× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ff9062246c9c65f6a73dc7d7a2ce7b45b934c605656d5303e0c99ea15c1d47a
File name: RetencionCuenta_HSBC.doc
Detection ratio: 4 / 54
Analysis date: 2014-07-17 13:21:04 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
ESET-NOD32 VBA/TrojanDownloader.Agent.X 20140717
Sophos AV Troj/DocDl-D 20140717
TrendMicro TROJ_DOCDLOADR.K 20140717
TrendMicro-HouseCall TROJ_DOCDLOADR.K 20140717
Ad-Aware 20140717
AegisLab 20140717
Yandex 20140716
AhnLab-V3 20140717
AntiVir 20140717
Antiy-AVL 20140717
Avast 20140717
AVG 20140717
Baidu-International 20140717
BitDefender 20140717
Bkav 20140717
ByteHero 20140717
CAT-QuickHeal 20140717
ClamAV 20140717
CMC 20140717
Commtouch 20140717
Comodo 20140717
DrWeb 20140717
Emsisoft 20140717
F-Prot 20140717
F-Secure 20140717
Fortinet 20140717
GData 20140717
Ikarus 20140717
Jiangmin 20140717
K7AntiVirus 20140717
K7GW 20140717
Kaspersky 20140717
Kingsoft 20140717
Malwarebytes 20140717
McAfee 20140717
McAfee-GW-Edition 20140716
Microsoft 20140717
eScan 20140717
NANO-Antivirus 20140717
Norman 20140717
nProtect 20140717
Panda 20140717
Qihoo-360 20140717
Rising 20140717
SUPERAntiSpyware 20140717
Symantec 20140717
Tencent 20140717
TheHacker 20140714
TotalDefense 20140717
VBA32 20140717
VIPRE 20140717
ViRobot 20140717
Zillya 20140716
Zoner 20140714
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
clein
creation_datetime
2009-03-30 15:18:00
author
OFEyDV
title
Gu\ufffda MIPYME para ser emisor electr\ufffdnico
page_count
7
last_saved
2014-07-17 06:54:00
edit_time
11760
word_count
265
revision_number
59
last_printed
2006-06-07 15:04:00
application_name
Microsoft Office Word
character_count
1461
code_page
Latin I
template
Normal.dotm
Document summary
line_count
12
company
Servicio de Impuestos Internos
characters_with_spaces
1723
version
786432
paragraph_count
3
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4672
type_literal
stream
sid
17
name
\x01CompObj
size
125
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
27992
type_literal
stream
sid
1
name
Data
size
457587
type_literal
stream
sid
16
name
Macros/PROJECT
size
369
type_literal
stream
sid
15
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
7433
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
5062
type_literal
stream
sid
13
name
Macros/VBA/__SRP_0
size
2053
type_literal
stream
sid
14
name
Macros/VBA/__SRP_1
size
184
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
880
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
354
type_literal
stream
sid
12
name
Macros/VBA/dir
size
512
type_literal
stream
sid
3
name
WordDocument
size
11931
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1489 bytes
exe-pattern auto-open create-file create-ole download environ obfuscated open-file run-file write-file
ExifTool file metadata
SharedDoc
No

Author
OFEyDV

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
clein

HeadingPairs
T tulo, 1

Hyperlinks
https://cpn.hsbc.com.mx/cpn/imagenes/logohsbc.gif

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1723

Word97
No

LanguageCode
English (US)

CompObjUserType
Documento de Microsoft Office Word 97-2003

ModifyDate
2014:07:17 05:54:00

TitleOfParts
Gu a MIPYME para ser emisor electr nico

Company
Servicio de Impuestos Internos

Title
Gu a MIPYME para ser emisor electr nico

Characters
1461

CodePage
Windows Latin 1 (Western European)

RevisionNumber
59

MIMEType
application/msword

Words
265

CreateDate
2009:03:30 14:18:00

Lines
12

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
3.3 hours

Pages
7

ScaleCrop
No

CompObjUserTypeLen
43

FileTypeExtension
doc

Paragraphs
3

LastPrinted
2006:06:07 11:04:00Z

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 7c0c98b9c4aba1c11f2130d4f4ba2eef
SHA1 b9267a106e6998a06d2eeb6d9381350a0882036c
SHA256 0ff9062246c9c65f6a73dc7d7a2ce7b45b934c605656d5303e0c99ea15c1d47a
ssdeep
12288:2I0K4hvaxXq9KmArzXHgqPIaeTs6r8zt369KmArzX:2I0LhixXO8XAs/nt3e8X

File size 520.0 KB ( 532480 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Gu�a MIPYME para ser emisor electr�nico, Author: OFEyDV, Template: Normal.dotm, Last Saved By: clein, Revision Number: 59, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:16:00, Last Printed: Tue Jun 06 14:04:00 2006, Create Time/Date: Sun Mar 29 14:18:00 2009, Last Saved Time/Date: Wed Jul 16 05:54:00 2014, Number of Pages: 7, Number of Words: 265, Number of Characters: 1461, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file auto-open exe-pattern doc create-file run-file macros environ attachment download write-file create-ole

VirusTotal metadata
First submission 2014-07-17 06:11:00 UTC ( 4 years, 10 months ago )
Last submission 2017-04-17 23:32:31 UTC ( 2 years, 1 month ago )
File names 2135ed897be854ee41a42a72afd88a86
VirusShare_7c0c98b9c4aba1c11f2130d4f4ba2eef
d7bc116e8221f7afe54d4c0f3b755deb
bdcd1926535d2a5cc14be832f40c6824
b29609d3e9c0791263c57ddce606883a
7fa5e40238d534115543c700a97f0027
7c0c98b9c4aba1c11f2130d4f4ba2eef.exe
vti-rescan
oo.doc
34060c3046f478e134199a4ce2495423
VirusShare_7c0c98b9c4aba1c11f2130d4f4ba2eef.doc
RetencionCuenta_HSBC.doc
FO7dQzb.tiff
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!