File Information hashes and primary classification
File name
00189ae30ede41db97df3adb41e962c6d08534ca421cf30147b23d1cd46f2228
File size
235.0 KiB
Architecture
VBA
MD5
1be7f7b227794a5163676d8f017d516c
SHA1
5fc6670e292f1d1b18d1df8868787a99c38fd1a5
SHA256
00189ae30ede41db97df3adb41e962c6d08534ca421cf30147b23d1cd46f2228
TLSH
T15434e14af575c84dfe4ac73a4cdb0b9b5276dc228baf0746b285b1516ef0dbc290214b
Imphash
-
Rich header
-
Metadata parser-extracted fields
General:
Type:
Excel.Sheet.8
SummaryInformation-0:
CODEPAGE:
1251
AUTHOR:
Админ
LASTAUTHOR:
Админ
APPNAME:
Microsoft Excel
CREATED:
2015-06-05 18:19:34
LASTSAVED:
2021-10-07 08:05:20
DocumentSummaryInformation-0:
CODEPAGE:
1251
ADDITIONAL_INFO7:
1048576
YARA Signatures 0 matching rules
No YARA rule matched.
Kesakode similarity verdict
No Kesakode verdict available.
Anomalies signals worth reviewing
No anomalies reported.
Constants identified constants and patterns
No known constants identified.
Strings highest-value extracted strings
Kesakode
2376
Malware 0 Library 0 Unknown 2371 Clean 5
AddressStringRefsEncodingScore
0x608 Calibri1 1 UTF16 103
0x33963 ffffff 1 ASCII 102
0x35F4C {084F01FA-E634-4D77-83EE-074817C03581} 0 UTF16 98
0x32F64 theme/theme/themeManager.xml 0 ASCII 96
0x33021 theme/theme/theme1.xml 0 ASCII 96
0x3592A BB",0,"h"&"t"&"t"&"ps://c"&"oronavirusexplanation.com/K6LHv4xQHwL8/natur.h"&"t"&"m"&"l"," 0 ASCII 92
0x32C29 "h"&"t"&"t"&"ps://c"&"oronavirusexplanation.com/K6LHv4xQHwL8/natur.h"&"t"&"m"&"l","J 0 ASCII 92
0x3381 TableStyleMedium2PivotStyleLight16 0 UTF16 90
0x35856 BB",0,"h"&"t"&"t"&"ps://s"&"i"&"lverliningohio.com/dWuiynkrpd/natu.h"&"t"&"ml"," 0 ASCII 89
0x357D2 BB",0,"h"&"t"&"t"&"ps://p"&"dmgtc.org/zndmZgKgKNJO/nature.h"&"t"&"m"&"l"," 0 ASCII 88
0x32C7F "h"&"t"&"t"&"ps://s"&"i"&"lverliningohio.com/dWuiynkrpd/natu.h"&"t"&"ml"," 0 ASCII 88
0x3AB82 DocumentSummaryInformation 0 UTF16 88
0x32BE2 "h"&"t"&"t"&"ps://p"&"dmgtc.org/zndmZgKgKNJO/nature.h"&"t"&"m"&"l","S 0 ASCII 87
0x33864 theme/theme/_rels/themeManager.xml.relsPK 0 ASCII 83
0x33651 theme/theme/_rels/themeManager.xml.rels 0 ASCII 83
0x360C2 DocumentCryptSecurity 0 UTF16 82
0x35C04 Microsoft Print to PDF 0 UTF16 80
0x36096 DocumentOwnerPassword 0 UTF16 80
0x3AB02 SummaryInformation 0 UTF16 80
0x7A3 "_-;_-@_- 0 UTF16 79
