× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 882e41a5859363452385058da9d1c723406272d1bda5cfd9046115dfc4945e63
Filnavn: copy_wt_0717.doc
Opdagelses forhold: 11 / 57
Undersøgelses dato: 2017-07-06 05:43:41 UTC ( 1 år, 10 månederiden ) Se seneste
Antivirus Resultat Opdatere
Arcabit HEUR.VBA.Trojan.e 20170706
Baidu VBA.Trojan.Agent.ai 20170706
Cyren W97M/Agent 20170706
F-Prot New or modified W97M/Agent 20170706
Kaspersky HEUR:Trojan.Script.Agent.gen 20170706
Microsoft Trojan:O97M/Madeba.A!det 20170706
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170706
Sophos AV Troj/DocDl-JNK 20170706
TrendMicro W2KM_POWLOAD.AUSJQM 20170706
TrendMicro-HouseCall W2KM_POWLOAD.AUSJQM 20170706
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170706
Ad-Aware 20170706
AegisLab 20170706
AhnLab-V3 20170706
Alibaba 20170706
ALYac 20170706
Antiy-AVL 20170706
Avast 20170706
AVG 20170706
Avira (no cloud) 20170705
AVware 20170706
BitDefender 20170706
Bkav 20170706
CAT-QuickHeal 20170706
ClamAV 20170706
CMC 20170706
Comodo 20170706
CrowdStrike Falcon (ML) 20170420
DrWeb 20170706
Emsisoft 20170706
Endgame 20170629
ESET-NOD32 20170706
F-Secure 20170706
Fortinet 20170629
GData 20170706
Ikarus 20170705
Sophos ML 20170607
Jiangmin 20170706
K7AntiVirus 20170706
K7GW 20170706
Kingsoft 20170706
Malwarebytes 20170706
MAX 20170706
McAfee 20170706
McAfee-GW-Edition 20170705
eScan 20170706
nProtect 20170706
Palo Alto Networks (Known Signatures) 20170706
Panda 20170705
Rising 20170706
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170706
Symantec 20170706
Symantec Mobile Insight 20170705
Tencent 20170706
TheHacker 20170704
TotalDefense 20170706
Trustlook 20170706
VBA32 20170705
VIPRE 20170706
ViRobot 20170706
Webroot 20170706
WhiteArmor 20170706
Yandex 20170705
Zillya 20170705
Zoner 20170706
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
admin
creation_datetime
2017-07-05 19:05:00
author
admin
title
Short message
page_count
1
last_saved
2017-07-05 19:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
subject
My message
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
106496
company
Salve
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
10432
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7691
type_literal
stream
sid
1
name
Data
size
85595
type_literal
stream
sid
19
name
Macros/PROJECT
size
492
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
122
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
2180
type_literal
stream
sid
11
type
macro
name
Macros/VBA/XKkJIO
size
10364
type_literal
stream
sid
14
name
Macros/VBA/_VBA_PROJECT
size
5742
type_literal
stream
sid
16
name
Macros/VBA/__SRP_0
size
2034
type_literal
stream
sid
17
name
Macros/VBA/__SRP_1
size
198
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
708
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
206
type_literal
stream
sid
15
name
Macros/VBA/dir
size
763
type_literal
stream
sid
13
type
macro
name
Macros/VBA/lJ4i0bcSV
size
3301
type_literal
stream
sid
12
type
macro
name
Macros/VBA/rtUiksIzy
size
6802
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 308 bytes
[+] XKkJIO.bas Macros/VBA/XKkJIO 3883 bytes
[+] rtUiksIzy.bas Macros/VBA/rtUiksIzy 2298 bytes
[+] lJ4i0bcSV.bas Macros/VBA/lJ4i0bcSV 941 bytes
run-file
ExifTool file metadata
SharedDoc
No

Author
admin

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:07:05 18:05:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:07:05 18:05:00

Company
Salve

Title
Short message

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
106496

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Subject
My message

File identification
MD5 2735b4c2980656229b0345c2732cb74f
SHA1 85f1e48c50e3aa29e6d00d73ece27d59ad03661d
SHA256 882e41a5859363452385058da9d1c723406272d1bda5cfd9046115dfc4945e63
ssdeep
3072:74yWH1+Vo8NQHvKoM55/zXT554EbKhhH2BwCqi:M1hKoYdzD5rchW

File size 144.0 KB ( 147456 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: Short message, Subject: My message, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jul 04 18:05:00 2017, Last Saved Time/Date: Tue Jul 04 18:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros run-file doc

VirusTotal metadata
First submission 2017-07-06 05:43:41 UTC ( 1 år, 10 månederiden )
Last submission 2017-07-06 05:43:41 UTC ( 1 år, 10 månederiden )
Filnavne copy_wt_0717.doc
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!