Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Heur.15528.xls

Overview

General Information

Sample Name:SecuriteInfo.com.Heur.15528.xls
Analysis ID:356212
MD5:5a75c6184001a6b8785206f1e2121290
SHA1:b3ec9fbcc5e96c45e74d503210a51a7ee5ce8132
SHA256:c71bd3833fbb10cd2f845c83a6ed957f3243990de48a74b4d5cf1602303f4bb1

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Yara signature match

Classification