× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: d6f6dceb16aa9edbf07aa1464ac605899c573866a2d8e73b5bcdb6af160cbcd2
Име на файла: Invoice.doc
Съотношение на разпознаване: 7 / 60
Дата на анализиране: 2018-04-13 10:13:28 UTC (преди 1 година, 1 месец) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Arcabit HEUR.VBA.Trojan.e 20180413
Fortinet VBA/Agent.HQA!tr.dldr 20180413
Ikarus Trojan.VBA.Agent 20180413
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180413
nProtect Suspicious/W97M.Obfus.Gen 20180413
Qihoo-360 virus.office.qexvmc.1070 20180413
Zoner Probably W97Shell 20180412
Ad-Aware 20180413
AegisLab 20180413
AhnLab-V3 20180412
Alibaba 20180413
ALYac 20180413
Antiy-AVL 20180412
Avast 20180413
Avast-Mobile 20180413
AVG 20180413
Avira (no cloud) 20180413
AVware 20180413
Baidu 20180413
BitDefender 20180413
Bkav 20180410
CAT-QuickHeal 20180413
ClamAV 20180413
CMC 20180413
Comodo 20180413
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180413
Cyren 20180413
DrWeb 20180413
eGambit 20180413
Emsisoft 20180413
Endgame 20180402
ESET-NOD32 20180413
F-Prot 20180413
F-Secure 20180413
GData 20180413
Sophos ML 20180120
Jiangmin 20180413
K7AntiVirus 20180413
K7GW 20180413
Kaspersky 20180413
Kingsoft 20180413
Malwarebytes 20180413
MAX 20180413
McAfee 20180413
McAfee-GW-Edition 20180413
Microsoft 20180413
eScan 20180413
Palo Alto Networks (Known Signatures) 20180413
Panda 20180412
Rising 20180413
SentinelOne (Static ML) 20180225
Sophos AV 20180413
SUPERAntiSpyware 20180413
Symantec 20180413
Symantec Mobile Insight 20180411
Tencent 20180413
TheHacker 20180410
TotalDefense 20180413
TrendMicro 20180413
TrendMicro-HouseCall 20180413
Trustlook 20180413
VBA32 20180412
VIPRE 20180413
ViRobot 20180413
Webroot 20180413
WhiteArmor 20180408
Yandex 20180412
Zillya 20180412
ZoneAlarm by Check Point 20180413
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-04-13 11:45:00
author
Bafiny
title
Bafinyra
page_count
1
last_saved
2018-04-13 11:45:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
template
Normal.dotm
code_page
Latin I
subject
Bafiny
Document summary
category
Bafinyra
line_count
1
company
Bafinyra
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
6336
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
336
type_literal
stream
sid
4
name
\x05SummaryInformation
size
420
type_literal
stream
sid
2
name
1Table
size
7896
type_literal
stream
sid
1
name
Data
size
22283
type_literal
stream
sid
18
name
Macros/PROJECT
size
542
type_literal
stream
sid
19
name
Macros/PROJECTwm
size
143
type_literal
stream
sid
15
type
macro
name
Macros/VBA/KfROMfHjAjNS
size
40880
type_literal
stream
sid
14
type
macro
name
Macros/VBA/MjkRKumZff
size
1870
type_literal
stream
sid
16
name
Macros/VBA/_VBA_PROJECT
size
26664
type_literal
stream
sid
9
name
Macros/VBA/__SRP_0
size
1363
type_literal
stream
sid
10
name
Macros/VBA/__SRP_1
size
114
type_literal
stream
sid
11
name
Macros/VBA/__SRP_2
size
292
type_literal
stream
sid
12
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
8
name
Macros/VBA/dir
size
692
type_literal
stream
sid
13
type
macro
name
Macros/VBA/lNzYzNij
size
7070
type_literal
stream
sid
17
type
macro
name
Macros/VBA/rzqNCFLHKSidt
size
27026
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] MjkRKumZff.cls Macros/VBA/MjkRKumZff 326 bytes
[+] KfROMfHjAjNS.bas Macros/VBA/KfROMfHjAjNS 21432 bytes
email-pattern
[+] rzqNCFLHKSidt.bas Macros/VBA/rzqNCFLHKSidt 13685 bytes
obfuscated run-file
[+] lNzYzNij.bas Macros/VBA/lNzYzNij 3285 bytes
ExifTool file metadata
Category
Bafinyra

SharedDoc
No

Author
Bafiny

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:04:13 09:45:00

Company
Bafinyra

Title
Bafinyra

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:04:13 09:45:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
Bafiny

File identification
MD5 0aa7378d7be2c0c7a852370e6ccb593b
SHA1 37cb3e48e899198a4c92fe08c1be2dbd9309e8ea
SHA256 d6f6dceb16aa9edbf07aa1464ac605899c573866a2d8e73b5bcdb6af160cbcd2
ssdeep
3072:z2hxALKFgMeZjzF1KqVW6ApCgtM7WIkMwIXo7ApVAXt:zE1YjJY65TgtM7WPMlYEpVAd

File size 153.5 KB ( 157184 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Bafinyra, Subject: Bafiny, Author: Bafiny, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Apr 12 10:45:00 2018, Last Saved Time/Date: Thu Apr 12 10:45:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
email-pattern obfuscated run-file doc macros

VirusTotal metadata
First submission 2018-04-13 10:13:28 UTC (преди 1 година, 1 месец)
Last submission 2018-05-10 23:58:22 UTC (преди 1 година)
Имена на файла Outstanding Invoices.doc
Invoice Number 626965.doc
Invoice for you.doc
Service Report (9272).doc
Question.doc
Invoice Number 05409.doc
Paid Invoices.doc
Fwd: ACH form.doc
Invoice.doc
Invoices Overdue.doc
8 Past Due Invoices.doc
Need to send the attachment.doc
fe32235683c7cd9ffeca8b060f6e55a603bf444f
Past Due Invoices.doc
48.doc
Paid Invoice.doc
Document needed.doc
Invoice #9443822.doc
Important Please Read.doc
Overdue payment.doc
Past Due Invoice.doc
Open invoices.doc
56.doc
Invoices attached.doc
Summit Companies Invoice #7074923.doc
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!