InfinancialsExcelAddin2.1.exe
This report is generated from a file or URL submitted to this webservice on March 19th 2018 11:46:37 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.00 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
- Persistence
-
Spawns a lot of processes
Writes data to a remote process - Fingerprint
- Reads the active computer name
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 4
-
External Systems
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 1/66 Antivirus vendors marked sample as malicious (1% detection rate)
- source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by at least one Antivirus engine
-
General
-
Contains ability to start/interact with device drivers
- details
- DeviceIoControl@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 8/10
-
Contains ability to start/interact with device drivers
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"Engine.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388)
"Engine.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388)
"Engine.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Unusual Characteristics
-
Spawns a lot of processes
- details
-
Spawned process "<Input Sample>" (Show Process)
Spawned process "Engine.exe" with commandline "/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process)
Spawned process "EXCEL.EXE" with commandline "/dde" (Show Process)
Spawned process "IfEngine.exe" with commandline ", ,True" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Spawns a lot of processes
-
Suspicious Indicators 26
-
Anti-Detection/Stealthyness
-
Contains ability to open/control a service
- details
-
ControlService@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
OpenServiceA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 8/10
-
Process deletes itself
- details
- "%TEMP%\SETUP_7713\Engine.exe" deletes itself
- source
- API Call
- relevance
- 10/10
-
Queries process information
- details
-
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51728342
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51730361
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51732177
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51734082
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51735885
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51737180
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51737659
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51738157
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51738634
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51739114
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51739590
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51740118
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51740597
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51741069
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51741543
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51742060
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51742564
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743031
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743508
"Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743976 - source
- API Call
- relevance
- 4/10
-
Contains ability to open/control a service
-
Anti-Reverse Engineering
-
Looks up many procedures within the same disassembly stream (often used to hide usage)
- details
-
Found 23 calls to GetProcAddress@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
Found 16 calls to GetProcAddress@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
Found 16 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
Found 23 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
Found 47 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Looks up many procedures within the same disassembly stream (often used to hide usage)
-
Environment Awareness
-
Contains ability to query CPU information
- details
- cpuid (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Reads the active computer name
- details
-
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"cacls.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"IfEngine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME") - source
- Registry Access
- relevance
- 5/10
-
Contains ability to query CPU information
-
General
-
Contains ability to find and load resources of a specific module
- details
-
FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Reads configuration files
- details
- "Engine.exe" read file "%WINDIR%\win.ini"
- source
- API Call
- relevance
- 4/10
-
Contains ability to find and load resources of a specific module
-
Installation/Persistance
-
Creates new processes
- details
-
"<Input Sample>" is creating a new process (Name: "\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF", Handle: 240)
"Engine.exe" is creating a new process (Name: "%TEMP%\SETUP_7713\00008#IfEngine.exe.00002", Handle: 388) - source
- API Call
- relevance
- 8/10
-
Drops executable files
- details
-
"00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"00010#Infront.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
"00021#vcruntime140.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"00018#Newtonsoft.Json.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
"00013#libcurld.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"00009#IfProtocol.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"00012#InfrontDS.DLL" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"00003#dotNet4.6.2.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"IfEngine.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"00008#IfEngine.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"InfinancialsExcelAddin2_17708.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
"Engine.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed" - source
- Binary File
- relevance
- 10/10
-
Creates new processes
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5"
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-in"
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.com"
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0"
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0FONT_NAME=Tahoma"
Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0FONT_NAME=TahomaFONT_SIZE=8"
"12.0.0.5" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Contains indicators of bot communication commands
- details
- "IIS-Cmd=>" (Indicator: "cmd=")
- source
- File/Memory
- relevance
- 10/10
-
Reads terminal service related keys (often RDP related)
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED") - source
- Registry Access
- relevance
- 10/10
-
Contains indicators of bot communication commands
-
Spyware/Information Retrieval
-
Contains ability to enumerate processes/modules/threads
- details
- CreateToolhelp32Snapshot@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 5/10
-
Contains ability to enumerate processes/modules/threads
-
System Destruction
-
Marks file for deletion
- details
- "%TEMP%\SETUP_7713\Engine.exe" marked "%APPDATA%\Microsoft\Office\Recent\EfFull.LNK" for deletion
- source
- API Call
- relevance
- 10/10
-
Opens file with deletion access rights
- details
-
"Engine.exe" opened "%TEMP%\SETUP_7713\00000#api-ms-win-crt-runtime-l1-1-0.dll" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00003#dotNet4.6.2.exe" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00004#EfAlias.xml" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00005#EfDictionary.csv" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00006#EfPoids.xml" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00007#FieldWizard.xml" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00008#IfEngine.exe" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00008#IfEngine.exe.00002" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00009#IfProtocol.exe" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00010#Infront.dll" with delete access
"Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00011#infront_mapping_feed.txt" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\CVR581D.tmp" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Microsoft\Schemas\MS Excel_restart.xml" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Office\Recent\EfFull.LNK" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Infinancials 2.0\XLArad82F46.tmp" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\262696-Infi.xls" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\AD7C3000" with delete access
"EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Infinancials 2.0\ENGINE\CD - schkK0Etic_262696_90425.xml" with delete access - source
- API Call
- relevance
- 7/10
-
Marks file for deletion
-
System Security
-
Modifies the access control lists of files
- details
-
Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process) - source
- Monitored Target
- relevance
- 5/10
-
Modifies the access control lists of files
-
Unusual Characteristics
-
CRC value set in PE header does not match actual value
- details
-
"00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" claimed CRC 333740 while the actual is CRC 16355846
"00021#vcruntime140.dll" claimed CRC 96123 while the actual is CRC 130404
"00018#Newtonsoft.Json.dll" claimed CRC 675292 while the actual is CRC 96123
"00009#IfProtocol.exe" claimed CRC 64787 while the actual is CRC 342812
"00003#dotNet4.6.2.exe" claimed CRC 1452455 while the actual is CRC 2089584
"IfEngine.exe" claimed CRC 6359054 while the actual is CRC 1452455
"00008#IfEngine.exe" claimed CRC 6359054 while the actual is CRC 5239212 - source
- Static Parser
- relevance
- 10/10
-
Imports suspicious APIs
- details
-
RegOpenKeyExA
GetUserNameA
RegCloseKey
LookupAccountNameA
GetFileAttributesA
GetDriveTypeA
GetTempPathA
WriteFile
DeviceIoControl
CopyFileA
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TerminateProcess
GetTickCount
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetProcAddress
FindFirstFileA
GetComputerNameA
FindNextFileA
CreateFileA
WinExec
GetCommandLineA
GetModuleHandleA
CreateProcessA
Sleep
VirtualAlloc
ShellExecuteA
FindWindowA
GetWindowThreadProcessId
InternetConnectA
HttpSendRequestA
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
CryptEncrypt
IsDebuggerPresent
GetTickCount64
SleepEx
accept
WSAStartup
connect
recv
send
listen
closesocket
socket
bind
recvfrom
sendto
SetSecurityDescriptorDacl
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateFileMappingA
GetFileAttributesW
OutputDebugStringW
OutputDebugStringA
CreateThread
GetModuleHandleExW
ExitThread
GetStartupInfoW
CreateDirectoryW
DeleteFileW
FindFirstFileExA
GetTempFileNameA
CreateFileW
GetCommandLineW
MapViewOfFile
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
FtpOpenFileA
InternetOpenA
WSASend
WSASocketW
GetDriveTypeW
LoadLibraryW
GetComputerNameW
FindNextFileW
FindFirstFileW
CreateProcessW - source
- Static Parser
- relevance
- 1/10
-
Installs hooks/patches the running process
- details
-
"<Input Sample>" wrote bytes "9498ab7651c1ab76efb2b176ee9cab7675dcad769097ab761099ab7600000000013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c77707f3b7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x70CC1000" (part of module "MSLS31.DLL")
"Engine.exe" wrote bytes "0857d0750478d9750000000051c1ab769498ab76ee9cab7675dcad76273ead76efb2b1760000000046ce3c77013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x73621000" (part of module "SHFOLDER.DLL")
"Engine.exe" wrote bytes "9498ab7651c1ab76efb2b176ee9cab7675dcad769097ab761099ab7600000000013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c77707f3b7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x70CC1000" (part of module "MSLS31.DLL")
"EXCEL.EXE" wrote bytes "ba2c2bfc04b98b7bee62ffe1" to virtual address "0x04FBBBDE"
"EXCEL.EXE" wrote bytes "e9603385f2" to virtual address "0x75684731" ("SysAllocStringByteLen@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "b811110000663d33c0ba9ce1b00568dcf5ee62c3" to virtual address "0x004DA5CC"
"EXCEL.EXE" wrote bytes "b834000000663d33c0babc9d450068dcf5ee62c3" to virtual address "0x004DA58C"
"EXCEL.EXE" wrote bytes "5bb8cd2d" to virtual address "0x6A42CA70" (part of module "GFX.DLL")
"EXCEL.EXE" wrote bytes "e9239987f2" to virtual address "0x75685DEE" ("VariantChangeType@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "b800000000663d33c0ba7c9d450068dcf5ee62c3" to virtual address "0x004DA5AC"
"EXCEL.EXE" wrote bytes "e99e48acf0" to virtual address "0x773D3D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
"EXCEL.EXE" wrote bytes "ba94d8fb04b98b7bee62ffe1" to virtual address "0x04FBBC06"
"EXCEL.EXE" wrote bytes "e9f1c42d" to virtual address "0x2FC64354" (part of module "EXCEL.EXE")
"EXCEL.EXE" wrote bytes "e99a5484f2" to virtual address "0x75683E59" ("SysFreeString@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "ba68e9b005b98b7bee62ffe1" to virtual address "0x05B2765A"
"EXCEL.EXE" wrote bytes "bad0ccfa04b98b7bee62ffe1" to virtual address "0x04FBBBF2"
"EXCEL.EXE" wrote bytes "ba50cbfa04b98b7bee62ffe1" to virtual address "0x04FBBBB6"
"EXCEL.EXE" wrote bytes "ba4c76bf05b98b7bee62ffe1" to virtual address "0x05B276AA"
"EXCEL.EXE" wrote bytes "e9365585f2" to virtual address "0x75683EAE" ("VariantClear@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "c4ca3c7780bb3c77aa6e3d779fbb3c7708bb3c7746ce3c7761383d77de2f3d77d0d93c770000000017790f774f910f777f6f0f77f4f70f7711f70f77f2830f77857e0f7700000000" to virtual address "0x73651000" (part of module "MSIMG32.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Reads information about supported languages
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"cacls.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000401")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000040D")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000041E")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000042A")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000439")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000420")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000429") - source
- Registry Access
- relevance
- 3/10
-
Timestamp in PE header is very old or in the future
- details
- "00018#Newtonsoft.Json.dll" claims program is from Fri Jun 10 13:14:05 2061
- source
- Static Parser
- relevance
- 10/10
-
CRC value set in PE header does not match actual value
-
Hiding 4 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 35
-
Anti-Detection/Stealthyness
-
Queries kernel debugger information
- details
- "EXCEL.EXE" at 00021443-00001496-00000105-60956270
- source
- API Call
- relevance
- 6/10
-
Queries kernel debugger information
-
Anti-Reverse Engineering
-
PE file contains zero-size sections
- details
-
Raw size of "BSS" is zero
Raw size of ".tls" is zero - source
- Static Parser
- relevance
- 10/10
-
PE file contains zero-size sections
-
Environment Awareness
-
Contains ability to query machine time
- details
-
GetLocalTime@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetLocalTime@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetLocalTime@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
GetLocalTime@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to query the machine version
- details
-
GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
GetVersion@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to query volume size
- details
-
GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetDiskFreeSpaceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
GetDiskFreeSpaceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 3/10
-
Makes a code branch decision directly after an API that is environment aware
- details
-
Found API call GetVersionExA@KERNEL32.DLL (Target: "InfinancialsExcelAddin2.1.exe"; Stream UID: "00017640-00002380-10409-294-00418380")
which is directly followed by "cmp dword ptr [004376E4h], 06h" and "jc 0041843Dh". See related instructions: "...+39 mov dword ptr [004376E0h], 00000094h+49 push 004376E0h+54 call 00406B7Ch ;GetVersionExA+59 cmp dword ptr [004376E4h], 06h+66 jc 0041843Dh" ... from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
Found API call GetVersionExA@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-1717-004326C0")
which is directly followed by "cmp dword ptr [004FABD8h], 06h" and "jc 0043277Dh". See related instructions: "...+39 mov dword ptr [004FABD4h], 00000094h+49 push 004FABD4h+54 call 00407424h ;GetVersionExA+59 cmp dword ptr [004FABD8h], 06h+66 jc 0043277Dh" ... from Engine.exe (PID: 3716) (Show Stream)
Found API call GetVersion@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-1990-0049BE68")
which is directly followed by "cmp ax, 0005h" and "jc 0049BEECh". See related instructions: "...+72 xor edx, edx+74 push ebp+75 push 0049C083h+80 push dword ptr fs:[edx]+83 mov dword ptr fs:[edx], esp+86 xor eax, eax+88 mov dword ptr [ebp-1Ch], eax+91 xor ebx, ebx+93 call 0040741Ch ;GetVersion+98 and eax, 000000FFh+103 cmp ax, 0005h+107 jc 0049BEECh" ... from Engine.exe (PID: 3716) (Show Stream)
Found API call GetDiskFreeSpaceExA@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-2196-004393E4")
which is directly followed by "cmp eax, 01h" and "jne 004394A7h". See related instructions: "...+127 push 00000000h+129 lea eax, dword ptr [ebp-18h]+132 push eax+133 lea eax, dword ptr [ebp-20h]+136 push eax+137 push ebx+138 mov eax, dword ptr [004FDC28h]+143 mov eax, dword ptr [eax]+145 call eax ;GetDiskFreeSpaceExA+147 cmp eax, 01h+150 sbb eax, eax+152 inc eax+153 test al, al+155 jne 004394A7h" ... from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Queries volume information
- details
-
"EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61610838
"EXCEL.EXE" queries volume information of "%APPDATA%\Infinancials 2.0\XLA\EfFull.xla" at 00021443-00001496-0000010C-61613844
"EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61716512
"EXCEL.EXE" queries volume information of "%APPDATA%\Infinancials 2.0\XLA\EfFull.xla" at 00021443-00001496-0000010C-61716668 - source
- API Call
- relevance
- 2/10
-
Queries volume information of an entire harddrive
- details
-
"EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61610838
"EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61716512 - source
- API Call
- relevance
- 8/10
-
Reads the cryptographic machine GUID
- details
- "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
-
Reads the registry for installed applications
- details
-
"Engine.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
"Engine.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE"; Key: ""; Value: "00000000010000005000000043003A005C00500052004F004700520041007E0031005C004D004900430052004F0053007E0033005C004F0066006600690063006500310034005C0045005800430045004C002E004500580045000000")
"EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IFENGINE.EXE")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IFENGINE.EXE")
"EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
"EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADDRESSBOOK")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER NPAPI")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AUTOITV3")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONNECTION MANAGER")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIRECTDRAWEX")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DXM_RUNTIME")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FONTCORE")
"EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE40") - source
- Registry Access
- relevance
- 10/10
-
Contains ability to query machine time
-
General
-
Contains PDB pathways
- details
-
"F:\binaries\Intermediate\vbextras\vbpowerpacks.vbproj__268534120\objr\x86\Microsoft.VisualBasic.PowerPacks.Vs.pdb"
"C:\repos\cs\Infront\Infront\Infront\obj\Release\Infront.pdb"
"vcruntime140.i386.pdb" - source
- File/Memory
- relevance
- 1/10
-
Creates a writable file in a temporary directory
- details
-
"<Input Sample>" created file "%TEMP%\SETUP_7713\Engine.exe"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Setup.txt"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Addin2.1TestVersion.qsp"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Modern_Setup.bmp"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Modern_Icon.bmp"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Bulgarian.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Czech.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Danish.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Dutch(Flemish).lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Dutch(Standard).lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Finnish.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\French.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\German.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Greek.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Hebrew.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Hungarian.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Italian.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Russian.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Spanish.lng"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Swedish.lng" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-58022"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-58022"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\KYIMEShareCachedData.MutexObject.XQkHi6y"
"\Sessions\1\BaseNamedObjects\KYTransactionServer.MutexObject.XQkHi6y"
"KYTransactionServer.MutexObject.XQkHi6y"
"Global\552FFA80-3393-423d-8671-7BA046BB5906"
"KYIMEShareCachedData.MutexObject.XQkHi6y"
"Local\ZonesLockedCacheCounterMutex"
"Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCounterMutex"
"Local\10MU_ACBPIDS_S-1-5-5-0-58022"
"Local\ZoneAttributeCacheCounterMutex" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"), Antivirus vendors marked dropped file "00021#vcruntime140.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00018#Newtonsoft.Json.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows")
- source
- Binary File
- relevance
- 10/10
-
Loads rich edit control libraries
- details
-
"<Input Sample>" loaded module "%WINDIR%\System32\riched32.dll" at 73660000
"<Input Sample>" loaded module "%WINDIR%\System32\riched20.dll" at 6A670000
"Engine.exe" loaded module "%WINDIR%\System32\riched32.dll" at 73660000
"Engine.exe" loaded module "%WINDIR%\System32\riched20.dll" at 6A670000
"EXCEL.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 63190000 - source
- Loaded Module
-
Loads the .NET runtime environment
- details
-
"IfEngine.exe" loaded module "%WINDIR%\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll" at 62580000
"IfEngine.exe" loaded module "%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll" at 61A20000 - source
- Loaded Module
-
Process launched with changed environment
- details
-
Process "EXCEL.EXE" (Show Process) was launched with new environment variables: "MEOW="%PROGRAMFILES%\Microsoft Office\Office14\""
Process "IfEngine.exe" (Show Process) was launched with new environment variables: "WecVersionForRosebud.5D8="4"" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"<Input Sample>" searching for class ".QDebug."
"<Input Sample>" searching for class ".AutoUpdate.X_UpdateInfinancialsExcelAddin2"
"<Input Sample>" searching for class "C:\InfinancialsExcelAddin2.1.exe"
"Engine.exe" searching for class ".QDebug." - source
- API Call
- relevance
- 10/10
-
Sets a windows hook
- details
- "EXCEL.EXE" sets a windows hook with filter "WH_KEYBOARD" for thread ID 2156
- source
- API Call
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "Engine.exe" with commandline "/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process)
Spawned process "EXCEL.EXE" with commandline "/dde" (Show Process)
Spawned process "IfEngine.exe" with commandline ", ,True" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "CN=thawte Primary Root CA, OU="c 2006 thawte
Inc. - For authorized use only", OU=Certification Services Division, O="thawte
Inc.", C=US" (SHA1: D0:0C:FD:BF:46:C9:8A:83:8B:C1:0D:C4:E0:97:AE:01:52:C4:61:BC; see report for more information)
The input sample is signed with a certificate issued by "CN=thawte SHA256 Code Signing CA, O="thawte
Inc.", C=US" (SHA1: AA:CC:9C:16:AB:E0:6E:56:41:3C:6D:FE:1E:FD:FF:0E:48:4F:DB:29; see report for more information) - source
- Certificate Data
- relevance
- 10/10
-
The input sample is signed with a valid certificate
- details
- The entire certificate chain of the input sample was validated successfully.
