MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 16 File information Comments

SHA256 hash:	b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f
SHA3-384 hash:	a110638284b96115f8aebb60c34198fe7bb099017300dc1ca81990030f44c0b15820c2ca0ad056b033fec1586ce5a218
SHA1 hash:	c6806d6020310665ccaad4740a9dfe9905006460
MD5 hash:	6e0722a700af97cc6eb757c919f880fa
humanhash:	mockingbird-colorado-oklahoma-charlie
File name:	eTDS-XL_Blank_Template.xlsm
Download:	download sample
File size:	1'207'163 bytes
First seen:	2026-04-17 13:20:00 UTC
Last seen:	Never
File type:	xlsm
MIME type:	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep	24576:tRKZa3wXfh6t9zv3IRqmaLAhgZn0X3tDCOd7lKFahY8yzA8C:tQfWz1vdZ0Ht7lSzAz
TLSH	T16A45333EB298FD7DE7378239C26772F275DEA023530920982524E56859B5322E39CCDC
TrID	42.4% (.XLAM) Excel Macro-enabled Open XML add-in (83500/1/13) 29.2% (.XLSM) Excel Microsoft Office Open XML Format document (with Macro) (57500/1/12) 17.3% (.XLSX) Excel Microsoft Office Open XML Format document (34000/1/7) 8.9% (.ZIP) Open Packaging Conventions container (17500/1/4) 2.0% (.ZIP) ZIP compressed archive (4000/1)
Magika	xlsx
Reporter	abuse_ch
Tags:	xlsm

Office OLE Information

This malware samples appears to be an Office document. The following table provides more information about this document using oletools and oledump.

Embedded Images

MalwareBazaar found the following images embedded in this file:

MD5 hash	dc.creator	# of relations
a6e99e59aa92adbde5423befa6fa01a2	NVSSY_Home_Dell	None
ebcb90903e244a3851df380826e6e050	NVSSY_Home_Dell	None

OLE dump

MalwareBazaar was able to identify 379 sections in this file using oledump:

Section ID	Section size	Section name
A1	97 bytes	FormPreStart/CompObj
A2	291 bytes	FormPreStart/VBFrame
A3	715 bytes	FormPreStart/f
A4	53363 bytes	FormPreStart/o
A5	5330 bytes	PROJECT
A6	30 bytes	PROJECTlk
A7	3299 bytes	PROJECTwm
A8	97 bytes	UserFormActiveError/CompObj
A9	343 bytes	UserFormActiveError/VBFrame
A10	139 bytes	UserFormActiveError/f
A11	64 bytes	UserFormActiveError/o
A12	97 bytes	UserFormBegin/CompObj
A13	304 bytes	UserFormBegin/VBFrame
A14	431 bytes	UserFormBegin/f
A15	112 bytes	UserFormBegin/i02/CompObj
A16	537 bytes	UserFormBegin/i02/f
A17	780 bytes	UserFormBegin/i02/o
A18	112 bytes	UserFormBegin/i06/CompObj
A19	205 bytes	UserFormBegin/i06/f
A20	220 bytes	UserFormBegin/i06/o
A21	112 bytes	UserFormBegin/i08/CompObj
A22	205 bytes	UserFormBegin/i08/f
A23	452 bytes	UserFormBegin/i08/o
A24	52843 bytes	UserFormBegin/o
A25	97 bytes	UserFormCheckingforNewVersion/CompObj
A26	360 bytes	UserFormCheckingforNewVersion/VBFrame
A27	170 bytes	UserFormCheckingforNewVersion/f
A28	156 bytes	UserFormCheckingforNewVersion/o
A29	97 bytes	UserFormDEV/CompObj
A30	295 bytes	UserFormDEV/VBFrame
A31	187 bytes	UserFormDEV/f
A32	112 bytes	UserFormDEV/i02/CompObj
A33	257 bytes	UserFormDEV/i02/f
A34	5274 bytes	UserFormDEV/i02/o
A35	52531 bytes	UserFormDEV/o
A36	97 bytes	UserFormErrors/CompObj
A37	338 bytes	UserFormErrors/VBFrame
A38	315 bytes	UserFormErrors/f
A39	52883 bytes	UserFormErrors/o
A40	97 bytes	UserFormFileFVU/CompObj
A41	316 bytes	UserFormFileFVU/VBFrame
A42	267 bytes	UserFormFileFVU/f
A43	112 bytes	UserFormFileFVU/i02/CompObj
A44	265 bytes	UserFormFileFVU/i02/f
A45	256 bytes	UserFormFileFVU/i02/o
A46	112 bytes	UserFormFileFVU/i04/CompObj
A47	221 bytes	UserFormFileFVU/i04/f
A48	180 bytes	UserFormFileFVU/i04/o
A49	196 bytes	UserFormFileFVU/o
A50	97 bytes	UserFormImporting/CompObj
A51	335 bytes	UserFormImporting/VBFrame
A52	171 bytes	UserFormImporting/f
A53	112 bytes	UserFormImporting/i02/CompObj
A54	281 bytes	UserFormImporting/i02/f
A55	444 bytes	UserFormImporting/i02/o
A56	112 bytes	UserFormImporting/i04/CompObj
A57	237 bytes	UserFormImporting/i04/f
A58	220 bytes	UserFormImporting/i04/o
A59	0 bytes	UserFormImporting/o
A60	97 bytes	UserFormPANCheck/CompObj
A61	305 bytes	UserFormPANCheck/VBFrame
A62	355 bytes	UserFormPANCheck/f
A63	488 bytes	UserFormPANCheck/o
A64	97 bytes	UserFormPANCheckStart/CompObj
A65	317 bytes	UserFormPANCheckStart/VBFrame
A66	171 bytes	UserFormPANCheckStart/f
A67	112 bytes	UserFormPANCheckStart/i01/CompObj
A68	261 bytes	UserFormPANCheckStart/i01/f
A69	536 bytes	UserFormPANCheckStart/i01/o
A70	112 bytes	UserFormPANCheckStart/i05/CompObj
A71	353 bytes	UserFormPANCheckStart/i05/f
A72	796 bytes	UserFormPANCheckStart/i05/o
A73	0 bytes	UserFormPANCheckStart/o
A74	97 bytes	UserFormPreValidation/CompObj
A75	350 bytes	UserFormPreValidation/VBFrame
A76	311 bytes	UserFormPreValidation/f
A77	524 bytes	UserFormPreValidation/o
A78	97 bytes	UserFormProgress/CompObj
A79	344 bytes	UserFormProgress/VBFrame
A80	259 bytes	UserFormProgress/f
A81	212 bytes	UserFormProgress/o
A82	97 bytes	UserFormRegister/CompObj
A83	329 bytes	UserFormRegister/VBFrame
A84	755 bytes	UserFormRegister/f
A85	70191 bytes	UserFormRegister/o
A86	97 bytes	UserFormRegisterCheckFail/CompObj
A87	316 bytes	UserFormRegisterCheckFail/VBFrame
A88	575 bytes	UserFormRegisterCheckFail/f
A89	65703 bytes	UserFormRegisterCheckFail/o
A90	97 bytes	UserFormRegisterPricing/CompObj
A91	306 bytes	UserFormRegisterPricing/VBFrame
A92	663 bytes	UserFormRegisterPricing/f
A93	1840 bytes	UserFormRegisterPricing/o
A94	97 bytes	UserFormRegisterQuote/CompObj
A95	306 bytes	UserFormRegisterQuote/VBFrame
A96	911 bytes	UserFormRegisterQuote/f
A97	2296 bytes	UserFormRegisterQuote/o
A98	97 bytes	UserFormRegisterShowComputerID/CompObj
A99	320 bytes	UserFormRegisterShowComputerID/VBFrame
A100	223 bytes	UserFormRegisterShowComputerID/f
A101	220 bytes	UserFormRegisterShowComputerID/o
A102	97 bytes	UserFormSaveMap/CompObj
A103	302 bytes	UserFormSaveMap/VBFrame
A104	331 bytes	UserFormSaveMap/f
A105	500 bytes	UserFormSaveMap/o
A106	97 bytes	UserFormSelectDataFile/CompObj
A107	318 bytes	UserFormSelectDataFile/VBFrame
A108	595 bytes	UserFormSelectDataFile/f
A109	900 bytes	UserFormSelectDataFile/o
A110	97 bytes	UserFormSelectForm/CompObj
A111	304 bytes	UserFormSelectForm/VBFrame
A112	315 bytes	UserFormSelectForm/f
A113	112 bytes	UserFormSelectForm/i05/CompObj
A114	317 bytes	UserFormSelectForm/i05/f
A115	324 bytes	UserFormSelectForm/i05/o
A116	112 bytes	UserFormSelectForm/i17/CompObj
A117	277 bytes	UserFormSelectForm/i17/f
A118	168 bytes	UserFormSelectForm/i17/o
A119	344 bytes	UserFormSelectForm/o
A120	97 bytes	UserFormSelectMapFile/CompObj
A121	284 bytes	UserFormSelectMapFile/VBFrame
A122	38 bytes	UserFormSelectMapFile/f
A123	0 bytes	UserFormSelectMapFile/o
A124	97 bytes	UserFormSendingToWeb/CompObj
A125	352 bytes	UserFormSendingToWeb/VBFrame
A126	170 bytes	UserFormSendingToWeb/f
A127	156 bytes	UserFormSendingToWeb/o
A128	97 bytes	UserFormStart/CompObj
A129	349 bytes	UserFormStart/VBFrame
A130	183 bytes	UserFormStart/f
A131	115 bytes	UserFormStart/i90/CompObj
A132	348 bytes	UserFormStart/i90/f
A133	110 bytes	UserFormStart/i90/i197/CompObj
A134	396 bytes	UserFormStart/i90/i197/f
A135	520 bytes	UserFormStart/i90/i197/o
A136	110 bytes	UserFormStart/i90/i198/CompObj
A137	256 bytes	UserFormStart/i90/i198/f
A138	308 bytes	UserFormStart/i90/i198/o
A139	110 bytes	UserFormStart/i90/i199/CompObj
A140	328 bytes	UserFormStart/i90/i199/f
A141	112 bytes	UserFormStart/i90/i199/i243/CompObj
A142	101 bytes	UserFormStart/i90/i199/i243/f
A143	0 bytes	UserFormStart/i90/i199/i243/o
A144	412 bytes	UserFormStart/i90/i199/o
A145	110 bytes	UserFormStart/i90/i201/CompObj
A146	188 bytes	UserFormStart/i90/i201/f
A147	112 bytes	UserFormStart/i90/i201/i244/CompObj
A148	93 bytes	UserFormStart/i90/i201/i244/f
A149	0 bytes	UserFormStart/i90/i201/i244/o
A150	112 bytes	UserFormStart/i90/i201/i246/CompObj
A151	97 bytes	UserFormStart/i90/i201/i246/f
A152	0 bytes	UserFormStart/i90/i201/i246/o
A153	112 bytes	UserFormStart/i90/i201/i248/CompObj
A154	93 bytes	UserFormStart/i90/i201/i248/f
A155	0 bytes	UserFormStart/i90/i201/i248/o
A156	0 bytes	UserFormStart/i90/i201/o
A157	110 bytes	UserFormStart/i90/i92/CompObj
A158	624 bytes	UserFormStart/i90/i92/f
A159	53299 bytes	UserFormStart/i90/i92/o
A160	110 bytes	UserFormStart/i90/i93/CompObj
A161	148 bytes	UserFormStart/i90/i93/f
A162	112 bytes	UserFormStart/i90/i93/i238/CompObj
A163	425 bytes	UserFormStart/i90/i93/i238/f
A164	524 bytes	UserFormStart/i90/i93/i238/o
A165	112 bytes	UserFormStart/i90/i93/i242/CompObj
A166	93 bytes	UserFormStart/i90/i93/i242/f
A167	0 bytes	UserFormStart/i90/i93/i242/o
A168	0 bytes	UserFormStart/i90/i93/o
A169	316 bytes	UserFormStart/i90/o
A170	96 bytes	UserFormStart/i90/x
A171	56 bytes	UserFormStart/o
A172	97 bytes	UserFormTRACESPANcheck/CompObj
A173	315 bytes	UserFormTRACESPANcheck/VBFrame
A174	179 bytes	UserFormTRACESPANcheck/f
A175	480 bytes	UserFormTRACESPANcheck/o
A176	97 bytes	UserFormeTDSZIP/CompObj
A177	266 bytes	UserFormeTDSZIP/VBFrame
A178	151 bytes	UserFormeTDSZIP/f
A179	52535 bytes	UserFormeTDSZIP/o
A180	5959 bytes	VBA/Download_latest
A181	4600 bytes	VBA/FormPreStart
A182	17957 bytes	VBA/ModuleCommonGenerate
A183	123366 bytes	VBA/ModuleCorrection_Common
A184	4906 bytes	VBA/ModuleCreateMaster
A185	6628 bytes	VBA/ModuleImportOldData
A186	19678 bytes	VBA/ModuleImporting
A187	29722 bytes	VBA/ModuleJustificationReport
A188	39261 bytes	VBA/ModuleLic
A189	14986 bytes	VBA/ModuleReports
A190	18140 bytes	VBA/ModuleTools
A191	20199 bytes	VBA/ModuleVerify
A192	109359 bytes	VBA/Module_Common
A193	97652 bytes	VBA/Module_Corr_24
A194	49149 bytes	VBA/Module_Corr_26
A195	51235 bytes	VBA/Module_Corr_27
A196	48079 bytes	VBA/Module_Corr_27E
A197	13617 bytes	VBA/Module_Corr_Functions
A198	13379 bytes	VBA/Module_PANVerification
A199	1339 bytes	VBA/Module_PreCheck
A200	45335 bytes	VBA/Module_Process_24
A201	65109 bytes	VBA/Module_Process_24Q4
A202	45209 bytes	VBA/Module_Process_26
A203	44766 bytes	VBA/Module_Process_27
A204	43205 bytes	VBA/Module_Process_27EQ
A205	1188 bytes	VBA/Sheet1
A206	1181 bytes	VBA/Sheet10
A207	2183 bytes	VBA/Sheet11
A208	2534 bytes	VBA/Sheet12
A209	1181 bytes	VBA/Sheet13
A210	2534 bytes	VBA/Sheet14
A211	2548 bytes	VBA/Sheet15
A212	1189 bytes	VBA/Sheet16
A213	1189 bytes	VBA/Sheet17
A214	2534 bytes	VBA/Sheet18
A215	2168 bytes	VBA/Sheet19
A216	1188 bytes	VBA/Sheet2
A217	2467 bytes	VBA/Sheet20
A218	1189 bytes	VBA/Sheet21
A219	1189 bytes	VBA/Sheet23
A220	1595 bytes	VBA/Sheet27
A221	2772 bytes	VBA/Sheet3
A222	1188 bytes	VBA/Sheet4
A223	1188 bytes	VBA/Sheet5
A224	1188 bytes	VBA/Sheet6
A225	1188 bytes	VBA/Sheet7
A226	2579 bytes	VBA/Sheet8
A227	1188 bytes	VBA/Sheet9
A228	4089 bytes	VBA/ThisWorkbook
A229	3166 bytes	VBA/UserFormActiveError
A230	6270 bytes	VBA/UserFormBegin
A231	5069 bytes	VBA/UserFormCheckingforNewVersion
A232	8154 bytes	VBA/UserFormDEV
A233	6477 bytes	VBA/UserFormErrors
A234	3002 bytes	VBA/UserFormFileFVU
A235	3698 bytes	VBA/UserFormImporting
A236	5780 bytes	VBA/UserFormPANCheck
A237	2080 bytes	VBA/UserFormPANCheckStart
A238	4456 bytes	VBA/UserFormPreValidation
A239	1810 bytes	VBA/UserFormProgress
A240	5516 bytes	VBA/UserFormRegister
A241	2265 bytes	VBA/UserFormRegisterCheckFail
A242	3320 bytes	VBA/UserFormRegisterPricing
A243	9787 bytes	VBA/UserFormRegisterQuote
A244	2094 bytes	VBA/UserFormRegisterShowComputerID
A245	5907 bytes	VBA/UserFormSaveMap
A246	7117 bytes	VBA/UserFormSelectDataFile
A247	17020 bytes	VBA/UserFormSelectForm
A248	1464 bytes	VBA/UserFormSelectMapFile
A249	2807 bytes	VBA/UserFormSendingToWeb
A250	33906 bytes	VBA/UserFormStart
A251	1681 bytes	VBA/UserFormTRACESPANcheck
A252	1931 bytes	VBA/UserFormeTDSZIP
A253	44912 bytes	VBA/_VBA_PROJECT
A254	96715 bytes	VBA/__SRP_0
A255	6193 bytes	VBA/__SRP_1
A256	176 bytes	VBA/__SRP_10
A257	170 bytes	VBA/__SRP_11
A258	806 bytes	VBA/__SRP_12
A259	156 bytes	VBA/__SRP_13
A260	3306 bytes	VBA/__SRP_14
A261	384 bytes	VBA/__SRP_15
A262	384 bytes	VBA/__SRP_16
A263	1618 bytes	VBA/__SRP_17
A264	464 bytes	VBA/__SRP_18
A265	106 bytes	VBA/__SRP_19
A266	176 bytes	VBA/__SRP_1a
A267	170 bytes	VBA/__SRP_1b
A268	464 bytes	VBA/__SRP_1c
A269	106 bytes	VBA/__SRP_1d
A270	171 bytes	VBA/__SRP_1e
A271	184 bytes	VBA/__SRP_1f
A272	274 bytes	VBA/__SRP_2
A273	102464 bytes	VBA/__SRP_20
A274	2024 bytes	VBA/__SRP_21
A275	663 bytes	VBA/__SRP_22
A276	992 bytes	VBA/__SRP_23
A277	461 bytes	VBA/__SRP_24
A278	636 bytes	VBA/__SRP_25
A279	360 bytes	VBA/__SRP_26
A280	526 bytes	VBA/__SRP_27
A281	214 bytes	VBA/__SRP_28
A282	238 bytes	VBA/__SRP_29
A283	207 bytes	VBA/__SRP_2a
A284	264 bytes	VBA/__SRP_2b
A285	265 bytes	VBA/__SRP_2c
A286	288 bytes	VBA/__SRP_2d
A287	176 bytes	VBA/__SRP_2e
A288	170 bytes	VBA/__SRP_2f
A289	446 bytes	VBA/__SRP_3
A290	650 bytes	VBA/__SRP_30
A291	182 bytes	VBA/__SRP_31
A292	464 bytes	VBA/__SRP_32
A293	106 bytes	VBA/__SRP_33
A294	464 bytes	VBA/__SRP_34
A295	106 bytes	VBA/__SRP_35
A296	464 bytes	VBA/__SRP_36
A297	106 bytes	VBA/__SRP_37
A298	464 bytes	VBA/__SRP_38
A299	106 bytes	VBA/__SRP_39
A300	464 bytes	VBA/__SRP_3a
A301	106 bytes	VBA/__SRP_3b
A302	464 bytes	VBA/__SRP_3c
A303	106 bytes	VBA/__SRP_3d
A304	464 bytes	VBA/__SRP_3e
A305	106 bytes	VBA/__SRP_3f
A306	222 bytes	VBA/__SRP_4
A307	650 bytes	VBA/__SRP_40
A308	182 bytes	VBA/__SRP_41
A309	836 bytes	VBA/__SRP_42
A310	258 bytes	VBA/__SRP_43
A311	836 bytes	VBA/__SRP_44
A312	258 bytes	VBA/__SRP_45
A313	836 bytes	VBA/__SRP_46
A314	258 bytes	VBA/__SRP_47
A315	836 bytes	VBA/__SRP_48
A316	258 bytes	VBA/__SRP_49
A317	836 bytes	VBA/__SRP_4a
A318	258 bytes	VBA/__SRP_4b
A319	836 bytes	VBA/__SRP_4c
A320	258 bytes	VBA/__SRP_4d
A321	836 bytes	VBA/__SRP_4e
A322	258 bytes	VBA/__SRP_4f
A323	358 bytes	VBA/__SRP_5
A324	464 bytes	VBA/__SRP_50
A325	106 bytes	VBA/__SRP_51
A326	464 bytes	VBA/__SRP_52
A327	106 bytes	VBA/__SRP_53
A328	464 bytes	VBA/__SRP_54
A329	106 bytes	VBA/__SRP_55
A330	464 bytes	VBA/__SRP_56
A331	106 bytes	VBA/__SRP_57
A332	170 bytes	VBA/__SRP_58
A333	176 bytes	VBA/__SRP_59
A334	15334 bytes	VBA/__SRP_5a
A335	492 bytes	VBA/__SRP_5b
A336	1258 bytes	VBA/__SRP_5c
A337	374 bytes	VBA/__SRP_5d
A338	507 bytes	VBA/__SRP_6
A339	1749 bytes	VBA/__SRP_60
A340	470 bytes	VBA/__SRP_61
A341	898 bytes	VBA/__SRP_62
A342	284 bytes	VBA/__SRP_63
A343	170 bytes	VBA/__SRP_64
A344	174 bytes	VBA/__SRP_65
A345	170 bytes	VBA/__SRP_66
A346	174 bytes	VBA/__SRP_67
A347	170 bytes	VBA/__SRP_68
A348	174 bytes	VBA/__SRP_69
A349	170 bytes	VBA/__SRP_6a
A350	174 bytes	VBA/__SRP_6b
A351	2008 bytes	VBA/__SRP_6c
A352	392 bytes	VBA/__SRP_6d
A353	1769 bytes	VBA/__SRP_6e
A354	424 bytes	VBA/__SRP_6f
A355	724 bytes	VBA/__SRP_7
A356	458 bytes	VBA/__SRP_74
A357	594 bytes	VBA/__SRP_75
A358	2496 bytes	VBA/__SRP_76
A359	260 bytes	VBA/__SRP_77
A360	5584 bytes	VBA/__SRP_78
A361	356 bytes	VBA/__SRP_79
A362	968 bytes	VBA/__SRP_7a
A363	106 bytes	VBA/__SRP_7b
A364	2154 bytes	VBA/__SRP_7c
A365	256 bytes	VBA/__SRP_7d
A366	3042 bytes	VBA/__SRP_7e
A367	406 bytes	VBA/__SRP_7f
A368	37538 bytes	VBA/__SRP_8
A369	2088 bytes	VBA/__SRP_80
A370	206 bytes	VBA/__SRP_81
A371	3080 bytes	VBA/__SRP_9
A372	1926 bytes	VBA/__SRP_a
A373	23316 bytes	VBA/__SRP_b
A374	505 bytes	VBA/__SRP_c
A375	666 bytes	VBA/__SRP_d
A376	11945 bytes	VBA/__SRP_e
A377	2228 bytes	VBA/__SRP_f
A378	4999 bytes	VBA/dir

Intelligence

File Origin

# of uploads :

# of downloads :

129

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/7e86d722-fdfa-4f26-967d-a61d567a59a5/

Malware family:

n/a

ID:

File name:

xlsm

Verdict:

No threats detected

Analysis date:

2026-04-17 13:23:27 UTC

Tags:

macros macros-on-open doc-url

Link:

https://app.any.run/tasks/d097203c-416d-4c6c-9375-1e146c2a5915

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/61955/

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69e233aef68adfe1003ac04c

Tags:

whiteice office macro micro

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

Launching a service

Searching for synchronization primitives

Creating a file

Delayed writing of the file

Result

Verdict:

Malicious

File Type:

Excel File with Macro

Link:

https://app.docguard.net/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f/results/dashboard

Behaviour

BlacklistAPI detected

Document image

Image:

Download PNG

Gathering data

Verdict:

Malicious

Labled as:

Msoffice/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f

Label:

Benign

Suspicious Score:

/10

Score Malicious:

Score Benign:

Link:

https://www.malware.ai/gui/files/?id=0a7e0dc0-4647-469b-8e69-81cbbc841b07

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f

Verdict:

Clean

File Type:

xlsm

Link:

https://opentip.kaspersky.com/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1900081

Signature

Document contains an embedded VBA macro with suspicious strings

Document contains VBA stomped code (only p-code) potentially bypassing AV detection

Multi AV Scanner detection for submitted file

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

OFFICE

Link:

https://malprob.io/report/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-04-11 16:03:05 UTC

File Type:

Document

Extracted files:

547

AV detection:

7 of 36 (19.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xeeogl5ejv3hfingawbvkqcm6jrrl2u6d7yhungi5ikp3gjedrhq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/260417-qlbv9ahy7y/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/b908e32fa44d7672a1a6058355404cf26315ea9e1ff07a34c8ea14fd99241c4f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Hancitor Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hancitor

Rule name:	informational_win_ole_protected Create hunting rule
Author:	Jeff White (karttoon@gmail.com) @noottrak
Description:	Identify OLE Project protection within documents.

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	TA505_Maldoc_21Nov_2 Create hunting rule
Author:	Arkbird_SOLG
Description:	invitation (1).xls
Reference:	https://twitter.com/58_158_177_102/status/1197432303057637377

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	test_Malaysia Create hunting rule
Author:	rectifyq
Description:	Detects file containing malaysia string

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

Rule name:	vbaproject_bin Create hunting rule
Author:	CD_R0M_
Description:	{76 62 61 50 72 6f 6a 65 63 74 2e 62 69 6e} is hex for vbaproject.bin. Macros are often used by threat actors. Work in progress - Ran out of time

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/61955/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample