YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash c749595e9a90a739657ba41098f9c3e50324f2199afbc8bedeeca02722645fcc.

Scan Results


SHA256 hash: c749595e9a90a739657ba41098f9c3e50324f2199afbc8bedeeca02722645fcc
File size:1'079'808 bytes
File download: Original
MIME type:application/vnd.ms-excel
MD5 hash: 5bf6a6355aa87c0b503ac9483bdda694
SHA1 hash: 4b66e4a3ce22603d9e58893c33b023ffd1f96713
SHA3-384 hash: 05289b35239668564bd04500c2acb8de2f35618392e36443f2f269ac661ee9258c95bedfddff0db4b988006966b30e58
First seen:2022-11-24 19:45:00 UTC
Last seen:2022-11-25 07:02:04 UTC
Sightings:2
imphash :n/a
ssdeep : 24576:sr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXgmhr5XXXXXXXXXXXXUXXXXXXXSXXXXXM:
TLSH : T17D35AD347893CE36DAA5863477D6D5A103037C733D548A5722C3732E1AF3342A8D6EAA
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:1138d228-6c8f-11ed-a71a-42010aa4000b
File name:c749595e9a90a739657ba41098f9c3e50324f2199afbc8bedeeca02722645fcc.xls
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.VBA.Agent-13.UNOFFICIAL
Signature:TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Signature:TwinWave.EvilDoc.FormBookPicturesOfU.MSOLE2.220802.UNOFFICIAL
Signature:TwinWave.EvilDoc.FormBookPicturesOfU.MSOLE2.221111.UNOFFICIAL

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:INDICATOR_OLE_EXPLOIT_CVE_2017_11882_1
Author:ditekSHen
Description:detects OLE documents potentially exploiting CVE-2017-11882
TLP:TLP:WHITE
Repository:ditekshen
Rule name:informational_win_ole_protected
Author:Jeff White (karttoon@gmail.com) @noottrak
Description:Identify OLE Project protection within documents.
TLP:TLP:WHITE
Repository:karttoon

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.

Task Information


Task ID:7b842aa7-6c30-11ed-a71a-42010aa4000b
File name:5bf6a6355aa87c0b503ac9483bdda694
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.Trojan.VBA.Agent-13.UNOFFICIAL
Signature:TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Signature:TwinWave.EvilDoc.FormBookPicturesOfU.MSOLE2.220802.UNOFFICIAL
Signature:TwinWave.EvilDoc.FormBookPicturesOfU.MSOLE2.221111.UNOFFICIAL

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:INDICATOR_OLE_EXPLOIT_CVE_2017_11882_1
Author:ditekSHen
Description:detects OLE documents potentially exploiting CVE-2017-11882
TLP:TLP:WHITE
Repository:ditekshen
Rule name:informational_win_ole_protected
Author:Jeff White (karttoon@gmail.com) @noottrak
Description:Identify OLE Project protection within documents.
TLP:TLP:WHITE
Repository:karttoon

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.