- source
- Certificate Data
- relevance
- 10/10
-
Contains PDB pathways
-
Installation/Persistance
-
Connects to LPC ports
- details
-
"<Input Sample>" connecting to "\ThemeApiPort"
"Engine.exe" connecting to "\ThemeApiPort"
"EXCEL.EXE" connecting to "\ThemeApiPort"
"IfEngine.exe" connecting to "\ThemeApiPort" - source
- API Call
- relevance
- 1/10
-
Contains ability to lookup the windows account name
- details
-
LookupAccountNameA@ADVAPI32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetUserNameA@ADVAPI32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
GetUserNameA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
LookupAccountNameA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 5/10
-
Dropped files
- details
-
"00028#Switch_Addin.vbs" has type "ASCII text with CRLF line terminators"
"00090#Ratios_QR.xls" has type "Composite Document File V2 Document Little Endian O%WINDIR%\Version 10.0 Code page: 1252 Title: Ratios_QR Subject: 1.010 Author: Jse Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 11 13:46:38 2009 Create Time/Date: Tue Jul 7 13:18:23 2009 Last Saved Time/Date: Wed Sep 27 09:49:48 2017 Security: 0"
"00042#fundamentals_factset_insurance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_insurance Subject: 1.001 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:43:05 2009 Create Time/Date: Wed Aug 13 10:29:53 2003 Last Saved Time/Date: Wed Sep 27 09:37:39 2017 Security: 0"
"00055#fundamentals_wvb_interim_5yr_banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_wvb_interim_banks Subject: 1.001 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 10:23:10 2009 Create Time/Date: Fri Apr 27 21:18:26 2007 Last Saved Time/Date: Wed Sep 27 09:37:21 2017 Security: 0"
"00083#market_rebased.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: market_rebased Subject: 1.011 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 18 15:24:43 2009 Create Time/Date: Tue Aug 26 09:40:02 2008 Last Saved Time/Date: Wed Sep 27 09:49:01 2017 Security: 0"
"00084#market_rebased_pr.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: market_rebased_pr Subject: 1.011 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 18 15:24:43 2009 Create Time/Date: Tue Aug 26 09:40:02 2008 Last Saved Time/Date: Wed Sep 27 09:49:03 2017 Security: 0"
"00056#fundamentals_wvb_interim_5yr_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Jul 7 10:47:58 2014 Last Saved Time/Date: Wed Sep 27 09:37:23 2017 Security: 0"
"estimates.xls" has type "Composite Document File V2 Document Can't read SAT"
"00053#fundamentals_wvb_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Jul 7 10:47:58 2014 Last Saved Time/Date: Wed Sep 27 09:37:17 2017 Security: 0"
"00040#fundamentals_factset_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_industrials Subject: 1.001 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:40:05 2009 Create Time/Date: Tue Aug 12 17:35:46 2003 Last Saved Time/Date: Wed Sep 27 09:37:37 2017 Security: 0"
"00044#fundamentals_factset_interim_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_interim_industrials Subject: 1.001 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:47:46 2009 Create Time/Date: Wed Sep 1 14:25:06 2004 Last Saved Time/Date: Wed Sep 27 09:37:43 2017 Security: 0"
"00061#fundamentals_wvb_interim_Industrials.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_wvb_interim_Industrials Subject: 1.006 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 10:28:37 2009 Create Time/Date: Wed Aug 24 11:19:28 2005 Last Saved Time/Date: Wed Sep 27 09:37:31 2017 Security: 0"
"00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
"00027#Run Vbs.cmd" has type "ASCII text with CRLF line terminators"
"00086#Stock_Market_History.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Dec 10 14:10:42 2012 Last Saved Time/Date: Wed Sep 27 09:47:14 2017 Security: 0"
"00038#estimates_jcf_Ins.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: estimates_jcf_Ins Subject: 1.008 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Jun 30 09:26:00 2009 Create Time/Date: Tue Jul 12 10:27:29 2005 Last Saved Time/Date: Wed Sep 27 09:15:31 2017 Security: 0"
"00010#Infront.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
"00021#vcruntime140.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
"00071#Historic_Trading_Multiples_QR_5yr_Banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: Historic_Trading_Multiples_QR_Banks Subject: 1.006 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Tue Mar 15 17:07:58 2005 Last Saved Time/Date: Wed Sep 27 09:42:47 2017 Security: 0"
"00037#estimates_jcf_Banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: estimates_jcf_Banks Subject: 1.008 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Jun 30 09:26:00 2009 Create Time/Date: Tue Jul 12 10:27:29 2005 Last Saved Time/Date: Wed Sep 27 09:14:39 2017 Security: 0" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
-
Monitors specific registry key for changes
- details
-
"EXCEL.EXE" monitors "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" (Filter: 15; Subtree: 1)
"EXCEL.EXE" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4; Subtree: 0)
"EXCEL.EXE" monitors "\REGISTRY\USER\S-1-5-21-4162757579-3804539371-4239455898-1000\Software\Microsoft\Office\14.0\Excel\Place MRU" (Filter: 4; Subtree: 0)
"EXCEL.EXE" monitors "\REGISTRY\USER\S-1-5-21-4162757579-3804539371-4239455898-1000\Software\Microsoft\Office\14.0\Excel\File MRU" (Filter: 4; Subtree: 0) - source
- API Call
- relevance
- 4/10
-
Opens the MountPointManager (often used to detect additional infection locations)
- details
- "EXCEL.EXE" opened "\Device\MountPointManager"
- source
- API Call
- relevance
- 5/10
-
Touches files in the Windows directory
- details
-
"<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"<Input Sample>" touched file "C:\Windows\Fonts\StaticCache.dat"
"<Input Sample>" touched file "C:\Windows\System32\en-US\user32.dll.mui"
"<Input Sample>" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
"<Input Sample>" touched file "C:\Windows\AppPatch\sysmain.sdb"
"Engine.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"Engine.exe" touched file "C:\Windows\Fonts\StaticCache.dat"
"Engine.exe" touched file "C:\Windows\System32\en-US\user32.dll.mui"
"Engine.exe" touched file "C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui"
"Engine.exe" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
"Engine.exe" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
"Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
"Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
"EXCEL.EXE" touched file "C:\Windows\AppPatch\sysmain.sdb"
"EXCEL.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"EXCEL.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
"EXCEL.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.infinancials.com/add-in/release|UpdateInfinancialsExcelAddin2.info|UpdateInfinancialsExcelAddin2.exe|kwxexgjhkstsuhssketsukvfvjkvvuuwshvctbuvjukekevhjskdvchb|0|"
Heuristic match: "n0g6O.Lc"
Heuristic match: "mgn]]R[Wof.kZ"
Heuristic match: "44[Cs4t.PN"
Heuristic match: "cJRtGYGY.kY"
Heuristic match: "~nK%<2!5#.aD"
Pattern match: "http://t2.symcb.com0"
Pattern match: "http://t1.symcb.com/ThawtePCA.crl0"
Pattern match: "http://tl.symcb.com/tl.crl0"
Pattern match: "https://www.thawte.com/cps0/"
Pattern match: "https://www.thawte.com/repository0W"
Pattern match: "http://tl.symcd.com0&"
Pattern match: "http://tl.symcb.com/tl.crt0"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: t2.symcb.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEGSXEE%2FtF8ThqEI29tzroFY%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: tl.symcd.com"
Pattern match: "https://www.infrontanalytics.com" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Hooks API calls
- details
-
"SysAllocStringByteLen@OLEAUT32.DLL" in "EXCEL.EXE"
"VariantChangeType@OLEAUT32.DLL" in "EXCEL.EXE"
"SysFreeString@OLEAUT32.DLL" in "EXCEL.EXE"
"VariantClear@OLEAUT32.DLL" in "EXCEL.EXE"
"OleLoadFromStream@OLE32.DLL" in "EXCEL.EXE" - source
- Hook Detection
- relevance
- 10/10
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
-
"<Input Sample>" opened "\Device\KsecDD"
"Engine.exe" opened "\Device\KsecDD"
"EXCEL.EXE" opened "\Device\KsecDD"
"IfEngine.exe" opened "\Device\KsecDD" - source
- API Call
- relevance
- 10/10
-
Queries sensitive IE security settings
- details
- "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
-
Hooks API calls
-
Unusual Characteristics
-
Found Delphi 4 - Delphi 2006 artifact
- details
- "InfinancialsExcelAddin2.1.exe.bin" has a PE timestamp using the buggy magic timestamp 0x2A425E19.
- source
- Static Parser
- relevance
- 10/10
-
Matched Compiler/Packer signature
- details
-
"InfinancialsExcelAddin2.1.exe.bin" was detected as "BobSoft Mini Delphi -> BoB / BobSoft"
"00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" was detected as "Microsoft visual C# / Basic .NET"
"00010#Infront.dll" was detected as "Microsoft visual C# / Basic .NET"
"00021#vcruntime140.dll" was detected as "Borland Delphi 3.0 (???)"
"00018#Newtonsoft.Json.dll" was detected as "Morphine v1.2 (DLL)"
"00013#libcurld.dll" was detected as "Borland Delphi 3.0 (???)"
"00009#IfProtocol.exe" was detected as "Microsoft visual C# v7.0 / Basic .NET"
"00012#InfrontDS.DLL" was detected as "Borland Delphi 3.0 (???)"
"00003#dotNet4.6.2.exe" was detected as "VC8 -> Microsoft Corporation" - source
- Static Parser
- relevance
- 10/10
-
Found Delphi 4 - Delphi 2006 artifact
File Details
InfinancialsExcelAddin2.1.exe
- Filename
- InfinancialsExcelAddin2.1.exe
- Size
- 16MiB (16354832 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- b5ee0c25cb5647b5139ea47954666f6ae4c7ed3c69a2d76fa204f305b4fca7ee
- MD5
- 7fa2b659b31792c9c075aad645dbf8d0
- SHA1
- 8dd67ae18fe7691b3ec1c580b2a89dec3b1e9054
- ssdeep
- 393216:7T4ZgnrPvrK+1esoX72MGn3Min0j6sT7RLd8NRfqMUb6ud:AZaB4/L2MGn8i0OsfThd
- imphash
- 2f45afee24007023355d72f427440a0b
- authentihash
- 4a64f9d81b5ce43fb4803e82136e15525368aacec48859c32a3f6f9fd3a653fe
- Compiler/Packer
- BobSoft Mini Delphi -> BoB / BobSoft
- PDB Pathway
Version Info
- LegalCopyright
- Copyright Infront Analytics
- ProductName
- Infront Analytics Excel Add-in
- LegalTrademarks
- Infront Analytics
- Comments
- -
- CompanyName
- Infront Analytics
- Translation
- 0x0409 0x04e4
Classification (TrID)
- 48.9% (.EXE) InstallShield setup
- 16.6% (.EXE) Win32 Executable Delphi generic
- 14.8% (.SCR) Windows Screen Saver
- 7.4% (.DLL) Win32 Dynamic Link Library (generic)
- 5.1% (.EXE) Win32 Executable (generic)
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
File Certificates
Certificate chain was successfully validated.
