× Les galetes no estan habilitades Aquest web requereix l'ús de galetes per funcionar correctament
SHA256: 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
Nom del fitxer: SUPEE-9789.doc
Relació de detecció: 32 / 59
Data de l'anàlisi: 2017-11-09 07:05:54 UTC ( fa 1 mes )
Antivirus Resultat Actualitzat el
Ad-Aware VB:Trojan.Valyria.406 20171110
AegisLab Troj.Script.Agent!c 20171110
ALYac VB:Trojan.Valyria.406 20171110
Antiy-AVL Trojan[Downloader]/MSOffice.Agent 20171110
Arcabit HEUR.VBA.Trojan.e 20171110
Avast VBA:Downloader-EYG [Trj] 20171110
AVG VBA:Downloader-EYG [Trj] 20171110
Avira (no cloud) W97M/Agent.88345262 20171110
Baidu VBA.Trojan-Downloader.Agent.bjw 20171109
BitDefender VB:Trojan.Valyria.406 20171110
CAT-QuickHeal W97M.Downloader.AJX 20171110
ClamAV Doc.Downloader.Heuristic-6312759-0 20171110
Cyren W97M/Agent 20171110
Emsisoft VB:Trojan.Valyria.406 (B) 20171110
ESET-NOD32 VBA/TrojanDownloader.Agent.DDI 20171110
F-Prot New or modified W97M/Agent 20171110
F-Secure VB:Trojan.Valyria.406 20171110
Fortinet WM/Agent.DDR!tr.dldr 20171110
GData Macro.Trojan-Downloader.TeslaCrypt.AC 20171110
Ikarus Trojan-Downloader.VBA.Agent 20171110
Kaspersky HEUR:Trojan.Script.Agent.gen 20171110
MAX malware (ai score=80) 20171110
McAfee W97M/Downloader.bxx 20171110
McAfee-GW-Edition W97M/Downloader.bxx 20171110
Microsoft Trojan:O97M/Madeba.A!det 20171110
eScan VB:Trojan.Valyria.406 20171110
NANO-Antivirus Trojan.Script.Agent.epyrxh 20171110
Panda O97M/Downloader 20171110
Symantec W97M.Downloader 20171109
Tencent Win32.Trojan.Agent.Szky 20171110
TrendMicro-HouseCall Suspicious_GEN.F47V1031 20171110
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20171110
AhnLab-V3 20171110
Alibaba 20170911
Avast-Mobile 20171110
AVware 20171110
Bkav 20171110
CMC 20171109
Comodo 20171110
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171110
DrWeb 20171110
eGambit 20171110
Endgame 20171024
Sophos ML 20170914
Jiangmin 20171110
K7AntiVirus 20171110
K7GW 20171110
Kingsoft 20171110
Malwarebytes 20171110
nProtect 20171110
Palo Alto Networks (Known Signatures) 20171110
Qihoo-360 20171110
Rising 20171110
SentinelOne (Static ML) 20171019
Sophos AV 20171110
SUPERAntiSpyware 20171110
Symantec Mobile Insight 20171110
TheHacker 20171102
TotalDefense 20171110
TrendMicro 20171110
Trustlook 20171110
VBA32 20171110
VIPRE 20171110
ViRobot 20171110
Webroot 20171110
WhiteArmor 20171104
Yandex 20171110
Zoner 20171110
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
admin
creation_datetime
2017-04-20 20:05:00
author
admin
title
info
page_count
1
last_saved
2017-04-20 20:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
94208
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7616
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7417
name
1Table
sid
2
type_literal
stream
size
73453
name
Data
sid
1
type_literal
stream
size
484
name
Macros/PROJECT
sid
19
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
18
type_literal
stream
size
2147
type
macro
name
Macros/VBA/Module1
sid
11
type_literal
stream
size
32199
type
macro
name
Macros/VBA/Module2
sid
12
type_literal
stream
size
31957
type
macro
name
Macros/VBA/Module3
sid
13
type_literal
stream
size
1127
type
macro (only attributes)
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
12400
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
1956
name
Macros/VBA/__SRP_0
sid
16
type_literal
stream
size
198
name
Macros/VBA/__SRP_1
sid
17
type_literal
stream
size
348
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
106
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
713
name
Macros/VBA/dir
sid
15
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 588 bytes
[+] Module2.bas Macros/VBA/Module2 14091 bytes
create-file create-ole handle-file open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 13779 bytes
ExifTool file metadata
SharedDoc
No

Author
admin

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:04:20 19:05:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:04:20 19:05:00

Company
home

Title
info

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
94208

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 c3d03f0eedf1b1e222130b478b3ab231
SHA1 c59897166ba1ce057ca290370af214990be9d730
SHA256 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ssdeep
3072:gTTwHo66OblnBQMFCESpcSO6iNAJWq3gouW3kVxaX:3HXRblnBvFCESpcSYouW

Mida del fitxer 180.0 KB ( 184320 bytes )
Tipus de fitxer MS Word Document
Informació avançada
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: info, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 19 19:05:00 2017, Last Saved Time/Date: Wed Apr 19 19:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file handle-file doc create-file run-file macros write-file create-ole

VirusTotal metadata
First submission 2017-04-21 07:30:11 UTC ( fa 7 mesos, 3 setmanes )
Last submission 2017-04-24 00:46:57 UTC ( fa 7 mesos, 3 setmanes )
Noms de fitxer SUPEE-9789.doc
Cap comentari. Cap membre ha fet un comentari, però podeu ser la primera persona en fer-ho!

Afegiu un comentari...

?
Publica el comentari

No heu iniciat una sessió. Només els usuaris registrats poden publicar comentaris. Inicieu la sessió i tindreu veu i vot!

Cap vot. Cap membre ha fet una votació, però podeu ser la primera persona en fer-ho!