× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c
Dateiname: 3bfef6c294d5d28f167d7880dc2ea504
Erkennungsrate: 4 / 55
Analyse-Datum: 2016-08-22 09:37:04 UTC ( vor 2 Jahre, 9 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
AhnLab-V3 W97M/Downloader 20160822
Avira (no cloud) HEUR/Macro.Downloader 20160822
Ikarus Trojan-Downloader.VBA.Agent 20160822
Qihoo-360 virus.office.obfuscated.1 20160822
Ad-Aware 20160822
AegisLab 20160822
Alibaba 20160822
ALYac 20160822
Antiy-AVL 20160822
Arcabit 20160822
Avast 20160822
AVG 20160822
AVware 20160822
Baidu 20160820
BitDefender 20160822
Bkav 20160820
CAT-QuickHeal 20160822
ClamAV 20160822
CMC 20160822
Comodo 20160822
Cyren 20160822
DrWeb 20160822
Emsisoft 20160822
ESET-NOD32 20160822
F-Prot 20160822
Fortinet 20160822
GData 20160822
Jiangmin 20160822
K7AntiVirus 20160822
K7GW 20160822
Kaspersky 20160822
Kingsoft 20160822
Malwarebytes 20160822
McAfee 20160822
McAfee-GW-Edition 20160822
Microsoft 20160822
eScan 20160822
NANO-Antivirus 20160822
nProtect None
Panda 20160821
Rising 20160822
Sophos AV 20160822
SUPERAntiSpyware 20160822
Symantec 20160822
Tencent 20160822
TheHacker 20160821
TotalDefense 20160822
TrendMicro 20160822
TrendMicro-HouseCall 20160822
VBA32 20160819
VIPRE 20160822
ViRobot 20160822
Yandex 20160821
Zillya 20160820
Zoner 20160822
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 42 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 12180 bytes
create-ole enum-windows handle-file obfuscated open-file write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2016-08-22T08:52:00Z
dcterms:modified
2016-08-22T08:52:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:08:22 08:52:00Z

ZipRequiredVersion
20

ModifyDate
2016:08:22 08:52:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

Creator
1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
98446
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 3e58c0f38f3debbfc79df81b7822210f
SHA1 7ffdef193ec553c2318979f54be554eec4093a37
SHA256 3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c
ssdeep
768:3kMJNsv8OjpIxjYRjvo3xcM8otA6x0wrHXXl+fW0bVB8t:3kT8KpIxjYVvo3xcM88A6x0wr310WF

File size 34.1 KB ( 34905 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file enum-windows handle-file docx macros attachment write-file create-ole

VirusTotal metadata
First submission 2016-08-22 09:37:04 UTC ( vor 2 Jahre, 9 Monate )
Last submission 2017-09-18 12:49:26 UTC ( vor 1 Jahr, 8 Monate )
Dateinamen Malware_NEW_OFFICE_3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c.docm
IMG_6407.DOCM
b1c5c3fb29a60b383768fc37ea0b631219f3f897
SCAN_0207.DOCM
FAX_4613.DOCM
FAX_5542.docm
3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c.bin
3bfef6c294d5d28f167d7880dc2ea504
DOC_6823.DOCM
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!