Hancitor — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 cb48f60ccf3277ba…

MALICIOUS

Office (OOXML) / .XLSX

323.7 KB Created: 2015-06-05 18:17:20 UTC Authoring application: Microsoft Excel 16.0300
MD5: d3bb0bba28b8ef26b9e3ba63a6877133 SHA-1: e93d9b4da709834e80cf636f9e4479fbd07a96b6 SHA-256: cb48f60ccf3277ba3664fd7b782a0446c17cda9a5e8d2a8e8249d2eedaadfe5f
60 Risk Score

Malware Insights

Hancitor · confidence 95%

The file is an Excel spreadsheet identified by ClamAV as Xls.Downloader.Hancitor03222-9941794-0. This indicates it is likely a downloader for the Hancitor family. The primary attack pattern involves tricking the user into enabling macros to initiate the download of a secondary payload.

Heuristics 1

  • ClamAV: Xls.Downloader.Hancitor03222-9941794-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.Hancitor03222-9941794-0

Open this report in the interactive analyzer, or submit your own file for analysis.