× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 561fd6cbff356106045b20f2e8737bd6e90d7d644d3455fa911434b1bf02cbf1
File name: requirements.doc
Detection ratio: 9 / 54
Analysis date: 2014-09-11 21:25:51 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/Macro.Downloader 20140911
DrWeb W97M.DownLoader.65 20140911
Emsisoft Trojan-Downloader.MSWord.Agent (A) 20140911
ESET-NOD32 VBA/TrojanDownloader.Agent.AS 20140911
Kaspersky Trojan-Downloader.MSWord.Agent.bf 20140911
Microsoft TrojanDownloader:O97M/Donoff 20140911
Sophos AV Troj/DocDl-D 20140911
Symantec W97M.Downloader 20140911
TrendMicro TROJ_DESTRO.I 20140911
Ad-Aware 20140911
AegisLab 20140911
Yandex 20140911
AhnLab-V3 20140911
Antiy-AVL 20140911
Avast 20140911
AVG 20140911
AVware 20140911
Baidu-International 20140911
BitDefender 20140911
Bkav 20140911
ByteHero 20140911
CAT-QuickHeal 20140911
ClamAV 20140911
CMC 20140908
Comodo 20140911
Cyren 20140911
F-Prot 20140911
F-Secure 20140911
Fortinet 20140911
GData 20140911
Ikarus 20140911
Jiangmin 20140911
K7AntiVirus 20140911
K7GW 20140911
Kingsoft 20140911
Malwarebytes 20140911
McAfee 20140911
McAfee-GW-Edition 20140911
eScan 20140911
NANO-Antivirus 20140911
Norman 20140911
nProtect 20140911
Panda 20140911
Qihoo-360 20140911
Rising 20140911
SUPERAntiSpyware 20140911
Tencent 20140911
TheHacker 20140911
TotalDefense 20140911
VBA32 20140911
VIPRE 20140911
ViRobot 20140911
Zillya 20140910
Zoner 20140910
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Summary
last_author
user
creation_datetime
2014-08-26 18:51:00
revision_number
16
author
Promotion Manager
page_count
1
last_saved
2014-09-02 14:40:00
edit_time
5460
word_count
119
template
Normal.dotm
application_name
Microsoft Office Word
character_count
684
code_page
Cyrillic
Document summary
line_count
5
characters_with_spaces
802
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
11776
type_literal
stream
sid
23
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7201
type_literal
stream
sid
1
name
Data
size
73877
type_literal
stream
sid
21
name
Macros/PROJECT
size
465
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module1
size
2349
type_literal
stream
sid
18
type
macro
name
Macros/VBA/NewMacros
size
1046
type_literal
stream
sid
19
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
924
type_literal
stream
sid
20
name
Macros/VBA/_VBA_PROJECT
size
3142
type_literal
stream
sid
14
name
Macros/VBA/__SRP_0
size
1358
type_literal
stream
sid
15
name
Macros/VBA/__SRP_1
size
74
type_literal
stream
sid
16
name
Macros/VBA/__SRP_2
size
114
type_literal
stream
sid
17
name
Macros/VBA/__SRP_3
size
214
type_literal
stream
sid
12
name
Macros/VBA/dir
size
771
type_literal
stream
sid
8
name
MsoDataStore/NJQ\xcbL\xd4\xc0\xd52U\xd24\xcc1R3\xc4D\xcf\xcb\xc1\xd0==/Item
size
205
type_literal
stream
sid
9
name
MsoDataStore/NJQ\xcbL\xd4\xc0\xd52U\xd24\xcc1R3\xc4D\xcf\xcb\xc1\xd0==/Properties
size
341
type_literal
stream
sid
3
name
WordDocument
size
4148
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 537 bytes
exe-pattern url-pattern auto-open create-file create-ole download environ open-file run-file write-file
[+] NewMacros.bas Macros/VBA/NewMacros 139 bytes
ExifTool file metadata
SharedDoc
No

Author
Promotion Manager

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
802

CreateDate
2014:08:26 17:51:00

CompObjUserType
???????? Microsoft Office Word 97-2003

ModifyDate
2014:09:02 13:40:00

ScaleCrop
No

Characters
684

CodePage
Windows Cyrillic

RevisionNumber
16

MIMEType
application/msword

Words
119

FileType
DOC

Lines
5

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1.5 hours

Pages
1

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 ee0df52888f49795733275a4ce6ba4c5
SHA1 2c660f7f460c672c2292d480b19a84b29e8d30e1
SHA256 561fd6cbff356106045b20f2e8737bd6e90d7d644d3455fa911434b1bf02cbf1
ssdeep
1536:e1IK4Aw3mY7MRu+XuXsE/x3JYkQS8cOo6HrrIkDf3:e1IKQ2Y7DhZ+kF8+6Hrr

File size 109.5 KB ( 112128 bytes )
File type MS Word Document
Magic literal
Windows, Version 6.1, Code page: 1251, Author: Promotion Manager, Template: Normal.dotm, Last Saved By: user, Revision Number: 16, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:31:00, Create Time/Date: Mon Aug 25 17:51:00 2014, Last Saved Time/Date: Mon Sep 01 13:40:00 2014, Number of Pages: 1, Number of Words: 119, Number of Characters: 684, Security: 0

TrID Microsoft Word document (35.9%)
Microsoft Excel sheet (33.7%)
Microsoft Word document (old ver.) (21.3%)
Generic OLE2 / Multistream Compound File (8.9%)
Tags
open-file auto-open exe-pattern url-pattern create-file run-file macros environ attachment doc download write-file create-ole

VirusTotal metadata
First submission 2014-09-03 16:59:34 UTC ( 4 years, 8 months ago )
Last submission 2017-04-17 23:32:40 UTC ( 2 years, 1 month ago )
File names a.doc
receipt.doc
requirements.doc
VirusShare_ee0df52888f49795733275a4ce6ba4c5
fb9dc0aaf9ea0a932fc6dde56068ec46
project.doc
ee0df52888f49795733275a4ce6ba4c5.malware
file-7426802_doc
requirements.doc
receipt.doc
requirements.doc-phpLEZFQ6
ee0df52888f49795733275a4ce6ba4c5.doc
project.doc.malware
03c3554f0fc8a3133045f7b5306f85ce
2.txt
883af7ca119957553d6b12ccfacbe20f
1b0622684b5dc11a9823e8466acd2944
donation form.doc
VirusShare_ee0df52888f49795733275a4ce6ba4c5.doc
ee0df52888f49795733275a4ce6ba4c5
112128-ee0df52888f49795733275a4ce6ba4c5.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!