MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a
SHA3-384 hash:	468355778d934cdf401b9b218ddfadde12904afb91af35e4f0884a909e066417cb2b142644a1b3502036afb90b353760
SHA1 hash:	4de8ea36d305d71c5a030c102c0d289aee8e27cf
MD5 hash:	13646a6b8bd739cd7c2f3e9a99b4553d
humanhash:	thirteen-happy-twelve-lion
File name:	ExcelDna.xll
Download:	download sample
File size:	633'856 bytes
First seen:	2023-10-26 21:50:01 UTC
Last seen:	2023-10-26 22:46:31 UTC
File type:	xll
MIME type:	application/x-dosexec
imphash	d4c9759f791ea559bbad095fb49820d9 (14 x AveMariaRAT, 4 x XenoRAT, 2 x XenorRAT)
ssdeep	12288:aG1N4HkcgMsiOd58bzbBSreSQ0uqZzD1reWabd/:aoOOMX1C+QHT+d
Threatray	3 similar samples on MalwareBazaar
TLSH	T1C4D4BF57F6D3B679E6FFC2BAC6B1D92C61B3349603B0938E774125892912391493CB0E
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	smica83
Tags:	POL xll

Intelligence

File Origin

# of uploads :

# of downloads :

133

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PUA.MSIL.Exceldna.12801.5698.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/653adf13a8078613bf1fc387/reports/5ec50190-da0e-41b1-aab7-673481f34f43/overview

Verdict:

Malicious

Labled as:

Trojan[Packed]/MSIL.ExcelDna

Link:

https://www.hybrid-analysis.com/sample/82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qkjt374rq5xxiwhbx3acbco35t6mnt73xd2zsofq5ecqgsjzb5na._file

Verdict:

unknown

51312879e466ced8562644c3253f29931ec838bbe081c638c3f4d98c99644e48

941da29dbf819c5f5bc7cfc20b423f168d75468c3394b145229832af5be4cced

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/231026-1pxbgaac27/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample