Report - Invoice%20325274%20from%20Quickbooks,%20LLC.xls

VBA_macro MSOffice File

ScreenShot

Info
Location map


Created	2023.12.04 10:47	Machine	s1_win7_x6401
Filename	Invoice%20325274%20from%20Quickbooks,%20LLC.xls
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Invoice 325274 from Quickbooks, LLC, Author: Quickbooks, LLC, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed J
AI Score	Not founds	Behavior Score	1.0
ZERO API	file : mailcious
VT API (file)	34 detected (malicious, high confidence, Dridex, Save, Valyria, HPYL, 0NA103GG21, score, Ole2, druvzi, TOPIS, wwFjRqjqO3C, Malware@#1xmzpuwl3lw58, Siggen3, ADXD, AJAM, PSTT, ai score=99, MacroS)
md5	ab0ba30c618d88e8a9134e0a7c43fc31
sha256	0e1667c84a5a53153c9abe4eaafbea3dac07a49ebeb59c79c1e0f830edfea28c
ssdeep	12288:jRYbXrlUc6XS/CwRl+4MW1H5onZHBDznxcp/c0UGtkbByxlFYd2DrpJT:MUc6EjDMW1UrDjxcNcfgZI2/
imphash
impfuzzy

Network IP location

Signature (1cnts)

Level	Description
danger	File has been identified by 34 AntiVirus engines on VirusTotal as malicious

Rules (2cnts)

Level	Name	Description	Collection
warning	Contains_VBA_macro_code	Detect a MS Office document with embedded VBA macro code [binaries]	binaries (upload)
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure