× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 662a10751c25fd46d728ed11b15ccc4b4f83a14484cbaf08a0d776b15d8e12c1
File name: ESTADOCUENTA_2457.doc
Detection ratio: 1 / 54
Analysis date: 2014-07-10 09:26:29 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
ESET-NOD32 VBA/TrojanDownloader.Agent.X 20140710
Ad-Aware 20140710
AegisLab 20140710
Yandex 20140709
AhnLab-V3 20140709
AntiVir 20140710
Antiy-AVL 20140710
Avast 20140710
AVG 20140710
Baidu-International 20140710
BitDefender 20140710
Bkav 20140709
ByteHero 20140710
CAT-QuickHeal 20140710
ClamAV 20140710
CMC 20140710
Commtouch 20140710
Comodo 20140710
DrWeb 20140710
Emsisoft 20140710
F-Prot 20140710
F-Secure 20140710
Fortinet 20140710
GData 20140710
Ikarus 20140710
Jiangmin 20140710
K7AntiVirus 20140709
K7GW 20140709
Kaspersky 20140710
Kingsoft 20140710
Malwarebytes 20140710
McAfee 20140710
McAfee-GW-Edition 20140710
Microsoft 20140710
eScan 20140710
NANO-Antivirus 20140710
Norman 20140710
nProtect 20140709
Panda 20140710
Qihoo-360 20140710
Rising 20140709
Sophos AV 20140710
SUPERAntiSpyware 20140710
Symantec 20140710
Tencent 20140710
TheHacker 20140708
TotalDefense 20140710
TrendMicro 20140710
TrendMicro-HouseCall 20140710
VBA32 20140709
VIPRE 20140710
ViRobot 20140710
Zillya 20140709
Zoner 20140708
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
clein
creation_datetime
2009-03-30 15:18:00
author
OFEyDV
title
Gu\ufffda MIPYME para ser emisor electr\ufffdnico
page_count
7
last_saved
2014-07-10 04:38:00
edit_time
12600
word_count
267
revision_number
57
last_printed
2006-06-07 15:04:00
application_name
Microsoft Office Word
character_count
1473
code_page
Latin I
template
Normal.dotm
Document summary
line_count
12
company
Servicio de Impuestos Internos
characters_with_spaces
1737
version
786432
paragraph_count
3
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4544
type_literal
stream
size
125
name
\x01CompObj
sid
17
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
27948
name
1Table
sid
2
type_literal
stream
size
457587
name
Data
sid
1
type_literal
stream
size
371
name
Macros/PROJECT
sid
15
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
7357
type
macro
name
Macros/VBA/ThisDocument
sid
13
type_literal
stream
size
5030
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
2005
name
Macros/VBA/__SRP_0
sid
9
type_literal
stream
size
184
name
Macros/VBA/__SRP_1
sid
10
type_literal
stream
size
788
name
Macros/VBA/__SRP_2
sid
11
type_literal
stream
size
354
name
Macros/VBA/__SRP_3
sid
12
type_literal
stream
size
511
name
Macros/VBA/dir
sid
8
type_literal
stream
size
14493
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1559 bytes
exe-pattern auto-open create-file create-ole download environ obfuscated open-file run-file write-file
ExifTool file metadata
SharedDoc
No

Author
OFEyDV

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
clein

HeadingPairs
T tulo, 1

Hyperlinks
http://i.imgur.com/QGg3Suh.jpg

Template
Normal.dotm

CharCountWithSpaces
1737

CreateDate
2009:03:30 14:18:00

CompObjUserType
Documento de Microsoft Office Word 97-2003

ModifyDate
2014:07:10 03:38:00

TitleOfParts
Gu a MIPYME para ser emisor electr nico

Company
Servicio de Impuestos Internos

Title
Gu a MIPYME para ser emisor electr nico

HyperlinksChanged
No

Characters
1473

ScaleCrop
No

RevisionNumber
57

MIMEType
application/msword

Words
267

FileType
DOC

Lines
12

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
3.5 hours

Pages
7

CompObjUserTypeLen
43

FileTypeExtension
doc

Paragraphs
3

LastPrinted
2006:06:07 14:04:00

Compressed bundles
File identification
MD5 fca13b56147a0e207ee5db946598b1f5
SHA1 dedeb836ece6e6f8f858d1e4a73a03d5b1ee9eff
SHA256 662a10751c25fd46d728ed11b15ccc4b4f83a14484cbaf08a0d776b15d8e12c1
ssdeep
12288:60K4hsaxwF9KmArzX3gqPIaeTs6r8zt3V9KmArzXXH:60Lhnxw58Xws/nt3J8X

File size 522.0 KB ( 534528 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Gu�a MIPYME para ser emisor electr�nico, Author: OFEyDV, Template: Normal.dotm, Last Saved By: clein, Revision Number: 57, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:30:00, Last Printed: Tue Jun 06 14:04:00 2006, Create Time/Date: Sun Mar 29 14:18:00 2009, Last Saved Time/Date: Wed Jul 09 03:38:00 2014, Number of Pages: 7, Number of Words: 267, Number of Characters: 1473, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file auto-open exe-pattern doc create-file run-file macros environ attachment download write-file create-ole

VirusTotal metadata
First submission 2014-07-10 05:18:40 UTC ( 4 years, 10 months ago )
Last submission 2017-04-17 23:32:42 UTC ( 2 years, 1 month ago )
File names nasty.doc
06ee3b0c65ae774d4648cbffb09ea091
1.doc
662a10751c25fd46d728ed11b15ccc4b4f83a14484cbaf08a0d776b15d8e12c1.bin
VirusShare_fca13b56147a0e207ee5db946598b1f5.doc
G24jf5GQ.dot
file-7214103_doc
vti-rescan
VirusShare_fca13b56147a0e207ee5db946598b1f5
ESTADOCUENTA_2457.doc
ESTADOCUENTA_2457.doc
e1e70e271b5563b1e8bf29c7c51db330
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!