× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 5812d3933ee62d52d3cf540b00751bec5d54182b5a4e9231b60b3f469451f8c9
Име на файла: PGPMessage04834838.doc
Съотношение на разпознаване: 4 / 56
Дата на анализиране: 2016-09-08 14:19:06 UTC (преди 2 години, 8 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
AVware LooksLike.Macro.Malware.n (v) 20160908
Qihoo-360 virus.office.obfuscated.1 20160908
Rising Trojan.Obfus/VBA!1.A609 (classic) 20160908
VIPRE LooksLike.Macro.Malware.n (v) 20160908
Ad-Aware 20160908
AegisLab 20160908
AhnLab-V3 20160908
Alibaba 20160908
ALYac 20160908
Antiy-AVL 20160908
Arcabit 20160908
Avast 20160908
AVG 20160908
Avira (no cloud) 20160908
Baidu 20160908
BitDefender 20160908
Bkav 20160908
CAT-QuickHeal 20160907
ClamAV 20160907
CMC 20160908
Comodo 20160908
Cyren 20160908
DrWeb 20160908
Emsisoft 20160908
ESET-NOD32 20160908
F-Prot 20160908
F-Secure 20160908
Fortinet 20160908
GData 20160908
Ikarus 20160908
Sophos ML 20160830
Jiangmin 20160908
K7AntiVirus 20160908
K7GW 20160908
Kaspersky 20160908
Kingsoft 20160908
Malwarebytes 20160908
McAfee 20160908
McAfee-GW-Edition 20160908
Microsoft 20160908
eScan 20160908
NANO-Antivirus 20160908
nProtect 20160908
Panda 20160908
Sophos AV 20160908
SUPERAntiSpyware 20160908
Symantec 20160908
Tencent 20160908
TheHacker 20160908
TotalDefense 20160907
TrendMicro 20160908
TrendMicro-HouseCall 20160908
VBA32 20160907
ViRobot 20160908
Yandex 20160908
Zillya 20160908
Zoner 20160908
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May try to run other files, shell commands or applications.
May attempt to create directories.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2016-09-08 13:04:00
template
Normal
author
User
page_count
2
last_saved
2016-09-08 13:04:00
word_count
2
revision_number
2
application_name
Microsoft Office Word
character_count
17
code_page
Latin I
Document summary
line_count
1
company
Home
characters_with_spaces
18
version
983040
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
6016
type_literal
stream
size
146
name
\x01CompObj
sid
17
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
9932
name
1Table
sid
2
type_literal
stream
size
14187
name
Data
sid
1
type_literal
stream
size
367
name
Macros/PROJECT
sid
16
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
15
type_literal
stream
size
4743
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
2841
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
1188
name
Macros/VBA/__SRP_0
sid
13
type_literal
stream
size
102
name
Macros/VBA/__SRP_1
sid
14
type_literal
stream
size
364
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
140
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
522
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 2594 bytes
exe-pattern auto-open create-dir create-ole obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
User

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
, 1, , 1

Template
Normal

CharCountWithSpaces
18

CreateDate
2016:09:08 12:04:00

ModifyDate
2016:09:08 12:04:00

TitleOfParts
,

Company
Home

Characters
17

CodePage
Unicode (UTF-8)

RevisionNumber
2

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 6bc478d34ab5f5bbc551d6f0ee464074
SHA1 6e3e9abce02f4cff07e81d5ac65fa1319141cc59
SHA256 5812d3933ee62d52d3cf540b00751bec5d54182b5a4e9231b60b3f469451f8c9
ssdeep
384:usobYv4Q1D/qgF7BZP9QbGxoymoi1fvjj4LAaXiSHuT7UW17aSzzP0jC8Ls9tZGc:uNRmF8EKH1H427UW778LxsWuU8U

File size 51.0 KB ( 52224 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: User, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Sep 07 12:04:00 2016, Last Saved Time/Date: Wed Sep 07 12:04:00 2016, Number of Pages: 2, Number of Words: 2, Number of Characters: 17, Security: 0

TrID Microsoft Word document (45.7%)
Microsoft Excel sheet (42.8%)
Generic OLE2 / Multistream Compound File (11.4%)
Tags
obfuscated run-file auto-open create-dir exe-pattern doc macros create-ole

VirusTotal metadata
First submission 2016-09-08 14:19:06 UTC (преди 2 години, 8 месеци)
Last submission 2016-09-08 19:06:48 UTC (преди 2 години, 8 месеци)
Имена на файла PGPMessage04834838.doc
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!