Register Login

sloganpng

top title background image

PL_Proforma Invoice.xlsx

Status: finished

Submission Time: 2021-01-21 18:56:26 +01:00

Malicious

Trojan

Exploiter

Evader

GuLoader

Comments

Tags

Details

Analysis ID:
342812
API (Web) ID:
587571
Analysis Started:

2021-01-21 18:57:43 +01:00
Analysis Finished:

2021-01-21 19:04:55 +01:00
MD5:
07518e9ef3f985d592423d9c60c5c895
SHA1:
973721e65ade599942b6a166fedf17d0ccc7feb6
SHA256:
16ccda8530923cd7a4c92d8f2cfbb89c99c476c928e5af6e8248374e24a09f60
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 19/61

malicious

Score: 11/46

malicious

IPs

IP	Country	Detection
103.125.191.78	Viet Nam

Domains

Name	IP	Detection
kalamikwsdyonlinwtmg.dns.army	103.125.191.78

URLs

Name	Detection
http://kalamikwsdyonlinwtmg.dns.army/kaladoc/vbc.exe

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Desktop\~$PL_Proforma Invoice.xlsx	data	#
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\45EE6A89.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75BEF67F.jpeg	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F2EEFEF6.jpeg	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3	#