× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 8490ebb1fe6ff8acd8c1f43725f3a75cc1232b20926d3c83a7c5f39666735840
Dateiname: order_16358088.doc
Erkennungsrate: 8 / 55
Analyse-Datum: 2016-04-05 16:17:40 UTC ( vor 1 Jahr, 5 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Arcabit HEUR.VBA.Trojan.e 20160405
AVware LooksLike.Macro.Malware.k (v) 20160405
ESET-NOD32 Win32/PSW.Fareit.A 20160405
Fortinet WM/Agent!tr 20160404
Ikarus Trojan-Dropper.VBA.Agent 20160405
Qihoo-360 virus.office.obfuscated.1 20160405
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160405
VIPRE LooksLike.Macro.Malware.k (v) 20160405
Ad-Aware 20160405
AegisLab 20160405
AhnLab-V3 20160405
Alibaba 20160405
ALYac 20160405
Antiy-AVL 20160405
Avast 20160405
AVG 20160405
Baidu 20160405
Baidu-International 20160405
BitDefender 20160405
Bkav 20160405
CAT-QuickHeal 20160405
ClamAV 20160404
CMC 20160404
Comodo 20160404
Cyren 20160405
DrWeb 20160405
Emsisoft 20160405
F-Prot 20160405
F-Secure 20160405
GData 20160405
Jiangmin 20160405
K7AntiVirus 20160405
K7GW 20160404
Kaspersky 20160405
Kingsoft 20160405
Malwarebytes 20160405
McAfee 20160405
McAfee-GW-Edition 20160405
Microsoft 20160405
eScan 20160405
NANO-Antivirus 20160405
nProtect 20160405
Panda 20160405
Sophos AV 20160405
SUPERAntiSpyware 20160405
Symantec 20160331
Tencent 20160405
TheHacker 20160405
TrendMicro 20160405
TrendMicro-HouseCall 20160405
VBA32 20160405
ViRobot 20160405
Yandex 20160405
Zillya 20160405
Zoner 20160405
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
creation_datetime
2016-04-05 12:34:00
template
Normal.dotm
page_count
1
last_saved
2016-04-05 13:45:00
word_count
6
revision_number
1
application_name
Microsoft Office Word
character_count
36
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
41
version
983040
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7296
type_literal
stream
size
114
name
\x01CompObj
sid
18
type_literal
stream
size
284
name
\x05DocumentSummaryInformation
sid
9
type_literal
stream
size
404
name
\x05SummaryInformation
sid
8
type_literal
stream
size
8600
name
1Table
sid
7
type_literal
stream
size
17156
name
Data
sid
1
type_literal
stream
size
484
name
Macros/PROJECT
sid
17
type_literal
stream
size
65
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
2025
type
macro
name
Macros/VBA/Module1
sid
13
type_literal
stream
size
4322
type
macro
name
Macros/VBA/ThisDocument
sid
12
type_literal
stream
size
3039
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
565
name
Macros/VBA/dir
sid
15
type_literal
stream
size
115398
name
ObjectPool/_1521383481/\x01Ole10Native
sid
6
type_literal
stream
size
6
name
ObjectPool/_1521383481/\x03ObjInfo
sid
5
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1159 bytes
auto-open create-ole environ obfuscated open-file
[+] Module1.bas Macros/VBA/Module1 404 bytes
run-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
41

CreateDate
2016:04:05 11:34:00

Security
None

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2016:04:05 12:45:00

Characters
36

Pages
1

RevisionNumber
1

MIMEType
application/msword

Words
6

FileType
DOC

Lines
1

AppVersion
15.0

CodePage
Windows Cyrillic

Software
Microsoft Office Word

TotalEditTime
0

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 e1a793070f3c607d1664c919a5568a04
SHA1 890bcfc95bc96665ebf0aa2b8df908b6d10de753
SHA256 8490ebb1fe6ff8acd8c1f43725f3a75cc1232b20926d3c83a7c5f39666735840
ssdeep
3072:k6IB9UkUJN2ClrWJ746A2C1yd+mElfNPNqJADuy5eAC6OYqdE:ABako2MrW492C1y8lPDPeAVOYME

File size 160.0 KB ( 163840 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Apr 04 11:34:00 2016, Last Saved Time/Date: Mon Apr 04 12:45:00 2016, Number of Pages: 1, Number of Words: 6, Number of Characters: 36, Security: 0

TrID Microsoft Word document (35.9%)
Microsoft Excel sheet (33.7%)
Microsoft Word document (old ver.) (21.3%)
Generic OLE2 / Multistream Compound File (8.9%)
Tags
obfuscated open-file auto-open doc run-file macros environ attachment create-ole

VirusTotal metadata
First submission 2016-04-05 14:44:44 UTC ( vor 1 Jahr, 5 Monate )
Last submission 2016-09-26 17:31:51 UTC ( vor 12 Monate )
Dateinamen order_43813235.doc
order_81454452.doc
order_64256602.doc
order_51882456.doc
order_48536264.doc
order_32041004.doc
order_58848042.doc
order_17856582.doc
order_16468478.doc
order_48466747.doc
order_58846011.doc
order_60647710.doc
8490ebb1fe6ff8acd8c1f43725f3a75cc1232b20926d3c83a7c5f39666735840.doc
order_07781542.doc
order_08725206.doc
order_28035785.doc
order_26676814.doc
order_33561216.doc
order_16358088.doc
order_60400083.doc
8490ebb1fe6ff8acd8c1f43725f3a75cc1232b20926d3c83a7c5f39666735840.bin
order_81310477.doc
order_46321057.doc
order_67354020.doc
b9e535adea22d9c2e8da0a60bf45bf39
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!