download:

eicar-standard-antivirus-test-file-microsoft-excel-dde-cmd-powershell-echo.xlsx

Full analysis: https://app.any.run/tasks/4c8410b1-3a2b-4a73-84e1-0422ee646987
Verdict: No threats detected
Analysis date: February 06, 2020, 22:45:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

00EFC2E27091633D05B4998BCD445A70

SHA1:

2B04CB4CCF3F4EE28D4B1C69B7F341A509266F2D

SHA256:

87FCE6C9B09B15EF8F3E160224B5FE3C735B98C56EC1E38BA3D2D2F802A53743

SSDEEP:

1536:yYtazOq2qBWXLTRHASiAS0ASnYO3+gO2IKwR3x9vHU07tWsXDiLKrpNJWPO:VgOq2qBWXNASiAS0ASnYW1gKwR3x9vHz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Microsoft Office registry keys

      • EXCEL.EXE (PID: 780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

viewport: width=device-width
Title: eicar-standard-antivirus-test-files/eicar-standard-antivirus-test-file-microsoft-excel-dde-cmd-powershell-echo.xlsx at master · mattias-ohlsson/eicar-standard-antivirus-test-files · GitHub
Description: Test files for eicar-standard-antivirus-test-file. Contribute to mattias-ohlsson/eicar-standard-antivirus-test-files development by creating an account on GitHub.
twitterImageSrc: https://avatars3.githubusercontent.com/u/338867?s=400&v=4
twitterSite: @github
twitterCard: summary
twitterTitle: mattias-ohlsson/eicar-standard-antivirus-test-files
twitterDescription: Test files for eicar-standard-antivirus-test-file. Contribute to mattias-ohlsson/eicar-standard-antivirus-test-files development by creating an account on GitHub.
requestId: 4A6F:3CC20:430D8F:63DF7C:5E3C9726
htmlSafeNonce: ebac7a4df05411415d7110a84d54ff98075de4d5
visitorPayload: eyJyZWZlcnJlciI6bnVsbCwicmVxdWVzdF9pZCI6IjRBNkY6M0NDMjA6NDMwRDhGOjYzREY3Qzo1RTNDOTcyNiIsInZpc2l0b3JfaWQiOiIxNTM0MTU0ODg5NDE4ODA3MDc5IiwicmVnaW9uX2VkZ2UiOiJhbXMiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitorHmac: e738521343571f0ffdef035e19908cc60bda72b50814f418d31fbc2f1c90bb92
githubKeyboardShortcuts: repository,source-code
googleSiteVerification: GXs5KoUUkNCoaAZn7wPN-t01Pywp9M3sEjnt_3_ZWPc
octolyticsHost: collector.githubapp.com
octolyticsAppId: github
octolyticsEventUrl: https://collector.githubapp.com/github-external/browser_event
octolyticsDimensionGa_id: -
analyticsLocation: /<user-name>/<repo-name>/blob/show
googleAnalytics: UA-3769691-2
dimension1: Logged Out
hostname: github.com
userLogin: -
expectedHostname: github.com
enabledFeatures: MARKETPLACE_FEATURED_BLOG_POSTS,MARKETPLACE_INVOICED_BILLING,MARKETPLACE_SOCIAL_PROOF_CUSTOMERS,MARKETPLACE_TRENDING_SOCIAL_PROOF,MARKETPLACE_RECOMMENDATIONS,MARKETPLACE_PENDING_INSTALLATIONS,RELATED_ISSUES
HTTPEquivXPjaxVersion: 999b807f99431c14491f533c076d19f4
goImport: github.com/mattias-ohlsson/eicar-standard-antivirus-test-files git https://github.com/mattias-ohlsson/eicar-standard-antivirus-test-files.git
octolyticsDimensionUser_id: 338867
octolyticsDimensionUser_login: mattias-ohlsson
octolyticsDimensionRepository_id: 59605682
octolyticsDimensionRepository_nwo: mattias-ohlsson/eicar-standard-antivirus-test-files
octolyticsDimensionRepository_public:
octolyticsDimensionRepository_is_fork: -
octolyticsDimensionRepository_network_root_id: 59605682
octolyticsDimensionRepository_network_root_nwo: mattias-ohlsson/eicar-standard-antivirus-test-files
octolyticsDimensionRepository_explore_github_marketplace_ci_cta_shown: -
browserStatsUrl: https://api.github.com/_private/browser/stats
browserErrorsUrl: https://api.github.com/_private/browser/errors
themeColor: #1e2327
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start excel.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
780"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /ddeC:\Program Files\Microsoft Office\Office14\EXCEL.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Excel
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\excel.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
263
Read events
217
Write events
39
Delete events
7

Modification events

(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
Operation:writeName:'#-
Value:
27232D000C030000010000000000000000000000
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1033
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1041
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1046
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1036
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1031
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1040
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1049
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:3082
Value:
Off
(PID) Process:(780) EXCEL.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1042
Value:
Off
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
780EXCEL.EXEC:\Users\admin\AppData\Local\Temp\CVR6B07.tmp.cvr
MD5:
SHA256:
780EXCEL.EXEC:\Users\admin\AppData\Local\Temp\~$eicar-standard-antivirus-test-file-microsoft-excel-dde-cmd-powershell-echo.xlsx
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
eicar-standard-antivirus-test-file-microsoft-excel-dde-cmd-powershell-echo.xlsx