File name: | 054419e26dd310c7ff6b947ddc97e5d5060a1d1357140a9cec9f0b30a34adbe7.xla |
Full analysis: | https://app.any.run/tasks/56b64274-8611-4b43-8403-844811c12da1 |
Verdict: | Malicious activity |
Analysis date: | March 22, 2019, 06:37:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , , , Comments: , , Excel 2011-2012 EducatedFoolhttp://excelvba.ru/programmes/Labels, Revision Number: 2104, Name of Creating Application: Microsoft Excel, Last Printed: Thu Nov 24 13:38:40 2011, Create Time/Date: Tue May 29 16:44:33 2018, Last Saved Time/Date: Tue May 29 16:44:40 2018, Security: 0 |
MD5: | E4E09F134CAF5DABD09AEA6F88DA73ED |
SHA1: | 39B9A46AB38F68EAB6C6D79D264D83EB12B4831F |
SHA256: | 054419E26DD310C7FF6B947DDC97E5D5060A1D1357140A9CEC9F0B30A34ADBE7 |
SSDEEP: | 12288:VBnQd8L9BxThdLtQwYJh6awlTtMGT1m9iplc/uhRgvBIlTI0TXziqT6t9NpChtd8:VBQc3FhpWh6anTmlRhRgvBIlTI0TXziP |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Title: | Надстройка для создания наклеек, этикеток, ценников и квитанций |
Author: | Игорь |
Comments: | Надстройка печати этикеток, наклеек, ценников и квитанций из Excel © 2011-2012 EducatedFool http://excelvba.ru/programmes/Labels |
LastModifiedBy: | Игорь |
RevisionNumber: | 2104 |
Software: | Microsoft Excel |
LastPrinted: | 2011:11:24 13:38:40 |
CreateDate: | 2018:05:29 15:44:33 |
ModifyDate: | 2018:05:29 15:44:40 |
Security: | None |
CodePage: | Windows Cyrillic |
Company: | Azimut |
AppVersion: | 14 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2736 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRFA74.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso2211.tmp | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso2232.tmp | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF8A7CCC8202E96CF6.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF2553547FB9F24417.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF67CFBC72A9BEC844.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF074CDC0070FF625C.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF3B0296D15AD89101.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF00909ED890859C9D.TMP | — | |
MD5:— | SHA256:— | |||
2736 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF8BBE8A7FD7878127.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2736 | EXCEL.EXE | POST | 200 | 51.254.21.170:80 | http://excelvba.ru/php2/updates.php | FR | text | 98 b | whitelisted |
2736 | EXCEL.EXE | POST | 200 | 51.254.21.170:80 | http://excelvba.ru/php2/updates.php | FR | text | 262 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2736 | EXCEL.EXE | 51.254.21.170:80 | excelvba.ru | OVH SAS | FR | malicious |
Domain | IP | Reputation |
---|---|---|
excelvba.ru |
| whitelisted |