Download Certificate File (Unknown)Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US | CN=thawte Primary Root CA, OU="c 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Serial: 71a0b73695ddb1afc23b2b9a18ee54cb |
12/10/2013 01:00:00 12/10/2023 00:59:59 |
87:19:53:A9:8D:41:50:C3:3C:69:A0:C5:AE:9A:68:C6 D0:0C:FD:BF:46:C9:8A:83:8B:C1:0D:C4:E0:97:AE:01:52:C4:61:BC |
CN=Infinancials, O=Infinancials, L=Paris, ST=Paris, C=FR | CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US Serial: 6497104fed17c4e1a84236f6dceba056 |
08/29/2017 01:00:00 09/08/2019 00:59:59 |
EC:88:E9:68:90:AB:F1:8F:D4:B3:90:61:2B:9E:2B:29 AA:CC:9C:16:AB:E0:6E:56:41:3C:6D:FE:1E:FD:FF:0E:48:4F:DB:29 |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 7 processes in total (System Resource Monitor).
-
InfinancialsExcelAddin2.1.exe
(PID: 2380)
1/66
-
Engine.exe
/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"
(PID: 3716)
- cacls.exe "%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F (PID: 3676)
- cacls.exe "%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F (PID: 3740)
- cacls.exe "%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F (PID: 3632)
-
EXCEL.EXE
/dde
(PID: 1496)
- IfEngine.exe , ,True (PID: 2700)
-
Engine.exe
/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"
(PID: 3716)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 98 extracted file(s). The remaining 35 file(s) are available in the full version and XML/JSON reports.
-
Clean 3
-
-
00016#Microsoft.VisualBasic.PowerPacks.Vs.dll
- Size
- 263KiB (269344 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- AV Scan Result
- 0/74
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- cd5acc88e72e848430b8fe12b977b07d
- SHA1
- 7c63e7c1645081eede0d7e9895483cc91b9bcd22
- SHA256
- 8ddb71776b12fc6011e8af0e1df4fb4b72414b05d4d11cb0b17fae71a356405e
-
00018#Newtonsoft.Json.dll
- Size
- 639KiB (653824 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- f33cbe589b769956284868104686cc2d
- SHA1
- 2fb0be100de03680fc4309c9fa5a29e69397a980
- SHA256
- 973fd70ce48e5ac433a101b42871680c51e2feba2aeec3d400dea4115af3a278
-
00021#vcruntime140.dll
- Size
- 82KiB (83784 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 5616e0dfbab93369480053fe3a7bba13
- SHA1
- 3c3ccae0ef89771962f169f46490373c538f5599
- SHA256
- 51d9be4b94235a2de0412fea8668a0b13d5c7fcefece6c07794947c5bab0d2bb
-
-
Informative Selection 3
-
-
English.lng
- Size
- 11KiB (10962 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- cacls.exe (PID: 3740)
- MD5
- f6bb76301a173d7c87a67dac468dbc06
- SHA1
- d04a5affc04399f0600ee10ea5f17023566dce3b
- SHA256
- a58ef3cd6902e1ca34982002ca0f8ed99a40749ef80e23d1104847243788d53b
-
InfinancialsExcelAddin2_17708.exe
- Size
- 572KiB (585400 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- c19702ca448041d00d8c81f27f9ce59e
- SHA1
- f0e54113d28907fdcd3c75071dd9c09aab6010c9
- SHA256
- 9ad81c20e45036c161d26b11e2162ea7a01477980b429791e455ac83d434f114
-
Engine.exe
- Size
- 572KiB (585400 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- c19702ca448041d00d8c81f27f9ce59e
- SHA1
- f0e54113d28907fdcd3c75071dd9c09aab6010c9
- SHA256
- 9ad81c20e45036c161d26b11e2162ea7a01477980b429791e455ac83d434f114
-
-
Informative 92
-
-
CD - schkK0Etic_262696_90425.xml
- Size
- 470B (470 bytes)
- Runtime Process
- EXCEL.EXE (PID: 1496)
- MD5
- 29e8310a9850fbfb49877799f94693d5
- SHA1
- 611fb1d770d89ebf8de0974bc752f3db7eab0b69
- SHA256
- 68c878f8a89b056a9a989bd178aac20793de7bc024a6be98ff7f74584cafe1ed
-
IfEngine.exe
- Size
- 5MiB (5210112 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- f138f86fe79a3112739c32efb225b22c
- SHA1
- 0f6113cae7d3a85cd7da8c853291c4279ce09ae4
- SHA256
- 96fd0d82f7eea8a50abfb2fee734b4587b53b4dd70ac0135a6780fcc7c07a7b2
-
InfinancialsExcelAddin2_17708.txt
- Size
- 19KiB (19785 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- 953fb7e8f44cfeb8f834569343a9d2a1
- SHA1
- 2d5aabea7ca85654d4e2bb6eb9635ff12f4cdb6a
- SHA256
- cff1610010a86f9487994303008e71ce2a833b7def0644305002bce43ce91318
-
Setup.log
- Size
- 15KiB (15644 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- c74085f4d8fdbe9c7688f42d4b5d4062
- SHA1
- 20807513d00c1013788bbc492eb6bed4adb7e056
- SHA256
- 12dddbdddbd20ed420b9dae6dee5aef468ef3ee17b3638e3afd900ebd846ba4f
-
estimates.xls
- Size
- 5MiB (5210112 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Can't read SAT
- Runtime Process
- cacls.exe (PID: 3632)
- MD5
- 4cea5befe9773882d7648a6d0d4b1b05
- SHA1
- 735c34c7acbaaadf390818249d934afc9de3a1a1
- SHA256
- d835d856817f501732ea3e2bdf458d9eab0f08dd6c8454356e13665c9432549a
-
EfFull.LNK
- Size
- 1.2KiB (1243 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Mar 19 09:49:16 2018, mtime=Mon Mar 19 09:49:16 2018, atime=Mon Mar 19 09:50:37 2018, length=128000, window=hide
- Runtime Process
- EXCEL.EXE (PID: 1496)
- MD5
- cc216811ac594900972f30b4a0e44ce9
- SHA1
- e40394a021fe185f9a52d4715cee9cafecd36fab
- SHA256
- fc3e45c0f813e205d52b298eb0d5021f7b8957ad3cc020cf6fa6231bf0a2b99a
-
index.dat
- Size
- 161B (161 bytes)
- Runtime Process
- EXCEL.EXE (PID: 1496)
- MD5
- ead835a63ba1ca257dfa27e7c86f14d2
- SHA1
- 9b9e7817386baaa1799d8d70efdd511bd4c36326
- SHA256
- f13d5dd6dc523a3328d113db88c847a2cbe11faeba8ed5f3ba33bfc9563fe5eb
-
AD7C3000
- Size
- 23KiB (23040 bytes)
- Runtime Process
- EXCEL.EXE (PID: 1496)
- MD5
- a9b746a181e03b25ff4fce54cf6c4fb2
- SHA1
- db60170230c241cef417e689f5eca2b16bfb4d5d
- SHA256
- fd37094d74076712ea53f80e789dcbdc1f0fc87a60bccb4d48bb4a275d3892fc
-
00000#api-ms-win-crt-runtime-l1-1-0.dll
- Size
- 23KiB (23952 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- da9cb6b2a96ca5f3d8ef55ef2f7165ba
- SHA1
- eccc29dc737032ac602bdb6da1561064dc2aec49
- SHA256
- 057991c1da75cefbe544992d78db72ba476f6861819055aa011875abea3195cc
-
00001#Infront_RTD.xlsx
- Size
- 18KiB (18814 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- a502b57a93caab1b1c9d5a88715118a9
- SHA1
- a7712e7bae8acd9439ef4848db60b9d1cfdc8a16
- SHA256
- 17d5b4cad9544bf9b351e1093f886b105ecaac1d63f81c99f790745963209018
-
00002#Infront_RTD2.xlsx
- Size
- 18KiB (18814 bytes)
- Type
- xlsx office
- Description
- Microsoft Excel 2007+
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 8f9885c9550012ebd04143349378990b
- SHA1
- 6ea6116a4abc5141f9f73ee552d9fc545ebd6b44
- SHA256
- 766b31ace9bdbf9c2036d94fc3d1a464c025ac64a0ab7db881f9def07df23774
-
00003#dotNet4.6.2.exe
- Size
- 1.4MiB (1429344 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- b5a67867cdce86e09e2625a6fa4d5fea
- SHA1
- c42e6ed280290648bbd59f664008852f4cfe4548
- SHA256
- 5e21c85034311c51d8b0367a773d475af2392b3ddcd90676c61697c6b5fd2e6a
-
00004#EfAlias.xml
- Size
- 1.3KiB (1304 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- 09f5ab3755a4b1f86b24a4f8d6e0eb2e
- SHA1
- f7f7004bccba59d2f776cefcb2970afa98f63e6a
- SHA256
- 7e3d62de28ba4d122b16f79ddad54bda31282022f6d833be974bcbcdfcb3769d
-
00005#EfDictionary.csv
- Size
- 1MiB (1084452 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- 8bb69e89c5ef0481126a55cc7dfb523f
- SHA1
- 4ab13911c9670e99bba2bb4ab6620e61d0471d1b
- SHA256
- 7916c2622ff29a80ea0d67e1c0a9bc952c72c36ecff2545c959d1f72d7faec8c
-
00006#EfPoids.xml
- Size
- 539B (539 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- 5ccab699e318771f2dd0b4378130dbc7
- SHA1
- 5622d710d98517b1893a1a2dbb66a433d256eff8
- SHA256
- 998fd9529167da1c1ff958d30d4b8dfa6ccc44cd0bb1fcda5606680f63417d08
-
00007#FieldWizard.xml
- Size
- 14KiB (13831 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- fdc3e1687f3806494d9a0aff433e3061
- SHA1
- 14a755470ce147bbbbb403c0d69e383f2ce41288
- SHA256
- 80445030a181d75ffd958cd3c017a53258ba1f957d92765ead341951eea9bc62
-
00008#IfEngine.exe
- Size
- 4.5MiB (4718592 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- 335f107da62108dd7aa0569a60a15b8c
- SHA1
- cd12a0df7cc9348c8aeab5e1bb9315ee2c643447
- SHA256
- f902d9415556ff60dd0a0de069bc5f4e9aa39f81b8630d1555423713ff70d325
-
00008#IfEngine.exe.00002
- Size
- 1.1MiB (1108104 bytes)
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- dd11f2c1380308a3f84a716903df53e3
- SHA1
- cbbf21e38c401ac1aa0d4621cb025903c8dc5c45
- SHA256
- 63d022a976ae40c0a84ca83e0f649d80f3ed0fde520c7fcb16413d9921dd8851
-
00009#IfProtocol.exe
- Size
- 44KiB (44680 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- e0cf959b05b1b6f543b3a7bb48ec460a
- SHA1
- fd7db96fa52d6b4661f5cf5ff3f2a4ad4af4824c
- SHA256
- b21549a1a5c6431c0ccf10dfd75524bf139f7fafceec0e3674cf767a901aaf26
-
00010#Infront.dll
- Size
- 73KiB (74240 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
- Runtime Process
- Engine.exe (PID: 3716)
- MD5
- cae40e9da2967b19cce7134a822ad944
- SHA1
- 2162d110e154ad8d353343884be33ec5a74c59c7
- SHA256
- 60d413779987e2f189d77326ef478631c52fc42e2af147189acda0b1d6985347
-
00012#InfrontDS.DLL
- Size
- 2MiB (2065408 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (console) Intel 80386, for MS Windows
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- cf22a3c146ca79929d1b830295660cbb
- SHA1
- 51ceedf548e5e36fc815896b625fdbeab6e40afb
- SHA256