0x858 "_-;_-@_- 0 UTF16 79
0x1402 ##0. 7 UTF16 79
0x201B7 q+u` 1 ASCII 79
0x3606C DocumentUserPassword 0 UTF16 78
0x836 "_-;_-* "-"??\ " 0 UTF16 78
0x337D6 theme/theme/themeManager.xmlPK 0 ASCII 77
0x33820 theme/theme/theme1.xmlPK 0 ASCII 77
0x2227D /sE/N 0 ASCII 77
0x785 "_-;_-* "-"\ " 0 UTF16 76
0x35230 Aw8E5E5A 0 UTF16 76
0x3AA80 Workbook 0 UTF16 76
0x225FE q\r\n\n\n\n\n\n\n\n\n\n\n\n\n\njYr 0 ASCII 75
0x27878 \r\n\n\n\n\n\n\n\n\n\n\n\n\n\njeJu 0 ASCII 75
0x1DF7A gj]2.N2C 0 ASCII 75
0xF800 bK#m.V 5 ASCII 74
0x30016 ^'Kz/ 1 ASCII 74
0x22AFF AAAAAAAAAAAAAAA-Ce: 0 ASCII 73
0x28108 AAAAA-C 0 ASCII 73
0x873 _-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_- 0 ASCII 71
0x714 ";[Red]\-#,##0.00\ " 0 UTF16 71
0x21F9E -a|m+oAAAAAAAAAAAA?FR] 0 ASCII 71
0x27789 DmmmPPPPPPPPPPPPPPP3) 0 ASCII 71
0x22B46 "m|AAAAAAAAAAAAAAAM 0 ASCII 71
0x27AFF \n\n\n\n\n\n\n\n\n\n\n\n\n\nj9R} 0 ASCII 71
0x22911 G7GGGWGgGw 0 ASCII 71
0x80E "_-;\-* #,##0.00\ " 0 UTF16 70
0x37C8C ?333333 0 ASCII 70
0x3714B ?333333 0 ASCII 70
0x37A98 ?333333 0 ASCII 70
0x339AA ?333333 0 ASCII 70
0x33C48 ?333333 0 ASCII 70
0x344BF ?333333 0 ASCII 70
0x38070 ?333333 0 ASCII 70
0x3546B ?333333 0 ASCII 70
0x37E80 ?333333 0 ASCII 70
0x378A4 ?333333 0 ASCII 70
0xDBA2 F.tN6 0 ASCII 70
0x2561C apap 0 ASCII 70
0x20258 ~(?d 1 ASCII 70
0x2B08D ooom 0 ASCII 70
0x10A73 '..s 0 ASCII 70
0x227B3 ^PPPPPPPPPPPPPPPk 0 ASCII 69
0x2806F [PPPPPPP 0 ASCII 69
0x28A31 WPPPPPPP 0 ASCII 69
0x283DE GPPPPPPP 0 ASCII 69
0x33FCD \n\r\r> 0 UTF16 69
0x6D1 ";\-#,##0.00\ " 0 UTF16 68
0x530 Calibri Light1 0 UTF16 68
0x222F8 ^PPPPPPPPPPP 0 ASCII 68
0x22052 WPPPPPPPPPPP 0 ASCII 68
0x34E91 :\Datop\test2.test", 0 ASCII 67
0x3503C :\Datop\test1.test", 0 ASCII 67
0x3AA00 Root Entry 0 UTF16 67
0x34F63 :\Datop\test.test", 0 ASCII 67
0x27801 \n\n\n\n\n\n\n\n\n\n\n\n\n\nj%* 0 ASCII 67
0x332 Calibri1 0 UTF16 67
0x354 Calibri1 0 UTF16 67
0x27923 kPPPPPPPPPPPPPPP 0 ASCII 67
0x376 Calibri1 0 UTF16 67
0x398 Calibri1 0 UTF16 67
0x3BA Calibri1 0 UTF16 67
0x3DC Calibri1 0 UTF16 67
0x3FE Calibri1 0 UTF16 67
0x420 Calibri1 0 UTF16 67
0x442 Calibri1 0 UTF16 67
0x464 Calibri1 0 UTF16 67
0x486 Calibri1 0 UTF16 67
0x4A8 Calibri1 0 UTF16 67
0x4CA Calibri1 0 UTF16 67
0x4EC Calibri1 0 UTF16 67
0x55E Calibri1 0 UTF16 67
