home

ficha_5.01b.exe

XLtoEXE

Orlando's VBA and Excel Site

The executable ficha_5.01b.exe, “Excel application converted by XLtoEXE utility.” has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from neosoulsociety.ucoz.com.
Publisher:
Orlando's VBA and Excel Site

Product:
XLtoEXE

Description:
Excel application converted by XLtoEXE utility.

Version:
2.00.0005

MD5:
1c3343dc5932f0fc1867362afc1d3637

SHA-1:
b75244eaea09dbadc27630009b9d02e043500967

SHA-256:
efe3ed0851e2e3b1bf9ab834dc5cbee3d3be4bedea27307ca6f3f575b90a5c34

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/5/2024 2:33:52 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7383

Dr.Web
Trojan.MulDrop6.3656
9.0.1.0219

McAfee
Artemis!1C3343DC5932
5600.6316

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.FakeXLS@CV!1.6AC3 [F]
23.00.65.16804

File size:
548.3 KB (561,429 bytes)

Product version:
2.00.0005

Copyright:
Copyright © 2003-2015 Fco Orlando Magalhaes Filho. All rights reserved.

Trademarks:
Microsoft® Excel® is a registered trademark of Microsoft Corporation.

Original file name:
XLtoEXE.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ficha_5.01b.exe

File PE Metadata
Compilation timestamp:
7/31/2015 11:16:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:USUDnfyTh2dX/D3sNKW2W27pTwvPsjsM4T8q+gRD+6NaMlZziDo:Utu2FDc83W27psXSsMsjFRNN3ec

Entry address:
0x1C10

Entry point:
68, 44, 1E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 38, 00, 00, 00, 6A, D3, 60, E8, C8, 2D, 75, 43, B0, D2, DA, 56, 3A, 19, 68, 21, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 58, 4C, 74, 6F, 45, 58, 45, 00, 54, 6F, 20, 63, 6F, 6E, 76, 65, 72, 74, 20, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 20, 45, 78, 63, 65, 6C, 20, 66, 69, 6C, 65, 73, 20, 74, 6F, 20, 45, 58, 45, 2E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 50, 22, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
48 KB (49,152 bytes)

The file ficha_5.01b.exe has been seen being distributed by the following URL.

http://neosoulsociety.ucoz.com/Ficha_5.01b.exe

Remove ficha_5.01b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.