× Les galetes no estan habilitades Aquest web requereix l'ús de galetes per funcionar correctament
SHA256: 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
Nom del fitxer: SUPEE-9789.doc
Relació de detecció: 15 / 54
Data de l'anàlisi: 2017-04-24 00:46:57 UTC ( fa 2 mesos )
Antivirus Resultat Actualitzat el
Ad-Aware VB:Trojan.Valyria.406 20170423
Arcabit HEUR.VBA.Trojan.e 20170423
BitDefender VB:Trojan.Valyria.406 20170423
Emsisoft VB:Trojan.Valyria.406 (B) 20170423
F-Secure VB:Trojan.Valyria.406 20170424
Fortinet WM/Agent.IRC!tr.dldr 20170424
GData VB:Trojan.Valyria.406 20170424
Ikarus Win32.SuspectCrc 20170423
Kaspersky HEUR:Trojan.Script.Agent.gen 20170423
Microsoft Trojan:O97M/Madeba.A!det 20170423
eScan VB:Trojan.Valyria.406 20170423
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170423
Qihoo-360 virus.office.qexvmc.1075 20170424
TrendMicro-HouseCall Suspicious_GEN.F47V0421 20170424
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170423
AegisLab 20170423
AhnLab-V3 20170423
Alibaba 20170421
ALYac 20170423
Antiy-AVL 20170423
Avast 20170423
AVG 20170423
Avira (no cloud) 20170423
AVware 20170423
Baidu 20170421
Bkav 20170422
CAT-QuickHeal 20170422
ClamAV 20170423
CMC 20170421
Comodo 20170423
CrowdStrike Falcon (ML) 20170130
Cyren 20170423
DrWeb 20170423
Endgame 20170419
ESET-NOD32 20170423
F-Prot 20170424
Invincea 20170413
Jiangmin 20170422
K7AntiVirus 20170423
K7GW 20170423
Kingsoft 20170424
Malwarebytes 20170423
McAfee 20170424
McAfee-GW-Edition 20170423
nProtect 20170424
Palo Alto Networks (Known Signatures) 20170424
Panda 20170423
Rising 20170423
SentinelOne (Static ML) 20170330
Sophos 20170423
SUPERAntiSpyware 20170423
Symantec Mobile Insight 20170422
Tencent 20170424
TheHacker 20170423
Trustlook 20170424
VBA32 20170421
VIPRE 20170424
ViRobot 20170423
Webroot 20170424
WhiteArmor 20170409
Yandex 20170421
Zillya 20170421
Zoner 20170423
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
admin
creation_datetime
2017-04-20 20:05:00
author
admin
title
info
page_count
1
last_saved
2017-04-20 20:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
94208
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7616
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7417
name
1Table
sid
2
type_literal
stream
size
73453
name
Data
sid
1
type_literal
stream
size
484
name
Macros/PROJECT
sid
19
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
18
type_literal
stream
size
2147
type
macro
name
Macros/VBA/Module1
sid
11
type_literal
stream
size
32199
type
macro
name
Macros/VBA/Module2
sid
12
type_literal
stream
size
31957
type
macro
name
Macros/VBA/Module3
sid
13
type_literal
stream
size
1127
type
macro (only attributes)
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
12400
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
1956
name
Macros/VBA/__SRP_0
sid
16
type_literal
stream
size
198
name
Macros/VBA/__SRP_1
sid
17
type_literal
stream
size
348
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
106
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
713
name
Macros/VBA/dir
sid
15
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 588 bytes
[+] Module2.bas Macros/VBA/Module2 14091 bytes
create-file create-ole handle-file open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 13779 bytes
ExifTool file metadata
SharedDoc
No

Author
admin

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:04:20 19:05:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:04:20 19:05:00

Company
home

Title
info

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
94208

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 c3d03f0eedf1b1e222130b478b3ab231
SHA1 c59897166ba1ce057ca290370af214990be9d730
SHA256 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ssdeep
3072:gTTwHo66OblnBQMFCESpcSO6iNAJWq3gouW3kVxaX:3HXRblnBvFCESpcSYouW

Mida del fitxer 180.0 KB ( 184320 bytes )
Tipus de fitxer MS Word Document
Informació avançada
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: info, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 19 19:05:00 2017, Last Saved Time/Date: Wed Apr 19 19:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file handle-file doc create-file run-file macros write-file create-ole

VirusTotal metadata
First submission 2017-04-21 07:30:11 UTC ( fa 2 mesos )
Last submission 2017-04-24 00:46:57 UTC ( fa 2 mesos )
Noms de fitxer SUPEE-9789.doc
Cap comentari. Cap membre ha fet un comentari, però podeu ser la primera persona en fer-ho!

Afegiu un comentari...

?
Publica el comentari

No heu iniciat una sessió. Només els usuaris registrats poden publicar comentaris. Inicieu la sessió i tindreu veu i vot!

Cap vot. Cap membre ha fet una votació, però podeu ser la primera persona en fer-ho!