- 1d12871f172c942f846c25a5bcd6b8a0420ddcd6d79513e705e6d8c93773c091
-
00013#libcurld.dll
- Size
- 319KiB (326144 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 50d4c3cfaf7889f1f25313ba431cbfdd
- SHA1
- 0293b19f5afef9feeb26f0215a63f803790b97bd
- SHA256
- 06d55cdc47885bab0cf9d74188c87771bc021d30dbdf1e6e5aefbe20290336d7
-
00022#Clean_Reg.vbs
- Size
- 5KiB (5077 bytes)
- Type
- script javascript
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 1e25e97fa79e9fb7b74c2934bbc4b0f3
- SHA1
- ac0fed90da880085003490fbcd5e8e692b06b7f7
- SHA256
- 2bc267dc6380039d8aba3ec4411bd4f3acb3061f53089cf01cdadda548ca54e7
-
00023#CloseExcelEngine.vbs
- Size
- 548B (548 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 532f43fc73d746eb85d7a65b66389a36
- SHA1
- 73e3e589cbcf72634826f8e90d38339ca8b62b13
- SHA256
- 00f355c6a117c170f71f34b6fff9931442e3dce76bb4d197a6e50559a3e7cfcd
-
00024#Del_Reg.vbs
- Size
- 5.3KiB (5451 bytes)
- Type
- script javascript
- Description
- ISO-8859 text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 960a188cf88d4aaaf3db25c472d33c75
- SHA1
- 2c1a13789811ac0d09635a8f789255b3f736cb15
- SHA256
- 369f0d008f06fbb9d6aaa4c37ae74ee6408bafa70289cf0c1a9f3639da8af8d4
-
00025#Disable_Lauch.vbs
- Size
- 3.7KiB (3751 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 1de4a27401fbadd391e0727d9d337938
- SHA1
- f2dd318f247574793d25ab5b98cf15894dbc71a6
- SHA256
- 47ef7f860e64e6d4f9ced29ea4172432819f0621f890cce636646a563bf23bb3
-
00026#Restart_Engine.vbs
- Size
- 636B (636 bytes)
- Type
- script javascript
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 24bf18c279c64a503861edbb47d7e94a
- SHA1
- f6c1c6115bdfda4ec04b571076e3c9780b74f487
- SHA256
- 2060af1a1be1c7bce5878206ef611b2ce566fcfbca01ef6352a5304149571321
-
00027#Run Vbs.cmd
- Size
- 59B (59 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- dbdc2d00771e3d77d0e2c75b5d0d7ce7
- SHA1
- d883470abaec75f7dc67f4ea0603366acca18594
- SHA256
- 033a486517cd58df3313c36afcb692e36b65552f779a4a001cc4f70f823197d4
-
00028#Switch_Addin.vbs
- Size
- 3.3KiB (3389 bytes)
- Type
- script javascript
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- a2bd14ab75e3a30ac0859e8adcd3ec43
- SHA1
- 866913f30362b104024452078f3af53292b9d8de
- SHA256
- f3d7c206d1717650855618cb259c6b3d2372ee338b936467d3fe3995dc5a8151
-
00032#EfRibbon.xlam
- Size
- 34KiB (34954 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 5dbf4fcbad6a95f2c9e5e513e9a5a560
- SHA1
- 9acbe0be412953abd1bef2a4d779dee133cbd66c
- SHA256
- 44ed44607e888b5354b337bb2ce353dab63fbfe0c98b412e10fd856d0d9b7d62
-
00033#EfRibbon2.xlam
- Size
- 34KiB (34610 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 5c8d43ae02f77fba5cb3e2fc1a5e4176
- SHA1
- a8d1db4cf1c0e7a0ce4454b60f88ceb95ad60745
- SHA256
- 132113d9684f55e91d968204bdf3006792a36223d1f30f5b2700630ea7cad0ca
-
00036#estimates.xls
- Size
- 4.5MiB (4718592 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Can't read SAT
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 36aced2925b28c6a6fe55bf39de5ba0e
- SHA1
- 51a367bf3b9c7b2e66e3b5497064e840bbfe1ab6
- SHA256
- 27a4c49dd8a9d9bb13243df112bf1eb8a747c9bfd6625a712cbe8caa6be683ba
-
00037#estimates_jcf_Banks.xls
- Size
- 133KiB (136192 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: estimates_jcf_Banks, Subject: 1.008, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Jun 30 09:26:00 2009, Create Time/Date: Tue Jul 12 10:27:29 2005, Last Saved Time/Date: Wed Sep 27 09:14:39 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- de5ee77492feee962691f3005de51dda
- SHA1
- ddaf9fd08f83ee3ec601d401cd6f1b2de27acf07
- SHA256
- a651ed0dc10a3f284a4ee6dced4230a9cb32c56edbae3bcb46e48f54d49ccd9d
-
00038#estimates_jcf_Ins.xls
- Size
- 128KiB (130560 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: estimates_jcf_Ins, Subject: 1.008, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Jun 30 09:26:00 2009, Create Time/Date: Tue Jul 12 10:27:29 2005, Last Saved Time/Date: Wed Sep 27 09:15:31 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- e3a0f9b401fd306e7e346bcbeb5cdfb8
- SHA1
- 3b81a2444d424c1327e1086f7598ce7f0d7c2faa
- SHA256
- c5f48c9f706821101cb6104c90ab3355dad7c2c2182a13f4d33e55ef87df000f
-
00039#fundamentals_factset_banks.xls
- Size
- 149KiB (152576 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_banks, Subject: 1.001, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:40:22 2009, Create Time/Date: Fri May 14 17:00:08 2004, Last Saved Time/Date: Wed Sep 27 09:37:35 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 61f6bedcbee52af559da6d8fc447f8ef
- SHA1
- 08be8c3a360b59a1629974b530d14feb987aff08
- SHA256
- d182cd33df0681409d7690101772112a59a3085dbd3bff81a45bbed3b4a3c1e1
-
00040#fundamentals_factset_finance.xls
- Size
- 152KiB (155136 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_industrials, Subject: 1.001, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:40:05 2009, Create Time/Date: Tue Aug 12 17:35:46 2003, Last Saved Time/Date: Wed Sep 27 09:37:37 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- b53a2ff70538b4a6808a5563d476a586
- SHA1
- 4b4039a5a71f24b069142d60035de04eb98ad7cc
- SHA256
- b120c27ceb37c7699d60ee6112dbeb99d82f67faaf10dadb297123bf19ffd40a
-
00041#fundamentals_factset_industrials.xls
- Size
- 139KiB (141824 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- efcdd7364adb7c9dc73e6b9f22601254
- SHA1
- 0ff0918a509a3af0c222f47b735c5c0c26d66d25
- SHA256
- fe8ad6db173202ba3fba70d49266091feb25377189dd4004e1cca7e48fb34f6a
-
00042#fundamentals_factset_insurance.xls
- Size
- 131KiB (133632 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_insurance, Subject: 1.001, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:43:05 2009, Create Time/Date: Wed Aug 13 10:29:53 2003, Last Saved Time/Date: Wed Sep 27 09:37:39 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- bb62a4f199a0cdb8dab4864161074d19
- SHA1
- 70abd9efbf113d3b77de8dfdd15b4d5f3c1bd90b
- SHA256
- 7280113aaa6a2d12df5df22274b0366abcbc7c63a8c71e21ab8ee16ef806ccb5
-
00043#fundamentals_factset_interim_banks.xls
- Size
- 201KiB (205824 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_interim_banks, Subject: 1.001, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:45:26 2009, Create Time/Date: Fri May 14 17:00:08 2004, Last Saved Time/Date: Wed Sep 27 09:37:41 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 247416ebd2cb10b092766088f1282155
- SHA1
- 06a8b94ec1d7016ba452e2a58e80bf1e3637ad50
- SHA256
- 8a522401853ad2c17158f953a9b7e79013662d40a1a81f3154a489a18fb4ecc8
-
00044#fundamentals_factset_interim_finance.xls
- Size
- 245KiB (250368 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_interim_industrials, Subject: 1.001, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:47:46 2009, Create Time/Date: Wed Sep 1 14:25:06 2004, Last Saved Time/Date: Wed Sep 27 09:37:43 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 93bd70b98c10af168bde02e97cbd630f
- SHA1
- 99b421905cb6eeb29ce160c764f041e70e60c779
- SHA256
- f2b55caee29f52d903e5a5046b9e834d92c463a3700346f2b75d9e8f0b1c5153
-
00045#fundamentals_factset_interim_industrials.xls
- Size
- 208KiB (212480 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_interim_industrials, Subject: 1.001, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 09:47:46 2009, Create Time/Date: Wed Sep 1 14:25:06 2004, Last Saved Time/Date: Wed Sep 27 09:37:44 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 4decb41b23cefe0f94f27c7bd6398586
- SHA1
- 948145fe6d19c07ce2a06002a732e9215cadb8e2
- SHA256
- ac4345d5b0923c125e2f9f858bca75cc974634c92f6e6bbe1435b93e1e2e7446
-
00046#fundamentals_factset_interim_insurance.xls
- Size
- 216KiB (221184 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_reuters_interim_insurance, Subject: 1.001, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:18:19 2009, Create Time/Date: Wed Aug 13 10:29:53 2003, Last Saved Time/Date: Wed Sep 27 09:37:45 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 88276e44e021f3f92438381ed2399d37
- SHA1
- a9ee3fca9c6bbc158c664219f67600e5b414927c
- SHA256
- 9e279ecfbc56c54c41ed1cf1e9eb851cf1c7c6ee6cc43768974120b051f8c56e
-
00047#fundamentals_wvb_5yr.xls
- Size
- 157KiB (160768 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_5yr, Subject: 1.007, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:19:47 2009, Create Time/Date: Fri Dec 6 19:23:36 2002, Last Saved Time/Date: Wed Sep 27 09:37:46 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 87160e43f32c6ff261f3a7632201690d
- SHA1
- a04f4eb2a625f23a5274a6a1e887af8a6240de40
- SHA256
- 4882f5be9802e56d242dd742cb43ac07dad423058cd7ab2821ffd39c700ebdb3
-
00048#fundamentals_wvb_5yr_banks.xls
- Size
- 120KiB (122368 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_5yr_banks, Subject: 1.007, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:23:10 2009, Create Time/Date: Fri Apr 27 21:18:26 2007, Last Saved Time/Date: Wed Sep 27 09:37:53 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 57e5ba782e64c36685decb8b4fa0eff2
- SHA1
- 53cd1eeeddb6a398d9eac405ba86325802107ce4
- SHA256