0x580 Calibri1 0 UTF16 67
0x5A2 Calibri1 0 UTF16 67
0x5C4 Calibri1 0 UTF16 67
0x5E6 Calibri1 0 UTF16 67
0x229A5 \n\n\n\n\n\n\n\n\n\n\n\n\n\nj 0 ASCII 67
0x22A9C \n\n\n\n\n\n\n\n\n\n\n\n\n\nj 0 ASCII 67
0x223FD \n\n\n\n\n\n\n\n\n\n\n\n\n\nj 0 ASCII 67
0x224FA XPPPPPPPPPPPPPP 0 ASCII 67
0x62A Calibri 0 UTF16 67
0x27C73 [PPPPPPPPPPPPP 0 ASCII 67
0x35A44 J9KKCA 0 UTF16 67
0x32E7B _rels/.rels 0 ASCII 67
0x7BE _-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_- 0 ASCII 66
0x3566E :\Datop\test2.test",0,0) 0 ASCII 66
0x356B9 :\Datop\test1.test",0,0) 0 ASCII 66
0x355EB :\Datop\test.test",0,0) 0 ASCII 66
0x358D9 lmon","URLDownloadToFil 0 ASCII 66
0x34484 ffffff 0 ASCII 66
0x37C45 ffffff 0 ASCII 66
0x37A91 333333 0 ASCII 66
0x37A5D ffffff 0 ASCII 66
0x37A51 ffffff 0 ASCII 66
0x38069 333333 0 ASCII 66
0x38035 ffffff 0 ASCII 66
0x38029 ffffff 0 ASCII 66
0x37C85 333333 0 ASCII 66
0x35424 ffffff 0 ASCII 66
0x37E79 333333 0 ASCII 66
0x35430 ffffff 0 ASCII 66
0x35464 333333 0 ASCII 66
0x3396F ffffff 0 ASCII 66
0x339A3 333333 0 ASCII 66
0x344B8 333333 0 ASCII 66
0x37E45 ffffff 0 ASCII 66
0x33C01 ffffff 0 ASCII 66
0x35BD2 ffffff 0 ASCII 66
0x35BDE ffffff 0 ASCII 66
0x33C0D ffffff 0 ASCII 66
0x33C41 333333 0 ASCII 66
0x37E39 ffffff 0 ASCII 66
0x28206 AAAAAA 0 ASCII 66
0x37144 333333 0 ASCII 66
0x34478 ffffff 0 ASCII 66
0x37C51 ffffff 0 ASCII 66
0x3785D ffffff 0 ASCII 66
0x37869 ffffff 0 ASCII 66
0x3789D 333333 0 ASCII 66
0xA677 .//2. 0 ASCII 66
0x68A ";[Red]\-#,##0\ " 0 UTF16 65
0x22A34 }PPPPPPPPPPPPPPP 0 ASCII 65
0x22894 AAAAAAAAAAAAAAA 0 ASCII 65
0x22829 AAAAAAAAAAAAAAA 0 ASCII 65
0x22957 \n\n\n\n\n\n\n\n\n\n\n\n\n\n 0 ASCII 65
0x3379D _rels/.relsPK 0 ASCII 65
0x27E9A \n\n\n\n\n\n\n\n\n\n\n\n\n 0 ASCII 65
0x2812D AAAAAAA 0 ASCII 65
0x763 "_-;\-* #,##0\ " 0 UTF16 64
0x2839B IzPPPP 0 ASCII 64
0x50E Calibri1* 0 UTF16 63
0x35FB8 Orientation 0 ASCII 63
0x3578D yA","JCJ"," 0 ASCII 63
0x34821 "JCJ"," 0 ASCII 63
0x3375C [Content_Types].xmlPK 0 ASCII 62
0x32D4B [Content_Types].xml 0 ASCII 62
0x3493B "URLDownloadToFil 0 ASCII 62
0x359F2 llExecuteA","JJ 0 ASCII 62
0x35FC4 PORTRAIT 0 ASCII 62
0x7EE _-* #,##0.00\ " 0 UTF16 61
0x653 ";\-#,##0\ " 0 UTF16 61
0x33AAB PICTURE 0 UTF16 61
0x228AB qtstttu7| 0 ASCII 61
0x35FE3 ColorMode 0 ASCII 61
0x1D84E N6N<.??Ay 0 ASCII 61
0x20C45 Ay2y 0 ASCII 61
0xCA05 232h 0 ASCII 61
0x1946B WLLm 0 ASCII 61
0x2A1D2 cp66 0 ASCII 61
0xDDE9 lqNq 0 ASCII 61
0xA55A xa2a 0 ASCII 61
0x17135 jCPj 0 ASCII 61
0x31B1F 7\r7B 0 ASCII 61
0x15EDF "?AA 0 ASCII 61
0x12132 EQ\\ 0 ASCII 61
0x107B7 KK>q 0 ASCII 61
0x5F51 lH"l 0 ASCII 61
0xB215 -i8- 0 ASCII 61
0xD1AE "StS 0 ASCII 61
0x104B9 W>>v 0 ASCII 61
0x2788C TGGg 0 ASCII 61
0x19D13 Wg=g 0 ASCII 61
0x59AD Wff: 0 ASCII 61
0x315AA \r-\r9 0 ASCII 61
0xD6AD QY^^ 0 ASCII 61
0x1211E Eqqa 0 ASCII 61
0x2C062 ?hCC 0 ASCII 61
0x14F5B 1s>> 0 ASCII 61
0x5850 fCfu 0 ASCII 61
0x2D5CD >8>9 0 ASCII 61
0x1BD28 ;d;o 0 ASCII 61
0x155AF <7<w 0 ASCII 61
0x1DDF1 uLnL 0 ASCII 61
0x21573 gkkI 0 ASCII 61
0x121B1 Eqqa 0 ASCII 61
0xD46F uJKK 0 ASCII 61
0x11006 okk] 0 ASCII 61
0xB82E .S[S 0 ASCII 61
0x199A8 >\>s 0 ASCII 61
0xCE60 8]EE 0 ASCII 61
0xBD0A mJsJ 0 ASCII 61
0x2F286 ^:8: 0 ASCII 61
0x1D1B7 5oVo 0 ASCII 61
0x1D025 dVyd 0 ASCII 61
0x6EC6 ]tRt 0 ASCII 61
0x8FA3 H?2H 0 ASCII 61
0x18512 d;df 0 ASCII 61
0x16ADB u"@u 0 ASCII 61
0x7E16 yDnD 0 ASCII 61
0x4F0B W\r\nW 0 ASCII 61
0x1B9ED mn[m 0 ASCII 61
0x11B72 e//Q 0 ASCII 61
0x11C83 Eqqa 0 ASCII 61
0x2EE00 ttp` 0 ASCII 61
0x245BD |2.S 0 ASCII 61
0x3678 gAMA 0 ASCII 61
0x90C1 xx^4 0 ASCII 61
0x25EFF GNxG 0 ASCII 61
0x18EEE <lg< 0 ASCII 61
0x2584E >o"> 0 ASCII 61
0x253E5 V3PP 0 ASCII 61
0x2537C brTT 0 ASCII 61
0x237C9 i:ei 0 ASCII 61
0x1D3DC vi66 0 ASCII 61
0xA129 BFF: 0 ASCII 61
0x277A8 1TSS 0 ASCII 61
0x6B9 #,##0.00\ " 0 UTF16 60
0x6FC #,##0.00\ " 0 UTF16 60
0x19E9 "??\ 0 UTF16 60
0x19FD ;_-@\n 0 UTF16 60
0x1C4D ;_-@\n 0 UTF16 60
0x1C39 "??\ 0 UTF16 60
0x1DCE ;_-@\n 0 UTF16 60
0x1968 ;_-@\n 0 UTF16 60
0x1954 "??\ 0 UTF16 60
0x18D3 ;_-@\n 0 UTF16 60
0x18BF "??\ 0 UTF16 60
0x1DBA "??\ 0 UTF16 60
0x1C25 "_-; 0 UTF16 60
0x1BCC "_-; 0 UTF16 60
0x19D5 "_-; 0 UTF16 60
0x1940 "_-; 0 UTF16 60
0x18AB "_-; 0 UTF16 60
0x1DA6 "_-; 0 UTF16 60
0x33D7 Sheet 0 ASCII 59
0x2E671 M;F[M 0 ASCII 59
0x39323 Brer5 0 ASCII 59
0x343E Brer2 0 ASCII 59
0xF9F9 nk]Qn 0 ASCII 59
0xD67B JGVVt 0 ASCII 59
0xA46B EeHEy 0 ASCII 59
0x392C8 Sheet 0 ASCII 59
0x39305 Brer2 0 ASCII 59
0x344F Brer3 0 ASCII 59
0xCA30 qdq7K 0 ASCII 59
0x3A49 0\n499 0 ASCII 59
0x39319 Brer4 0 ASCII 59
Functions high-value functions
No functions discovered.