Malicious
Malicious
MS Office Document
MD5: 7b75722e2a6c8502d6b2637bf0b4def7
Size: 555.52 KB
application/vnd.ms-office
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
7b75722e2a6c8502d6b2637bf0b4def7
Sha1
0f8824b4d1637d10f53b1c712ced12923b4a8d9f
Sha256
d91c0e47050b3d3ae212b58ee8d38999664a9374c888302b0ec0a2edf5f96622
Sha384
f6f616615324222d632aa9469b12e0255b097f173346417f97684c2ea5757e314d56d27c00bc3429977a1fdd000269eb
Sha512
a9ce8a18b72bd61ad20b46c4f513df294c38ff111700c5e6dd6adb1a7bf3b3f8dd196d75cfd4d8986856e680bf2b68cec7e142b7e50d85f802cef8adba11bb0d
SSDeep
12288:0JxAPXRCp+79QG0WW7z2Eza2WzGoWCAsmp8paCwcG:2A/EdcvGoWlf
TLSH
FAC4236472C2FD0ACA27A33484A595C7811BFC638F86E7573624B34C90747E772672AE
File Structure
[Repaired @0x00006E00]
Malicious
Root Entry
Malicious
CompObj
Workbook
SummaryInformation
DocumentSummaryInformation
MBD001F4FF5
Ole
CompObj
CONTENTS
#Stream {UglyToad.PdfPig.Core.XrefLocation}
Text (Preview)
Structure
MBD001F4FF6
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
sheet2.xml
sheet3.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet7.xml.rels
sheet6.xml.rels
sheet5.xml.rels
sheet4.xml.rels
sheet1.xml
sheet13.xml
sheet12.xml
sheet11.xml
sheet10.xml
sheet9.xml
sheet8.xml
sheet7.xml
sheet6.xml
sheet5.xml
sheet14.xml
sheet15.xml
sheet16.xml
media
image1.emf
drawings
vmlDrawing1.vml
_rels
vmlDrawing1.vml.rels
sharedStrings.xml
theme
theme1.xml
styles.xml
printerSettings
printerSettings4.bin
printerSettings2.bin
printerSettings3.bin
printerSettings1.bin
printerSettings5.bin
externalLinks
Malicious
externalLink1.xml
_rels
Malicious
docProps
thumbnail.wmf
core.xml
app.xml
CompObj
MBD001F4FF7
Ole
_VBA_PROJECT_CUR
PROJECT
PROJECTwm
VBA
dir
_VBA_PROJECT
Malware Configuration - Remote Template
Config. Field
Value
Target

file:///F:\Copy%20of%20Muiltple%20master%20July%202016%20(003).xlsx

Path

externalLink1.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath" Target="file:///F:\Copy%20of%20Muiltple%20master%20July%202016%20(003).xlsx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Informations
Name
Value
CONTENTS

1.4

CONTENTS

D:20260623140016+02'00'

CONTENTS

RICOH IM C3010

CONTENTS

D:20260623140016+02'00'

CONTENTS

RICOH IM C3010

CONTENTS

D:20260623140016+02'00'

CONTENTS

D:20260623140016+02'00'

CONTENTS

RICOH IM C3010

CONTENTS

RICOH IM C3010

CONTENTS

1.7

CONTENTS

Absa Retail

CONTENTS

D:20260622120032Z

CONTENTS

DocFusion

CONTENTS

D:20260622120032Z

CONTENTS

DocFusion

CONTENTS

DocFusion

CONTENTS

D:20260622120032Z

CONTENTS

D:20260622120032Z

CONTENTS

DocFusion

CONTENTS

Absa Retail

Artefacts
Name
Value
Remote Template - Highly Suspicious

file:///F:\Copy%20of%20Muiltple%20master%20July%202016%20(003).xlsx

URI

mailto:privacy@absa.co.za

PDF @0x00000000 (555.52 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