ScreenShot
| Created | 2024.01.18 07:16 | Machine | s1_win7_x6401 |
| Filename | 4501185419.xls | ||
| Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 00:00:00 2006, Last Saved Time/Date: Wed Jan 25 16:24:48 2023, Security: 0 | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (Generic Exploit, MathType, Obfs, CVE-2017-1188, Camelot, probably a variant of Win32, Malicious, score, Siggen3, AGUW, ai score=85, Leonem, Detected, XG22, Probably Heur, W97NativeName, Mofer, bZu8xJ) | ||
| md5 | 6ab14c920d762241b62aaa41f0982987 | ||
| sha256 | 14ea594b7f0fe9efb3fcd31f36febd5ebc0f686b85284131874296f398bc2842 | ||
| ssdeep | 12288:KAaVfMrz1mcpsL8Z9FovaVfMrzsmoLsLmZ9ZAvaVfBrz1mzpsLmZjF:KQfkcK8Z9FotfroEmZ9ZAQfkzKmZjF | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Contains_VBA_macro_code | Detect a MS Office document with embedded VBA macro code [binaries] | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