- 78955062d2f33360a2e4f5841cd4fabd833e84b8c471ae55ef9faf5db75aaa43
-
00049#fundamentals_wvb_5yr_finance.xls
- Size
- 150KiB (153088 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 31e308c4bf6bb33e9dd9b8c92064a8b6
- SHA1
- 9afefa1c79f2ed88ed0728251497cbbe70f1fdfb
- SHA256
- 140698d6101d318b1a57551524f0bcbcd8d54680ab1f90534aefb38fb5a825fc
-
00050#fundamentals_wvb_5yr_insurance.xls
- Size
- 128KiB (131072 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_5yr_insurance, Subject: 1.007, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:22:12 2009, Create Time/Date: Wed Aug 13 10:29:53 2003, Last Saved Time/Date: Wed Sep 27 09:37:50 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 23543b2e68b419984c3aec6d63cf8d20
- SHA1
- b69ea375d868248ed30decbc5984c0cece30ad32
- SHA256
- 43205d2e1cfbc36c7e6083596e1abb6810410eab7e84af0c2639b5fed5455c78
-
00051#fundamentals_wvb_banks.xls
- Size
- 170KiB (174080 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_banks, Subject: 1.006, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:23:10 2009, Create Time/Date: Fri Apr 27 21:18:26 2007, Last Saved Time/Date: Wed Sep 27 09:37:51 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- c5f84e34f818eb0744346b8e07ae045f
- SHA1
- c43a011e9a987c478786a6059a41b69a393d332e
- SHA256
- ffa19a51ad2678332bf2adb4f29db301ae7da3605d1f452585816cded0665bd3
-
00052#fundamentals_wvb_cfpremium.xls
- Size
- 501KiB (512512 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 305fdf9ee911c95a1961ef14f62cc4c6
- SHA1
- 4e491c497aae5a231e4207741b14b7d37ec897d5
- SHA256
- 33b141b56edc65d115619096b9868318a8403a0e3a5cc288194a7826259fdbec
-
00053#fundamentals_wvb_finance.xls
- Size
- 186KiB (189952 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jul 7 10:47:58 2014, Last Saved Time/Date: Wed Sep 27 09:37:17 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 24764ddbd003f12609a23a023718fa37
- SHA1
- cbf1a03c3b6231c24cd104bd39e8abe94536c178
- SHA256
- 4169069f0c89ceed2a2df5cb9d3dd33fd7b3150c2dfcd5de2151a3f4ad48b0b3
-
00054#fundamentals_wvb_insurance.xls
- Size
- 150KiB (153600 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- c492fccf23c713fc0fed3c1aad1f655d
- SHA1
- f007722c058271bab89cc8815b889e5299adedf2
- SHA256
- b0aedf72a57746c175008b15b35c4e0fd9ce77f4308e215c26789d8f4de32e66
-
00055#fundamentals_wvb_interim_5yr_banks.xls
- Size
- 154KiB (157696 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_interim_banks, Subject: 1.001, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:23:10 2009, Create Time/Date: Fri Apr 27 21:18:26 2007, Last Saved Time/Date: Wed Sep 27 09:37:21 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 9ff4183210c25914b5e7a79d9249e78d
- SHA1
- 6b4d0783ccdbbd99252392c6a7e6722117b3d061
- SHA256
- 3294c1c7ff68984ccfbe1aa68d894de71d152a32ddf391f1cc4ffa659fa1b71c
-
00056#fundamentals_wvb_interim_5yr_finance.xls
- Size
- 184KiB (188416 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jul 7 10:47:58 2014, Last Saved Time/Date: Wed Sep 27 09:37:23 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- e62e9fbf50a22ed568bc126c3e922226
- SHA1
- b561951fe02757916b4b172fc07f52e5da13d49c
- SHA256
- 0c919437bc11202173b552cad2aa7da72eae83ee64898146d497dcd33a01daeb
-
00057#fundamentals_wvb_interim_5yr_Industrials.xls
- Size
- 241KiB (246784 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_interim_Industrials, Subject: 1.002, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:28:37 2009, Create Time/Date: Wed Aug 24 11:19:28 2005, Last Saved Time/Date: Wed Sep 27 09:37:25 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 4c660ae0c699a3faf2ce32e17586cdc0
- SHA1
- 9c8080da2e89637e803c2b72434e4eceb4fb5f72
- SHA256
- f7a8b566733b725eb668ce2933144948db0c9e0688f45f4810203db43b46aae1
-
00058#fundamentals_wvb_interim_5yr_insurance.xls
- Size
- 169KiB (173056 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_interim_insurance, Subject: 1.001, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:29:29 2009, Create Time/Date: Wed Aug 13 10:29:53 2003, Last Saved Time/Date: Wed Sep 27 09:37:26 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- c10ab49b5c654bc28c338772d3d01fa0
- SHA1
- cdab488e71d40118b77ca0d15b38c83b867e6d1b
- SHA256
- 639f4c656f9a7da4fd61114e7ab795eb7f1404f36509a14f3908a0e61bc8353a
-
00059#fundamentals_wvb_interim_banks.xls
- Size
- 216KiB (220672 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 670d6144d7b83b51a08ed139506e18df
- SHA1
- dcc34d0fba961370d0cd6ee4cda04450820b5e4b
- SHA256
- b9481103055eb9071cdb2cf52e0d6228bae4d33ba702c0ef89e3b4d7e636cf29
-
00060#fundamentals_wvb_interim_finance.xls
- Size
- 265KiB (270848 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jul 7 10:47:58 2014, Last Saved Time/Date: Wed Sep 27 09:37:30 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 0bbc23e4321b942cd2240ab17a39a5af
- SHA1
- c6b597beedb3b7fb326770c202267a88d222aa60
- SHA256
- e51c66ed37f2cacf5b1cbb6cd554ea38bf3ed891d4b8ce112a268241f3457fff
-
00061#fundamentals_wvb_interim_Industrials.xls
- Size
- 320KiB (327168 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_interim_Industrials, Subject: 1.006, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:28:37 2009, Create Time/Date: Wed Aug 24 11:19:28 2005, Last Saved Time/Date: Wed Sep 27 09:37:31 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 281e4f09787daae550aa5ab686e1eacf
- SHA1
- 2bf9d8d85c69f6fb6b2451c62d241756a85e9c0b
- SHA256
- 60d2a02cccbc20802e1447b46d9702e84860cdf9938d310eb7de994febc8b5ec
-
00062#fundamentals_wvb_interim_insurance.xls
- Size
- 181KiB (185344 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: fundamentals_wvb_interim_insurance, Subject: 1.006, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 15 10:29:29 2009, Create Time/Date: Wed Aug 13 10:29:53 2003, Last Saved Time/Date: Wed Sep 27 09:37:34 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 6e69d4bd2c194a0a0180ba5c38587535
- SHA1
- 48f86827898dde8af504dc36d8452c2105c0436c
- SHA256
- 5dcf18e68a9fd286a42233d9cb1d1be607091ea8783c95647dc4764181983a96
-
00063#GPRV_bnk.xls
- Size
- 937KiB (958976 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- ca8897fab25d7c10175a5ecbdde86a57
- SHA1
- e64017f73479fca172af0fb46b85310027c802c3
- SHA256
- ff027fa35a78e81018e11f20c2a285cc02943207cdeb1f19834c9df6ffa2b91b
-
00064#GPRV_Full_Report.xls
- Size
- 2.5MiB (2605056 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: GPRV_Full_Report, Subject: 1.006, Author: Jacob SERRAF, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri May 15 14:20:32 2009, Last Saved Time/Date: Wed Sep 27 09:38:40 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 165ab36091f73592cc9ef1ed76f1a9e6
- SHA1
- 075da160713534ec23a85e3939201bb2f5575e2b
- SHA256
- b8cd14d79f1172402326d4448bd31b2cd67ebf0ce1e513c9ad20a66f65fb9328
-
00065#GPRV_ind.xls
- Size
- 944KiB (966144 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: GPRV_ind, Subject: 1.006, Author: FB, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue May 18 16:27:48 2010, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:38:50 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 375be80b523d14d5b1057f5d103568dc
- SHA1
- 57916cd5c15a9df33a254e5485d9aa8b2aede14e
- SHA256
- 9caab996ebc45219464796d1ad112a9264937f824239c2ed918ca4ba01dbff18
-
00066#Chart_Multiples_Quarterly.xls
- Size
- 402KiB (411136 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Apr 22 14:23:37 2014, Last Saved Time/Date: Wed Sep 27 09:41:50 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 02bed6aeaa450055407c8228f33bd6cb
- SHA1
- 64737ca4e68ffb5aeb79f496a1c57849fea93df2
- SHA256
- bac36c647139883645ee6038087d7c3a5797f6735c1cbe24ec0bfc3eed5e32c5
-
00067#Chart_Multiples_Quarterly_List.xls
- Size
- 425KiB (434688 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Apr 22 14:23:37 2014, Last Saved Time/Date: Wed Sep 27 09:44:22 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- e825e1dacc5223b28e75507e002dd2ce
- SHA1
- d055e86c0cd0c07a95c3351fdd47be8c6ff49194
- SHA256
- b7789c06e14d7d31005a2ca59babe4b464b06821f2d63c0e93b162324b9516a8
-
00068#Histo_Forward_Multiples_at_date.xls
- Size
- 480KiB (491520 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Trading Multiples, Subject: 1.002, Author: FB, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Mon Apr 14 10:02:14 2008, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Mon Jan 8 15:38:20 2018, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 5b85543d96459900492948614b01bb31
- SHA1
- 00b9a83f2a6787628bb1941b235795e2742f394e
- SHA256
- c459f5d498080439054a17dc3d04c12c1cf1fc2216b2616f397279e8a264b0f0
-
00069#Historic_Trading_Multiples_QR.xls
- Size
- 743KiB (760832 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Historic_Trading_Multiples_QR, Subject: 1.010, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:42:25 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- c833bffdf2fe6a6572fc0f1dcab0237c
- SHA1
- 060fd905fb4da956a2c71d4c29b8ed79ff154e4b
- SHA256
- e2b2f10f3a203a05083e9731a2e39ffac4853a08292a48c377b04cd3b1b3b936
