b0842386458e1ab3d1de1845b7986fde | Triage

Sharing

General

Target

b0842386458e1ab3d1de1845b7986fde
Size

2.0MB
MD5

b0842386458e1ab3d1de1845b7986fde
SHA1

56af74698678056f8c8c560d5221568f789ef960
SHA256

3a542a37153a44e0f77531e7a1cb7ae5bf66fa99b230725203e21c1e429aec05
SHA512

90e8e4f9dc3f0433a577ed6d453c98344fbf29b3929b0b322c33db9b02f0ae1b5bbca92f3a12c6e7acff5aefdb5b746efafd75432ba7e6d1aadad745b3be1bdd
SSDEEP

49152:HYuS+plEjJxkECGYLVZSL1DzbJ3AMPLtT3FN:4uSSujJkHS1DzV393N

Score

8^/10

macro xlm

Malware Config

Signatures

Suspicious Office macro 3 IoCs

Office document equipped with 4.0 macros.

Processes:

resource	yara_rule
static1/unpack002/9月资金预算--QQ直接接收/审计监察部-9月份资金预算表.xls	office_xlm_macros
static1/unpack001/曹/关于上报资金预算的通知2012.8.27/陕西北元化工集团有限公司资金预算表.xls	office_xlm_macros
static1/unpack001/曹/新型煤化工调研表（北元化工）.xls	office_xlm_macros

Office document contains embedded OLE objects 1 IoCs

Detected embedded OLE objects in Office documents.

Processes:

resource	yara_rule
static1/unpack001/曹/资金调度、资金结算上线指引_20120516.doc	office_ole_embedded

Files

b0842386458e1ab3d1de1845b7986fde
.rar
9月资金预算--QQ直接接收.rar
.rar
9月资金预算--QQ直接接收/审计监察部-9月份资金预算表.xls
.xls .vbs windows office2003 polyglot
曹/关于上报资金预算的通知2012.8.27/关于上报资金预算的通知.docx
.docx office2007
曹/关于上报资金预算的通知2012.8.27/陕西北元化工集团有限公司资金预算表.xls
.xls .vbs windows office2003 polyglot
曹/新型煤化工调研表（北元化工）.xls
.xls windows office2003
曹/资金调度、资金结算上线指引_20120516.doc
.docx .doc office2007