . . . . m . . . . . . . . 1 . . . . N N ) ( . > U . ? . . T I 1 . . . > L o O 9 . x . g |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 1c 88 46 35 b2 4f 2e f3 25 bc 8e 51 f3 b9 de ea af 2f 87 36 51 b6 1c ea d2 93 0d 84 be 9c 8e 66 ab 31 ce df b8 f6 fe 2b fe 33 18 44 c3 a9 4c 8e e1 00 02 00 b0 04 c1 00 02 00 5e cb e2 00 00 00 5c 00 70 00 6b 27 ea 50 4c 2f 33 83 f9 e2 a4 15 b6 18 fb 86 40 db a3 05 fd 75 b8 77 ab a4 92 18 cd 7f |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 525 |
Entropy: | 5.222634301498463 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 6 B 8 4 0 D 7 9 - D 4 0 8 - 4 E D 6 - B 8 1 2 - 6 7 A 5 5 7 9 E 6 3 D E } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D 6 D 4 3 5 B D 3 5 C D 3 B D 1 3 |
Data Raw: | 49 44 3d 22 7b 36 42 38 34 30 44 37 39 2d 44 34 30 38 2d 34 45 44 36 2d 42 38 31 32 2d 36 37 41 35 35 37 39 45 36 33 44 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.9848676676542825 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.37457139885983 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . N i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e8 af 4e 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:52:34 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f860000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:53:12 |
Start date: | 20/11/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |