Subj : trojan inside xls file
To   : All
From : August Abolins
Date : Tue Mar 10 2020 09:25 am

Hello!

There's a bogus .xls file going around with a malware payload. This is the
second such email I've receive in about 3 days:

 eg. invoice_554137.xls

What is interesting.. although the filename downloaded is named as per
above,  VirusTotal reports the filename to be different!  So, it's
behaving like a file within a file within a file within.. etc.


Processing it at VirusTotal produces:

bff54499db6c578c8b3b842c70d8cb9d30bbe6ec4b04726bfbfaa104346a92ce
invoice_908873.xls
65.50 KB

9 engines detected this file

ESET-NOD32
DOC/TrojanDownloader.Agent.AUI

Ikarus
Win32.SuspectCrc

Kaspersky
HEUR:Trojan.MSOffice.Pederr.gen

Microsoft
Trojan:Win32/Emali.A!cl

Qihoo-360
Generic/Trojan.07c

Sophos AV
Troj/DocDl-XSO

Symantec
Trojan.Mdropper

TACHYON
Trojan/XF.Downloader.Gen

ZoneAlarm by Check Point
HEUR:Trojan.MSOffice.Pederr.gen

BitDam ATP
MALWARE

Lastline
MALWARETROJAN

Ad-Aware
Undetected

AegisLab
Undetected

AhnLab-V3
Undetected

ALYac
Undetected

Antiy-AVL
Undetected

Arcabit
Undetected

Avast
Undetected

Avast-Mobile
Undetected

AVG
Undetected

Avira (no cloud)
Undetected

Baidu
Undetected

The "popular" engines: AVG, Avast, Ad-Aware, and so on down the list don't
detect this thing.  Bad news.  Beware!


 ../|ug

--- OpenXP 5.0.43
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.