× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
Dateiname: CDM6396716681059.doc
Erkennungsrate: 10 / 56
Analyse-Datum: 2019-03-14 11:30:14 UTC ( vor 2 Monate, 1 Woche ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Endgame malicious (high confidence) 20190215
Fortinet VBA/Agent.NBP!tr.dldr 20190314
Ikarus Trojan-Downloader.VBA.Agent 20190314
K7AntiVirus Trojan ( 00536d111 ) 20190314
K7GW Trojan ( 00536d111 ) 20190314
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20190314
SentinelOne (Static ML) DFI - Malicious OLE 20190311
Tencent Heur.Macro.Generic.Gen.h 20190314
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20190314
Zoner Probably W97Obfuscated 20190314
Acronis 20190313
Ad-Aware 20190314
AegisLab 20190314
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190314
Antiy-AVL 20190314
Arcabit 20190314
Avast 20190314
Avast-Mobile 20190314
AVG 20190314
Avira (no cloud) 20190314
Babable 20180918
Baidu 20190306
BitDefender 20190314
Bkav 20190314
CAT-QuickHeal 20190313
ClamAV 20190314
CMC 20190314
Comodo 20190314
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190314
DrWeb 20190314
eGambit 20190314
Emsisoft 20190314
ESET-NOD32 20190314
F-Secure 20190314
GData 20190314
Sophos ML 20190313
Jiangmin 20190314
Kaspersky 20190314
Kingsoft 20190314
Malwarebytes 20190314
MAX 20190314
McAfee 20190314
McAfee-GW-Edition 20190314
Microsoft 20190314
eScan 20190314
Palo Alto Networks (Known Signatures) 20190314
Panda 20190313
Qihoo-360 20190314
Rising 20190314
Sophos AV 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190314
TheHacker 20190308
TotalDefense 20190314
Trapmine 20190301
TrendMicro-HouseCall 20190314
Trustlook 20190314
VBA32 20190314
ViRobot 20190314
Yandex 20190314
Zillya 20190313
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to hide the viewer or other applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2019-03-14 10:03:00
revision_number
1
page_count
1
word_count
1
last_saved
2019-03-14 10:03:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
10
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
10
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3584
type_literal
stream
sid
19
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7486
type_literal
stream
sid
1
name
Data
size
65344
type_literal
stream
sid
18
name
Macros/PROJECT
size
470
type_literal
stream
sid
17
name
Macros/PROJECTwm
size
77
type_literal
stream
sid
8
type
macro
name
Macros/VBA/EooGUxB
size
13484
type_literal
stream
sid
12
type
macro
name
Macros/VBA/HoAcU1c
size
18133
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
46617
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
1346
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
110
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
436
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
187
type_literal
stream
sid
14
name
Macros/VBA/dir
size
604
type_literal
stream
sid
11
type
macro
name
Macros/VBA/uAZGZ_Z1
size
67278
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] EooGUxB.cls Macros/VBA/EooGUxB 8013 bytes
obfuscated
[+] uAZGZ_Z1.bas Macros/VBA/uAZGZ_Z1 43146 bytes
obfuscated
[+] HoAcU1c.bas Macros/VBA/HoAcU1c 11472 bytes
hide-app obfuscated
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
10

CreateDate
2019:03:14 09:03:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2019:03:14 09:03:00

Characters
10

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
1

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 d2b360bbbf6548e29b77452f6f617741
SHA1 8d1b9f84b65dd61576bdc801c219177f26c00b4e
SHA256 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
ssdeep
6144:T77HUUUUUUUUUUUUUUUUUUUT52VMqiruEPRDLneFyn816Wwv5:T77HUUUUUUUUUUUUUUUUUUUTCouEPRDb

File size 247.0 KB ( 252928 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Mar 13 09:03:00 2019, Last Saved Time/Date: Wed Mar 13 09:03:00 2019, Number of Pages: 1, Number of Words: 1, Number of Characters: 10, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros hide-app doc

VirusTotal metadata
First submission 2019-03-14 11:30:14 UTC ( vor 2 Monate, 1 Woche )
Last submission 2019-03-15 06:33:04 UTC ( vor 2 Monate, 1 Woche )
Dateinamen CDM6396716681059.doc
583376826209546862.doc
783644621161.doc
4776614079084111.doc
DET15338015198.doc
emotet_e2_7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698_2019-03-14__113512.doc
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!