× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: e1840bd44eb46df1cab0c3869e9f7c5a2b8cbe6339b28891caf97bc2af0ff3c5
نسبة الفحص: 7 / 57
تاريخ الفحص 2018-04-04 10:40:51 UTC ( 1 سنة، 1 شهر مضت ) مشاهدة الأخير
مكافح الفيروسات النتيجة التحديث
AegisLab W97M.Gen!c 20180404
Baidu VBA.Trojan-Downloader.Agent.cny 20180404
F-Secure Trojan:W97M/Nastjencro.A 20180404
Fortinet VBA/Agent.YPEZ!tr.dldr 20180404
Symantec W97M.Downloader!g28 20180404
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180404
Zoner Probably W97Obfuscated 20180403
Ad-Aware 20180404
AhnLab-V3 20180404
Alibaba 20180404
ALYac 20180404
Antiy-AVL 20180404
Arcabit 20180404
Avast 20180404
Avast-Mobile 20180404
AVG 20180404
Avira (no cloud) 20180404
AVware 20180404
BitDefender 20180404
Bkav 20180404
CAT-QuickHeal 20180404
ClamAV 20180404
CMC 20180404
Comodo 20180404
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180404
Cyren 20180404
DrWeb 20180404
eGambit 20180404
Emsisoft 20180404
Endgame 20180403
ESET-NOD32 20180404
F-Prot 20180404
GData 20180404
Sophos ML 20180121
Jiangmin 20180404
K7AntiVirus 20180404
K7GW 20180404
Kaspersky 20180404
Kingsoft 20180404
Malwarebytes 20180404
MAX 20180404
McAfee 20180404
McAfee-GW-Edition 20180404
Microsoft 20180404
eScan 20180404
NANO-Antivirus 20180404
nProtect 20180404
Palo Alto Networks (Known Signatures) 20180404
Panda 20180403
Qihoo-360 20180404
Rising 20180404
SentinelOne (Static ML) 20180225
Sophos AV 20180404
SUPERAntiSpyware 20180404
Symantec Mobile Insight 20180401
Tencent 20180404
TheHacker 20180330
TrendMicro 20180404
TrendMicro-HouseCall 20180404
Trustlook 20180404
VBA32 20180403
VIPRE 20180404
ViRobot 20180404
WhiteArmor 20180403
Yandex 20180403
Zillya 20180403
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Longer
creation_datetime
2018-04-04 10:32:00
revision_number
2
author
Longer
page_count
1
last_saved
2018-04-04 10:33:00
word_count
27
template
Normal.dotm
application_name
Microsoft Office Word
character_count
158
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
184
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14144
type_literal
stream
sid
33
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6547
type_literal
stream
sid
1
name
Data
size
5878
type_literal
stream
sid
20
name
Macros/ANIKAMAL/\x01CompObj
size
97
type_literal
stream
sid
21
name
Macros/ANIKAMAL/\x03VBFrame
size
290
type_literal
stream
sid
18
name
Macros/ANIKAMAL/f
size
547
type_literal
stream
sid
19
name
Macros/ANIKAMAL/o
size
776
type_literal
stream
sid
16
name
Macros/PROJECT
size
664
type_literal
stream
sid
27
name
Macros/PROJECTwm
size
194
type_literal
stream
sid
10
type
macro (only attributes)
name
Macros/VBA/ANIKAMAL
size
1188
type_literal
stream
sid
13
type
macro
name
Macros/VBA/ThisDocument
size
1422
type_literal
stream
sid
14
type
macro
name
Macros/VBA/VOKNEHSOKORP
size
2309
type_literal
stream
sid
15
name
Macros/VBA/_VBA_PROJECT
size
5149
type_literal
stream
sid
9
type
macro
name
Macros/VBA/aesroxfi
size
6573
type_literal
stream
sid
12
type
macro
name
Macros/VBA/artistbear
size
4880
type_literal
stream
sid
8
name
Macros/VBA/dir
size
1021
type_literal
stream
sid
11
type
macro
name
Macros/VBA/macandme
size
1872
type_literal
stream
sid
31
name
Macros/VOKNEHSOKORP/\x01CompObj
size
97
type_literal
stream
sid
32
name
Macros/VOKNEHSOKORP/\x03VBFrame
size
294
type_literal
stream
sid
29
name
Macros/VOKNEHSOKORP/f
size
535
type_literal
stream
sid
30
name
Macros/VOKNEHSOKORP/o
size
784
type_literal
stream
sid
25
name
Macros/macandme/\x01CompObj
size
97
type_literal
stream
sid
26
name
Macros/macandme/\x03VBFrame
size
292
type_literal
stream
sid
23
name
Macros/macandme/f
size
327
type_literal
stream
sid
24
name
Macros/macandme/o
size
444
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 239 bytes
[+] aesroxfi.bas Macros/VBA/aesroxfi 3484 bytes
[+] artistbear.bas Macros/VBA/artistbear 2176 bytes
obfuscated
[+] macandme.frm Macros/VBA/macandme 388 bytes
[+] VOKNEHSOKORP.frm Macros/VBA/VOKNEHSOKORP 441 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
184

CreateDate
2018:04:04 09:32:00

Word97
No

LanguageCode
English (US)

ModifyDate
2018:04:04 09:33:00

Characters
158

CodePage
Unicode (UTF-8)

RevisionNumber
2

MIMEType
application/msword

Words
27

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 1e054dc570de6fce12aa1eac279ae5ac
SHA1 1d2ffdef1f774f6bc46d8217106e42ee1f8b1a24
SHA256 e1840bd44eb46df1cab0c3869e9f7c5a2b8cbe6339b28891caf97bc2af0ff3c5
ssdeep
768:OZ09ORPKP6KCBAEV/cYHkru6kVuu9NRuP25zspeXp:OZDUIxcMf1Z3ue5IYX

File size 62.0 ك.ب ( 63488 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Apr 03 09:32:00 2018, Last Saved Time/Date: Tue Apr 03 09:33:00 2018, Number of Pages: 1, Number of Words: 27, Number of Characters: 158, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros create-ole attachment doc

VirusTotal metadata
First submission 2018-04-04 10:07:49 UTC ( 1 سنة، 1 شهر مضت )
Last submission 2018-10-23 21:05:05 UTC ( 7 أشهر مضت )
أسماء الملفات Samp(173).vir.rename
1e054dc570de6fce12aa1eac279ae5ac_doc
1e054dc570de6fce12aa1eac279ae5ac.doc
encrypted_message.doc
لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!