Subj : trojan inside xls file
To   : All
From : August Abolins
Date : Tue Mar 10 2020 09:25 am

Hello!

There's a bogus .xls file going around with a malware payload. This is the  
second such email I've receive in about 3 days:

  eg. invoice_554137.xls

What is interesting.. although the filename downloaded is named as per  
above,  VirusTotal reports the filename to be different!  So, it's  
behaving like a file within a file within a file within.. etc.


Processing it at VirusTotal produces:

bff54499db6c578c8b3b842c70d8cb9d30bbe6ec4b04726bfbfaa104346a92ce
invoice_908873.xls
65.50 KB

9 engines detected this file

ESET-NOD32
DOC/TrojanDownloader.Agent.AUI

Ikarus
Win32.SuspectCrc

Kaspersky
HEUR:Trojan.MSOffice.Pederr.gen

Microsoft
Trojan:Win32/Emali.A!cl

Qihoo-360
Generic/Trojan.07c

Sophos AV
Troj/DocDl-XSO

Symantec
Trojan.Mdropper

TACHYON
Trojan/XF.Downloader.Gen

ZoneAlarm by Check Point
HEUR:Trojan.MSOffice.Pederr.gen

BitDam ATP
MALWARE

Lastline
MALWARETROJAN

Ad-Aware
Undetected

AegisLab
Undetected

AhnLab-V3
Undetected

ALYac
Undetected

Antiy-AVL
Undetected

Arcabit
Undetected

Avast
Undetected

Avast-Mobile
Undetected

AVG
Undetected

Avira (no cloud)
Undetected

Baidu
Undetected

The "popular" engines: AVG, Avast, Ad-Aware, and so on down the list don't  
detect this thing.  Bad news.  Beware!


  ../|ug

--- OpenXP 5.0.43
 * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

.