-
00070#Historic_Trading_Multiples_QR_5yr.xls
- Size
- 744KiB (761344 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Historic_Trading_Multiples_QR, Subject: 1.010, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:42:36 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 4c0a91e24581e999a7e3013638ed9cec
- SHA1
- b7f765f64649609b546c2860926f4b14708a41dc
- SHA256
- f5e3194cb777ea5ae8e80d9bba2613ed633839f4bc1548a61f771a6947979744
-
00071#Historic_Trading_Multiples_QR_5yr_Banks.xls
- Size
- 300KiB (307200 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Historic_Trading_Multiples_QR_Banks, Subject: 1.006, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:42:47 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- e7baa55915d60dd17a312c0fc790bf55
- SHA1
- c803c539581cca92f0500c1914ecdf310b0cd95b
- SHA256
- d42f847d2f1105bce2e76d1e50cc302b7e41585fba78a166c78acba4b5b5719c
-
00072#Historic_Trading_Multiples_QR_5yr_Insurance.xls
- Size
- 349KiB (356864 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Historic_Trading_Multiples_QR_Insurance, Subject: 1.006, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:42:58 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 6dcb28cbf02ccf9f74399649f794a193
- SHA1
- dc1f3fba69cdeff17f7666d87a976e0c150d3e04
- SHA256
- ff9f52ed6411f713dfb5f420536907a70bc35db8ceaf5a336f115649e672b875
-
00073#Historic_Trading_Multiples_QR_Banks.xls
- Size
- 325KiB (332288 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Historic_Trading_Multiples_QR_Banks, Subject: 1.013, Author: infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:43:09 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 9e4d2e02457cdf4dcc38fe38cb4828d5
- SHA1
- 66cf82e155f37c9ef4b0118d2b17a1a5afcaa4be
- SHA256
- e1666f5d46e16c1ffdd315fb843c42bbba34c3a73366b1e4f299799eba2a7e57
-
00074#Historic_Trading_Multiples_QR_Insurance.xls
- Size
- 383KiB (392192 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- d996309d0c237dca8da05804616a5852
- SHA1
- 47e05165f6fb3ad946d5c79a7e782645c217f807
- SHA256
- fbbb8995f13a3d0541cf19301774c214da09e404c3a7565b833f20c70c5c8e4c
-
00075#Trading_Multiples_QR.xls
- Size
- 2.5MiB (2588160 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Trading_Multiples_QR, Subject: 1.012, Author: FB, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Nov 25 08:33:45 2011, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:43:35 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 2a730df5802f60cfbe1198b003fc0caa
- SHA1
- 5f82b6dd4fc84dcde6f1a8094090c95356a75b60
- SHA256
- 87e936fe099b899946f67739f176196a0f5082a0cd328b870eab88f1fcc456a0
-
00076#Trading_Multiples_QR.xlsm
- Size
- 2.3MiB (2415540 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 000f93e56cb23e1d40c8c417c6c48636
- SHA1
- ef17f62d1a4e93d827d64d50765200bc518f2772
- SHA256
- 24a693064d044a8818428434a3d2399b1db7cb0404daf009325ed538f36e0818
-
00077#Trading_Multiples_QR_Banks.xls
- Size
- 564KiB (577536 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- bc829d16d04f5027c90035e4afaeb93b
- SHA1
- d094938d8ddcf629df1f35f6445be45ccbcb475a
- SHA256
- ad185880cef8163447bd9349d9ee44de7364ab2aaa8d46f50ad1be813288410c
-
00078#Trading_Multiples_QR_Insurance.xls
- Size
- 522KiB (534528 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Trading_Multiples_QR_Insurance, Subject: 1.012, Author: FB, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Nov 25 08:33:45 2011, Create Time/Date: Tue Mar 15 17:07:58 2005, Last Saved Time/Date: Wed Sep 27 09:44:13 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- aa2af0795ce0d0541788cc16d849bd2c
- SHA1
- 4804cfac1431f3b6e96d680fdf1e0309dc5e3b26
- SHA256
- 3db76105a2c3a25a6e136395ee0240f010de5d9562f1b2a27bb1a06aea5523c8
-
00079#BetaCalculator.xls
- Size
- 752KiB (769536 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: BetaCalculator, Subject: 1.014, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Tue Dec 8 14:53:07 2009, Create Time/Date: Mon Dec 20 17:50:16 2004, Last Saved Time/Date: Wed Sep 27 09:48:54 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- ebf68167c11abd56c46124c43731235d
- SHA1
- 429b09b6ea877fd8d6a39a62761eda119eb5545d
- SHA256
- 84636c29339551fb55ba14e9e25db713fb002a8d9818927c22223c84c6e4d6bc
-
00080#BetaCalculator_T-Statistics.xls
- Size
- 584KiB (597504 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: BetaCalculator_T-Statistics, Subject: 1.008, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Thu Oct 22 12:49:32 2009, Create Time/Date: Mon Dec 20 17:50:16 2004, Last Saved Time/Date: Wed Sep 27 09:48:55 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- df07308de7c415fbc34f1ed2f9be0525
- SHA1
- 6c7673b1e1049661d1aa569e7198079a34cf0412
- SHA256
- c80330b1307b637a565f394f9a4ebf73eb411a5c7578ac61f2b34d7e83c0d97d
-
00081#market.xls
- Size
- 1.4MiB (1498624 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: market, Subject: 1.009, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Thu Aug 13 10:49:55 2009, Create Time/Date: Tue Aug 26 09:40:02 2008, Last Saved Time/Date: Wed Sep 27 09:48:57 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 7478da464de15229716d83d3284d0001
- SHA1
- 7d035935442f0988becc01ffcd4e991b8fa5ee4a
- SHA256
- 9e900621ed77672e4901f4c9c09fbf9cc1b48db82b40f96129cecf70ef423ccf
-
00082#Market_Cap_History.xls
- Size
- 963KiB (985600 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: market, Subject: 1.009, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Wed Feb 19 14:09:48 2014, Create Time/Date: Tue Aug 26 09:40:02 2008, Last Saved Time/Date: Wed Sep 27 09:48:59 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 05bd4d39656b83d070259929fb06625e
- SHA1
- d7c6ff360fab619b8c961aa2a19e81f4fe7f65d1
- SHA256
- 2440c79f7af9fd78adf73aee41c9f7801d5910d2526d5310a3b1770379def5b3
-
00083#market_rebased.xls
- Size
- 533KiB (545280 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: market_rebased, Subject: 1.011, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Sep 18 15:24:43 2009, Create Time/Date: Tue Aug 26 09:40:02 2008, Last Saved Time/Date: Wed Sep 27 09:49:01 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 7d9f8ade2f25e563777758fb67423c05
- SHA1
- d1195245d5bb544ecf3e8287776a8edc9547ec6d
- SHA256
- 3e877ad025c4a345ecb9b744034d9096f335d246e4c4cd14cf4957c726683776
-
00084#market_rebased_pr.xls
- Size
- 1.6MiB (1680384 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: market_rebased_pr, Subject: 1.011, Author: FBO, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Sep 18 15:24:43 2009, Create Time/Date: Tue Aug 26 09:40:02 2008, Last Saved Time/Date: Wed Sep 27 09:49:03 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 9a422f01acec70b305bb574a361773c6
- SHA1
- feecffe24d271e74e34b44025cba5781aee0ae1c
- SHA256
- 46317fc1ca3df6310ef3718b95cb8610698724af4ffc3ef3cbb4716a1c7eea33
-
00085#Multi_Beta_Calculator_Weekly.xls
- Size
- 2.1MiB (2221056 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Multi_Beta_Calculator_Weekly, Subject: 1.019, Author: Alyse, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Sep 2 09:53:15 2011, Last Saved Time/Date: Wed Sep 27 09:49:04 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 9d728f11fdfde62058df34ae3061b000
- SHA1
- 215301ef74e6ff55f90e920888db96197af710ae
- SHA256
- 989501f041aee76e7d42a3043a5bcce28a78e8ef54ba467a3ac134cd06207e63
-
00086#Stock_Market_History.xls
- Size
- 615KiB (629760 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: AMD, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Dec 10 14:10:42 2012, Last Saved Time/Date: Wed Sep 27 09:47:14 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- d17c3783c7ccf9ad92122467c1a3d43c
- SHA1
- 3a04fa4dec1e686b54233a5d6c1a11100329531d
- SHA256
- f71be4c5833da406f36a84b813a990c2ae6d82d075ba3bce7d58a3e0757156df
-
00087#Stock_Performance_Model.xls
- Size
- 722KiB (739328 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Stock Perfomance, Subject: 1.003, Author: Alyse, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Dec 14 14:52:26 2011, Last Saved Time/Date: Wed Sep 27 09:49:06 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 82ab95fe518c48e091edc54727c7c325
- SHA1
- 2e6fbc0131bfc8e5a346cf701ed8443ca9c65bd0
- SHA256
- 4c3b3c3e59f8ca8d9d1d408aea0335ef1a1eb5f82e3d0f1b7f7d15034aa8ff9d
-
00088#Volatility.xls
- Size
- 609KiB (623616 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Volatility, Subject: 1.012, Author: Infinancials, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Thu Oct 22 12:49:32 2009, Create Time/Date: Mon Dec 20 17:50:16 2004, Last Saved Time/Date: Wed Sep 27 09:49:07 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 1615e498b31c0b5c289cac47f14d2f2d
- SHA1
- b2d59e25cdd5dd967e3c0e65f1a41da4644f6234
- SHA256
- 0c4c7f930299a820e2299ff74bbe81dda1ac374647519e1fb5473c3d855226ff
-
00089#Volatility_Calculator.xlsm
- Size
- 284KiB (291206 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 552073f46ab2f81e827dfb01e18ece46
- SHA1
- c32699ea3c49a9a62cfdd0b6802487639902856c
- SHA256
- 4eddbf1e7d6ef594006b4aad319cbe98e9c2529211626f1ab455d82a7db2dce4
-
00090#Ratios_QR.xls
- Size
- 2.7MiB (2834432 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Ratios_QR, Subject: 1.010, Author: Jse, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Sep 11 13:46:38 2009, Create Time/Date: Tue Jul 7 13:18:23 2009, Last Saved Time/Date: Wed Sep 27 09:49:48 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- e73600c8f4449523b0ffa4d3496e1412
- SHA1
- 68c4544821c8c4ceab1cb1f75c4d010ac6e887b8
- SHA256
- cf3e4b7c9cc57179afa69243f036fd43152d0232e9d892369883bdb389bd311c
-
00091#Ratios_QR.xlsm
- Size
- 653KiB (668751 bytes)
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 2b2cf2cbfb2b8db96914d090451eae25
- SHA1
- 2bff271fa0dc11ebfd6a06c0e38d79fe358a7c6b
- SHA256
- 0d8603f662b03131758697cb26a4fd9de2a2b443dea3e8425685a04704005794
-
00092#Ratios_QR_Banks.xls
- Size
- 1.4MiB (1421824 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Ratios_QR_Banks, Subject: 1.010, Author: Jse, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Jul 17 10:44:49 2009, Create Time/Date: Tue Jul 7 13:18:23 2009, Last Saved Time/Date: Wed Sep 27 09:50:10 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 8deaef8851a19b33483541bb619769f5
- SHA1
- 2afd9bf0fdc45a1ee21b08c3ecae9120d7ce6239
- SHA256
- 634e6d01b2cbe8203d44725b01dba24f05eff40e261462a4f3ca7bceeaf4a594
-
00093#Ratios_QR_Insurance.xls
- Size
- 1.8MiB (1872896 bytes)
- Type
- xls office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Ratios_QR_Insurance, Subject: 1.010, Author: Jse, Last Saved By: Gary Hacoun, Name of Creating Application: Microsoft Excel, Last Printed: Fri Jul 17 10:44:49 2009, Create Time/Date: Tue Jul 7 13:18:23 2009, Last Saved Time/Date: Wed Sep 27 09:50:24 2017, Security: 0
- Runtime Process
- InfinancialsExcelAddin2.1.exe (PID: 2380)
- MD5
- 2ee00b58d46aa847c11c5d2c0bf6e05f
- SHA1
- f6a1d12ea64e9d7c2d1b6928c0f321f10643e3e4
- SHA256
- 02cd517bbe0efe1a1947cd001cc75dddfb5dece5aa26acd090dba49b8e2cf034
-
Uninstall Infront Analytics Excel Add-in.lnk
- Size
- 1.4KiB (1456 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Mar 19 09:49:26 2018, mtime=Mon Mar 19 09:49:26 2018, atime=Sat Mar 4 14:22:58 2017, length=585400, window=hide
- MD5
- ebc40cea00850dff6d807ed87bebadcc
- SHA1
- c488655f635d6a1373b96d1b7927c5e634f94854
- SHA256
- 1ab48a84846fd5675f64e098e351619e81ae2974a4190e43b94d23a67319bc4f
-
Open Excel Add-in folder.lnk
- Size
- 1.2KiB (1220 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Directory, ctime=Mon Mar 19 09:49:25 2018, mtime=Mon Mar 19 09:49:28 2018, atime=Mon Mar 19 09:49:28 2018, length=4096, window=hide
- MD5
- 262962135e00852de1d6251cabb420b1
- SHA1
- 44cd27bfe7a6d29ba21a15f280e0da9cbd7a09ed
- SHA256
- d4ed82280c64b312098011d7e58ce8b12efdf54d7f8ef3bddb3b966e8e76f671
-
Infront Analytics Excel Add-in.lnk
- Size
- 2.3KiB (2373 bytes)
- MD5
- b7036714721c57a1b64266c22ecf9152
- SHA1
- 06afa97c087a8903427eea346a0d0c0fd0a48f6c
- SHA256
- 6ef426f8964d1c12142f2df8b46155872c9ec6d59f2f2f8df30b6cb1aca0f3bb
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Extracted file "00009#IfProtocol.exe" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/b21549a1a5c6431c0ccf10dfd75524bf139f7fafceec0e3674cf767a901aaf26/analysis/1521457096/")
- Extracted file "00010#Infront.dll" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/60d413779987e2f189d77326ef478631c52fc42e2af147189acda0b1d6985347/analysis/1521457071/")
- Extracted file "00013#libcurld.dll" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/06d55cdc47885bab0cf9d74188c87771bc021d30dbdf1e6e5aefbe20290336d7/analysis/1521457088/")
- Extracted file "00023#CloseExcelEngine.vbs" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/00f355c6a117c170f71f34b6fff9931442e3dce76bb4d197a6e50559a3e7cfcd/analysis/1521457082/")
- Extracted file "00027#Run Vbs.cmd" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/033a486517cd58df3313c36afcb692e36b65552f779a4a001cc4f70f823197d4/analysis/1521457066/")
- Extracted file "00038#estimates_jcf_Ins.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/c5f48c9f706821101cb6104c90ab3355dad7c2c2182a13f4d33e55ef87df000f/analysis/1521457070/")
- Extracted file "00039#fundamentals_factset_banks.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/d182cd33df0681409d7690101772112a59a3085dbd3bff81a45bbed3b4a3c1e1/analysis/1521457097/")
- Extracted file "00040#fundamentals_factset_finance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/b120c27ceb37c7699d60ee6112dbeb99d82f67faaf10dadb297123bf19ffd40a/analysis/1521457064/")
- Extracted file "00044#fundamentals_factset_interim_finance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/f2b55caee29f52d903e5a5046b9e834d92c463a3700346f2b75d9e8f0b1c5153/analysis/1521457065/")
- Extracted file "00053#fundamentals_wvb_finance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/4169069f0c89ceed2a2df5cb9d3dd33fd7b3150c2dfcd5de2151a3f4ad48b0b3/analysis/1521457063/")
- Extracted file "00055#fundamentals_wvb_interim_5yr_banks.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/3294c1c7ff68984ccfbe1aa68d894de71d152a32ddf391f1cc4ffa659fa1b71c/analysis/1521457033/")
- Extracted file "00056#fundamentals_wvb_interim_5yr_finance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/0c919437bc11202173b552cad2aa7da72eae83ee64898146d497dcd33a01daeb/analysis/1521457043/")
- Extracted file "00057#fundamentals_wvb_interim_5yr_Industrials.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/f7a8b566733b725eb668ce2933144948db0c9e0688f45f4810203db43b46aae1/analysis/1521457098/")
- Extracted file "00058#fundamentals_wvb_interim_5yr_insurance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/639f4c656f9a7da4fd61114e7ab795eb7f1404f36509a14f3908a0e61bc8353a/analysis/1521457079/")
- Extracted file "00060#fundamentals_wvb_interim_finance.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/e51c66ed37f2cacf5b1cbb6cd554ea38bf3ed891d4b8ce112a268241f3457fff/analysis/1521457089/")
- Extracted file "00068#Histo_Forward_Multiples_at_date.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/c459f5d498080439054a17dc3d04c12c1cf1fc2216b2616f397279e8a264b0f0/analysis/1521457082/")
- Extracted file "00069#Historic_Trading_Multiples_QR.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/e2b2f10f3a203a05083e9731a2e39ffac4853a08292a48c377b04cd3b1b3b936/analysis/1521457092/")
- Extracted file "00071#Historic_Trading_Multiples_QR_5yr_Banks.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/d42f847d2f1105bce2e76d1e50cc302b7e41585fba78a166c78acba4b5b5719c/analysis/1521457072/")
- Extracted file "00073#Historic_Trading_Multiples_QR_Banks.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/e1666f5d46e16c1ffdd315fb843c42bbba34c3a73366b1e4f299799eba2a7e57/analysis/1521457074/")
- Extracted file "00080#BetaCalculator_T-Statistics.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/c80330b1307b637a565f394f9a4ebf73eb411a5c7578ac61f2b34d7e83c0d97d/analysis/1521457101/")
- Extracted file "00082#Market_Cap_History.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/2440c79f7af9fd78adf73aee41c9f7801d5910d2526d5310a3b1770379def5b3/analysis/1521457078/")
- Extracted file "00083#market_rebased.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/3e877ad025c4a345ecb9b744034d9096f335d246e4c4cd14cf4957c726683776/analysis/1521457035/")
- Extracted file "00084#market_rebased_pr.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/46317fc1ca3df6310ef3718b95cb8610698724af4ffc3ef3cbb4716a1c7eea33/analysis/1521457042/")
- Extracted file "00086#Stock_Market_History.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/f71be4c5833da406f36a84b813a990c2ae6d82d075ba3bce7d58a3e0757156df/analysis/1521457069/")
- Extracted file "00088#Volatility.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/0c4c7f930299a820e2299ff74bbe81dda1ac374647519e1fb5473c3d855226ff/analysis/1521457095/")
- Extracted file "00090#Ratios_QR.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/cf3e4b7c9cc57179afa69243f036fd43152d0232e9d892369883bdb389bd311c/analysis/1521457032/")
- Extracted file "estimates.xls" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/d835d856817f501732ea3e2bdf458d9eab0f08dd6c8454356e13665c9432549a/analysis/1521457061/")
- Not all file accesses are visible for cacls.exe (PID: 3632)
- Not all file accesses are visible for cacls.exe (PID: 3676)
- Not all file accesses are visible for cacls.exe (PID: 3740)
- Not all sources for indicator ID "api-25" are available in the report
- Not all sources for indicator ID "api-4" are available in the report
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-70" are available in the report
- Not all sources for indicator ID "api-9" are available in the report
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "registry-25" are available in the report
- Not all sources for indicator ID "registry-55" are available in the report
- Not all sources for indicator ID "string-64" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)
- Some low-level data is hidden, as this is only a slim report