Gonderi.xls
CLASSIFICATION
Malicious
41
Antivirus detections0
IDS alerts0
Processes0
Contacted hosts0
DNS RequestsIndicator Context
Blacklist timeline
Malicious
3 years since the last reported activity
Sample information
Hashes
In depth details
Dates
Explore our API specification anytime here:
cURL
Python
PowerShell
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/36ab0aba85ef32490da8beb5e29ce0ecd74d4b4d167a5cbf4f6d7b1ba74e746b
Response:
{
"antivirus": [
{
"description": "malicious (high confidence)",
"name": "Elastic"
},
{
"description": "Virus.Macro.Generic.Save",
"name": "Sangfor"
},
{
"description": "Office.VBA_Macro_Heur",
"name": "VirIT"
},
{
"description": "X97M/Agent.BA.gen!Eldorado",
"name": "Cyren"
},
{
"description": "ISB.Downloader!gen60",
"name": "Symantec"
},
{
"description": "a variant of VBA/TrojanDownloader.Agent.OCM",
"name": "ESET-NOD32"
},
{
"description": "HEUR:Trojan-Downloader.Script.Generic",
"name": "Kaspersky"
},
{
"description": "Trojan.Ole2.Vbs-heuristic.druvzi",
"name": "NANO-Antivirus"
},
{
"description": "Heur.MSWord.Downloader.d",
"name": "Tencent"
},
{
"description": "Suspicious/X97M.DNL.Gen",
"name": "TACHYON"
},
{
"description": "LooksLike.Macro.Malware.gen!x3 (v)",
"name": "VIPRE"
},
{
"description": "BehavesLike.OLE2.Downloader.cb",
"name": "McAfee-GW-Edition"
},
{
"description": "HEUR/Macro.Downloader.MRDO.Gen",
"name": "Avira"
},
{
"description": "TrojanDownloader:O97M/Powdow.ALT!MTB",
"name": "Microsoft"
},
{
"description": "HEUR.VBA.Trojan.d",
"name": "Arcabit"
},
{
"description": "Malicious (score: 99)",
"name": "Cynet"
},
{
"description": "Downloader/MSOffice.Generic.S1225",
"name": "AhnLab-V3"
},
{
"description": "W97M/Downloader.djz",
"name": "McAfee"
},
{
"description": "Probably Heur.W97Obfuscated",
"name": "Zoner"
},
{
"description": "Downloader.Agent/VBA!1.C02D (CLASSIC)",
"name": "Rising"
},
{
"description": "Static AI - Malicious OLE",
"name": "SentinelOne"
},
{
"description": "VBA/Agent.1873!tr.dldr",
"name": "Fortinet"
},
{
"description": "O97M/Downloader",
"name": "Panda"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "ALYac"
},
{
"description": "VBA:Dropper-HD [Trj]",
"name": "AVG"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "Ad-Aware"
},
{
"description": "VBA:Dropper-HD [Trj]",
"name": "Avast"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "BitDefender"
},
{
"description": "TrojWare.Win32.Agent.ngplq@0",
"name": "Comodo"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919 (B)",
"name": "Emsisoft"
},
{
"description": "Heuristic.HEUR/Macro.Downloader.MRDO.Gen",
"name": "F-Secure"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "FireEye"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "GData"
},
{
"description": "Trojan-Downloader.VBA.Agent",
"name": "Ikarus"
},
{
"description": "UDS:DangerousObject.Multi.Generic",
"name": "Kaspersky"
},
{
"description": "Trojan.Script.Generic.a!c",
"name": "Lionic"
},
{
"description": "malware (ai score=89)",
"name": "MAX"
},
{
"description": "Trojan.Exploit.MSOfficeExcel.GenericKDS.38284919",
"name": "MicroWorld-eScan"
},
{
"description": "TROJ_FRS.0NA103LH21",
"name": "TrendMicro"
},
{
"description": "TROJ_FRS.0NA103LH21",
"name": "TrendMicro-HouseCall"
},
{
"description": "XLS.Z.Agent.151040.A",
"name": "ViRobot"
}
],
"blacklist": [
{
"count": 1,
"description": "Generic.Malware",
"first_seen": "2021-12-16 07:55:50",
"labels": [
"malicious-activity"
],
"last_seen": "2021-12-16 07:55:50",
"source": "MalwareBazaar Abuse.ch"
},
{
"count": 1,
"description": "Generic.Malware",
"first_seen": "2021-12-16 07:55:50",
"labels": [
"malicious-activity"
],
"last_seen": "2021-12-16 07:55:50",
"source": "Abuse.ch"
}
],
"classification": "malicious",
"creation_time": "2021-12-16 09:15:19",
"filename": [
"Gonderi.xls"
],
"filetype": "application/vnd.ms-excel",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "e9924fe30c31ef786180eadb257ace0c",
"modification_time": "2025-09-17 08:29:58",
"scoring_executed_time": "2025-09-17 08:29:58",
"sha1": "37283abce53ab875d64f53514613b5f202fa775f",
"sha256": "36ab0aba85ef32490da8beb5e29ce0ecd74d4b4d167a5cbf4f6d7b1ba74e746b",
"type": "sample"
}
Antivirus Positives
| Antivirus | Threat |
|---|---|
| Elastic | malicious (high confidence) |
| Sangfor | Virus.Macro.Generic.Save |
| VirIT | Office.VBA_Macro_Heur |
| Cyren | X97M/Agent.BA.gen!Eldorado |
| Symantec | ISB.Downloader!gen60 |
| ESET-NOD32 | a variant of VBA/TrojanDownloader.Agent.OCM |
| Kaspersky | HEUR:Trojan-Downloader.Script.Generic |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi |
| Tencent | Heur.MSWord.Downloader.d |
| TACHYON | Suspicious/X97M.DNL.Gen |
| VIPRE | LooksLike.Macro.Malware.gen!x3 (v) |
| McAfee-GW-Edition | BehavesLike.OLE2.Downloader.cb |
| Avira | HEUR/Macro.Downloader.MRDO.Gen |
| Microsoft | TrojanDownloader:O97M/Powdow.ALT!MTB |
| Arcabit | HEUR.VBA.Trojan.d |
| Cynet | Malicious (score: 99) |
| AhnLab-V3 | Downloader/MSOffice.Generic.S1225 |
| McAfee | W97M/Downloader.djz |
| Zoner | Probably Heur.W97Obfuscated |
| Rising | Downloader.Agent/VBA!1.C02D (CLASSIC) |
Items per page:
1 – 20 of 41