Malicious
General
Structural Analysis
Config.1
Yara Rules19
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | c4120c50690a44fb51972992e011ee01
|
| Sha1 | 1b0c6fde0c3e94deaeb67fd99620d39efa9452b5
|
| Sha256 | f9935b1b62b64857ef6534c06c5298065802397d99c9168c22d2fbd3849eaf04
|
| Sha384 | aa9a00b161c747afdd51331b61314280f305e49bce96ce972c3136d419ce8e58cc7639139d92b732588276a01065abfc
|
| Sha512 | dc69fe8061833902b3ea4224469075a71f9797684c1a7c52e1bfddacadeeb6613342214969cf436e9dedc003ea2f13ffc456d8e0d8667427f1e1435c0f42af52
|
| SSDeep | 12288:a5c9+FAzix12b2euqYwepVgaiWIuq1bkPoa/EjaPhbmCCVicaZi3iAI9Wm6Wej+O:DiAn2euD3PQuqSz4uDCcZi3iAIJ6WCv
|
| TLSH | 9BF4235B3B5DA6C4CAD719B1856B365F78F28937882C8F71E0174A7E04279D02E0FA9C
|
File Structure
c4120c50690a44fb51972992e011ee01
Zip Archive
Office Document
Corrupted
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
Godrej_One_Mahalaxmi_Site_Salary_JUNE-2025
Malicious
error_2025070260352966701.txt
Archive Entry
EXECLFORMATFORDIRECTSALARY_ONE MAHALAXMI1.CSV
Archive Entry
Godrej_One_Mahalaxmi_Site_Salary_JUNE-2025.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
worksheets
sheet4.xml
Xml
sheet37.xml
Xml
sheet36.xml
Xml
sheet35.xml
Xml
sheet34.xml
Xml
sheet33.xml
Xml
sheet32.xml
Xml
sheet1.xml
Xml
sheet30.xml
Xml
sheet29.xml
Xml
sheet38.xml
Xml
sheet39.xml
Xml
_rels
sheet39.xml.rels
Xml
sheet38.xml.rels
Xml
sheet23.xml.rels
Xml
sheet21.xml.rels
Xml
sheet10.xml.rels
Xml
sheet2.xml
Xml
sheet3.xml
Xml
sheet28.xml
Xml
sheet31.xml
Xml
sheet26.xml
Xml
sheet13.xml
Xml
sheet12.xml
Xml
sheet11.xml
Xml
sheet10.xml
Xml
sheet9.xml
Xml
sheet8.xml
Xml
sheet7.xml
Xml
sheet6.xml
Xml
sheet5.xml
Xml
sheet14.xml
Xml
sheet27.xml
Xml
sheet16.xml
Xml
sheet20.xml
Xml
sheet21.xml
Xml
sheet22.xml
Xml
sheet23.xml
Xml
sheet24.xml
Xml
sheet25.xml
Xml
sheet19.xml
Xml
sheet15.xml
Xml
sheet17.xml
Xml
sheet18.xml
Xml
theme
theme1.xml
Xml
sharedStrings.xml
Xml
styles.xml
Xml
printerSettings
printerSettings1.bin
printerSettings2.bin
printerSettings3.bin
printerSettings4.bin
calcChain.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Head_Count_-_June-25.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
worksheets
sheet4.xml
Xml
_rels
sheet6.xml.rels
Xml
sheet5.xml.rels
Xml
sheet4.xml.rels
Xml
sheet3.xml.rels
Xml
sheet2.xml.rels
Xml
sheet1.xml.rels
Xml
sheet7.xml.rels
Xml
sheet8.xml.rels
Xml
sheet9.xml.rels
Xml
sheet16.xml.rels
Xml
sheet15.xml.rels
Xml
sheet14.xml.rels
Xml
sheet13.xml.rels
Xml
sheet12.xml.rels
Xml
sheet11.xml.rels
Xml
sheet10.xml.rels
Xml
sheet2.xml
Xml
sheet3.xml
Xml
sheet1.xml
Xml
sheet7.xml
Xml
sheet12.xml
Xml
sheet11.xml
Xml
sheet10.xml
Xml
sheet9.xml
Xml
sheet8.xml
Xml
sheet13.xml
Xml
sheet14.xml
Xml
sheet15.xml
Xml
sheet5.xml
Xml
sheet16.xml
Xml
sheet6.xml
Xml
sharedStrings.xml
Xml
styles.xml
Xml
theme
theme1.xml
Xml
calcChain.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
PF.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
styles.xml
Xml
worksheets
sheet2.xml
Xml
sheet1.xml
Xml
sharedStrings.xml
Xml
calcChain.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
UAN.pdf
Archive Entry
Text (Preview)
Page #1
PDF Text Preview (generated)
Page #2
PDF Text Preview (generated)
Page #3
PDF Text Preview (generated)
Page #4
PDF Text Preview (generated)
Page #5
PDF Text Preview (generated)
Page #6
PDF Text Preview (generated)
Page #7
PDF Text Preview (generated)
Page #8
PDF Text Preview (generated)
Page #9
PDF Text Preview (generated)
Page #10
PDF Text Preview (generated)
Page #11
PDF Text Preview (generated)
Page #12
PDF Text Preview (generated)
Page #13
PDF Text Preview (generated)
Page #14
PDF Text Preview (generated)
Page #15
PDF Text Preview (generated)
Page #16
PDF Text Preview (generated)
Page #17
PDF Text Preview (generated)
Page #18
PDF Text Preview (generated)
Page #19
PDF Text Preview (generated)
Page #20
PDF Text Preview (generated)
Page #21
PDF Text Preview (generated)
Page #22
PDF Text Preview (generated)
Page #23
PDF Text Preview (generated)
Page #24
PDF Text Preview (generated)
Page #25
PDF Text Preview (generated)
Page #26
PDF Text Preview (generated)
Page #27
PDF Text Preview (generated)
Page #28
PDF Text Preview (generated)
Page #29
PDF Text Preview (generated)
#Stream {5}
#Stream {95}
#Stream {6}
#Stream {98}
#Stream {99}
#Stream {101}
#Stream {58}
#Stream {103}
#Stream {4}
#Stream {105}
#Stream {60}
#Stream {107}
#Stream {48}
#Stream {109}
#Stream {54}
#Stream {111}
#Stream {16}
#Stream {113}
#Stream {46}
#Stream {115}
#Stream {44}
#Stream {117}
#Stream {8}
#Stream {119}
#Stream {32}
#Stream {121}
#Stream {52}
#Stream {123}
#Stream {56}
#Stream {125}
#Stream {10}
#Stream {127}
#Stream {50}
#Stream {129}
#Stream {26}
#Stream {131}
#Stream {12}
#Stream {133}
#Stream {36}
#Stream {135}
#Stream {28}
#Stream {137}
#Stream {30}
#Stream {139}
#Stream {20}
#Stream {141}
#Stream {40}
#Stream {143}
#Stream {38}
#Stream {145}
#Stream {42}
#Stream {147}
#Stream {34}
#Stream {149}
#Stream {18}
#Stream {151}
#Stream {24}
#Stream {153}
#Stream {22}
#Stream {157}
#Stream {14}
Structure
UAN_GENERATION.xls
Archive Entry
Office Document
Corrupted
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Repaired @0x0000CD39]
Office Document
Corrupted
Malicious
.
Malicious
Root Entry
Malicious
CompObj
Workbook
Office Document
Corrupted
Malicious
[Repaired @0x0000C739]
Office Document
Corrupted
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
drs
shapexml.xml
Xml
downrev.xml
Xml
_VBA_PROJECT_CUR
VBA
dir
Module1
Blacklist VBA
VBA Macro
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
ThisWorkbook
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
_VBA_PROJECT
PROJECT
PROJECTwm
SummaryInformation
DocumentSummaryInformation
Malware Configuration - URLs in PDF
|
Config. Field0 | Value |
|---|---|
| URL #1 | https://unifiedportal-emp.epfindia.gov.in/epfo |
Informations
|
Name0 | Value |
|---|---|
| UAN.pdf | 1.4 |
| UAN.pdf | D:20250703130330+05'30' |
| UAN.pdf | JasperReports Library version 6.20.5-3efcf2e67f959db3888d79f73dde2dbd7acb4f8e |
| UAN.pdf | D:20250703130330+05'30' |
| UAN.pdf | OpenPDF 1.3.30; modified using iText® 5.5.13.3 ©2000-2022 iText Group NV (AGPL-version) |
| UAN.pdf | D:20250703130330+05'30' |
| UAN.pdf | JasperReports Library version 6.20.5-3efcf2e67f959db3888d79f73dde2dbd7acb4f8e |
| UAN.pdf | D:20250703130330+05'30' |
| UAN.pdf | OpenPDF 1.3.30; modified using iText® 5.5.13.3 ©2000-2022 iText Group NV (AGPL-version) |
c4120c50690a44fb51972992e011ee01 (751.58 KB)
File Structure
c4120c50690a44fb51972992e011ee01
Zip Archive
Office Document
Corrupted
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
Godrej_One_Mahalaxmi_Site_Salary_JUNE-2025
Malicious
error_2025070260352966701.txt
Archive Entry
EXECLFORMATFORDIRECTSALARY_ONE MAHALAXMI1.CSV
Archive Entry
Godrej_One_Mahalaxmi_Site_Salary_JUNE-2025.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
worksheets
sheet4.xml
Xml
sheet37.xml
Xml
sheet36.xml
Xml
sheet35.xml
Xml
sheet34.xml
Xml
sheet33.xml
Xml
sheet32.xml
Xml
sheet1.xml
Xml
sheet30.xml
Xml
sheet29.xml
Xml
sheet38.xml
Xml
sheet39.xml
Xml
_rels
sheet39.xml.rels
Xml
sheet38.xml.rels
Xml
sheet23.xml.rels
Xml
sheet21.xml.rels
Xml
sheet10.xml.rels
Xml
sheet2.xml
Xml
sheet3.xml
Xml
sheet28.xml
Xml
sheet31.xml
Xml
sheet26.xml
Xml
sheet13.xml
Xml
sheet12.xml
Xml
sheet11.xml
Xml
sheet10.xml
Xml
sheet9.xml
Xml
sheet8.xml
Xml
sheet7.xml
Xml
sheet6.xml
Xml
sheet5.xml
Xml
sheet14.xml
Xml
sheet27.xml
Xml
sheet16.xml
Xml
sheet20.xml
Xml
sheet21.xml
Xml
sheet22.xml
Xml
sheet23.xml
Xml
sheet24.xml
Xml
sheet25.xml
Xml
sheet19.xml
Xml
sheet15.xml
Xml
sheet17.xml
Xml
sheet18.xml
Xml
theme
theme1.xml
Xml
sharedStrings.xml
Xml
styles.xml
Xml
printerSettings
printerSettings1.bin
printerSettings2.bin
printerSettings3.bin
printerSettings4.bin
calcChain.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Head_Count_-_June-25.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
worksheets
sheet4.xml
Xml
_rels
sheet6.xml.rels
Xml
sheet5.xml.rels
Xml
sheet4.xml.rels
Xml
sheet3.xml.rels
Xml
sheet2.xml.rels
Xml
sheet1.xml.rels
Xml
sheet7.xml.rels
Xml
sheet8.xml.rels
Xml
sheet9.xml.rels
Xml
sheet16.xml.rels
Xml
sheet15.xml.rels
Xml
sheet14.xml.rels
Xml
sheet13.xml.rels
Xml
sheet12.xml.rels
Xml
sheet11.xml.rels
Xml
sheet10.xml.rels
Xml
sheet2.xml
Xml
sheet3.xml
Xml
sheet1.xml
Xml
sheet7.xml
Xml
sheet12.xml
Xml
sheet11.xml
Xml
sheet10.xml
Xml
sheet9.xml
Xml
sheet8.xml
Xml
sheet13.xml
Xml
sheet14.xml
Xml
sheet15.xml
Xml
sheet5.xml
Xml
sheet16.xml
Xml
sheet6.xml
Xml
sharedStrings.xml
Xml
styles.xml
Xml
theme
theme1.xml
Xml
calcChain.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
PF.xlsx
Archive Entry
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
styles.xml
Xml
worksheets
sheet2.xml
Xml
sheet1.xml
Xml
sharedStrings.xml
Xml
calcChain.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
UAN.pdf
Archive Entry
Text (Preview)
Page #1
PDF Text Preview (generated)
Page #2
PDF Text Preview (generated)
Page #3
PDF Text Preview (generated)
Page #4
PDF Text Preview (generated)
Page #5
PDF Text Preview (generated)
Page #6
PDF Text Preview (generated)
Page #7
PDF Text Preview (generated)
Page #8
PDF Text Preview (generated)
Page #9
PDF Text Preview (generated)
Page #10
PDF Text Preview (generated)
Page #11
PDF Text Preview (generated)
Page #12
PDF Text Preview (generated)
Page #13
PDF Text Preview (generated)
Page #14
PDF Text Preview (generated)
Page #15
PDF Text Preview (generated)
Page #16
PDF Text Preview (generated)
Page #17
PDF Text Preview (generated)
Page #18
PDF Text Preview (generated)
Page #19
PDF Text Preview (generated)
Page #20
PDF Text Preview (generated)
Page #21
PDF Text Preview (generated)
Page #22
PDF Text Preview (generated)
Page #23
PDF Text Preview (generated)
Page #24
PDF Text Preview (generated)
Page #25
PDF Text Preview (generated)
Page #26
PDF Text Preview (generated)
Page #27
PDF Text Preview (generated)
Page #28
PDF Text Preview (generated)
Page #29
PDF Text Preview (generated)
#Stream {5}
#Stream {95}
#Stream {6}
#Stream {98}
#Stream {99}
#Stream {101}
#Stream {58}
#Stream {103}
#Stream {4}
#Stream {105}
#Stream {60}
#Stream {107}
#Stream {48}
#Stream {109}
#Stream {54}
#Stream {111}
#Stream {16}
#Stream {113}
#Stream {46}
#Stream {115}
#Stream {44}
#Stream {117}
#Stream {8}
#Stream {119}
#Stream {32}
#Stream {121}
#Stream {52}
#Stream {123}
#Stream {56}
#Stream {125}
#Stream {10}
#Stream {127}
#Stream {50}
#Stream {129}
#Stream {26}
#Stream {131}
#Stream {12}
#Stream {133}
#Stream {36}
#Stream {135}
#Stream {28}
#Stream {137}
#Stream {30}
#Stream {139}
#Stream {20}
#Stream {141}
#Stream {40}
#Stream {143}
#Stream {38}
#Stream {145}
#Stream {42}
#Stream {147}
#Stream {34}
#Stream {149}
#Stream {18}
#Stream {151}
#Stream {24}
#Stream {153}
#Stream {22}
#Stream {157}
#Stream {14}
Structure
UAN_GENERATION.xls
Archive Entry
Office Document
Corrupted
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Repaired @0x0000CD39]
Office Document
Corrupted
Malicious
.
Malicious
Root Entry
Malicious
CompObj
Workbook
Office Document
Corrupted
Malicious
[Repaired @0x0000C739]
Office Document
Corrupted
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
drs
shapexml.xml
Xml
downrev.xml
Xml
_VBA_PROJECT_CUR
VBA
dir
Module1
Blacklist VBA
VBA Macro
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
ThisWorkbook
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
_VBA_PROJECT
PROJECT
PROJECTwm
SummaryInformation
DocumentSummaryInformation
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| Module1 | Blacklist VBA VBA Macro |
|
| ThisWorkbook | VBA Macro |
|
Malware Configuration - URLs in PDF
|
Config. Field0 | Value |
|---|---|
| URL #1 | https://unifiedportal-emp.epfindia.gov.in/epfo |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.