× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00aaafd7384aaf5e4980c12bd2ee5add13adabf79f3359a716b84413bd08b9b7
File name: Richiesta.doc
Detection ratio: 7 / 59
Analysis date: 2018-07-04 07:24:57 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20180704
Ikarus Trojan-Downloader.VBA.Agent 20180703
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180704
Symantec ISB.Downloader!gen100 20180704
TACHYON Suspicious/W97M.Obfus.Gen 20180704
TrendMicro HEUR_VBA.O.ELBP 20180704
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180704
Ad-Aware 20180704
AegisLab 20180704
AhnLab-V3 20180703
Alibaba 20180704
ALYac 20180704
Antiy-AVL 20180704
Arcabit 20180704
Avast 20180704
Avast-Mobile 20180704
AVG 20180704
Avira (no cloud) 20180703
AVware 20180704
Babable 20180406
Baidu 20180704
BitDefender 20180704
Bkav 20180703
CAT-QuickHeal 20180704
ClamAV 20180704
CMC 20180703
Comodo 20180704
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180704
Cyren 20180704
DrWeb 20180704
eGambit 20180704
Emsisoft 20180704
Endgame 20180612
ESET-NOD32 20180704
F-Prot 20180704
Fortinet 20180704
GData 20180704
Sophos ML 20180601
Jiangmin 20180703
K7AntiVirus 20180704
K7GW 20180704
Kaspersky 20180704
Kingsoft 20180704
Malwarebytes 20180704
MAX 20180704
McAfee 20180704
McAfee-GW-Edition 20180704
Microsoft 20180704
eScan 20180704
Palo Alto Networks (Known Signatures) 20180704
Panda 20180703
Qihoo-360 20180704
Rising 20180704
SentinelOne (Static ML) 20180701
Sophos AV 20180704
SUPERAntiSpyware 20180704
Tencent 20180704
TheHacker 20180628
TrendMicro-HouseCall 20180704
Trustlook 20180704
VBA32 20180629
VIPRE 20180704
ViRobot 20180704
Webroot 20180704
Yandex 20180703
Zillya 20180703
Zoner 20180703
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Summary
creation_datetime
2018-04-25 22:21:00
template
Normal
title
Devolved fresh-thinking forecast
page_count
1
comments
Optimized empowering local area network
last_saved
2018-07-03 22:08:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
subject
Moore-Pfeffer
Document summary
byte_count
308736
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1152
type_literal
stream
size
114
name
\x01CompObj
sid
13
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7174
name
1Table
sid
2
type_literal
stream
size
156403
name
Data
sid
1
type_literal
stream
size
371
name
Macros/PROJECT
sid
11
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
12
type_literal
stream
size
96528
type
macro
name
Macros/VBA/ThisDocument
sid
9
type_literal
stream
size
28407
name
Macros/VBA/_VBA_PROJECT
sid
10
type_literal
stream
size
521
name
Macros/VBA/dir
sid
8
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 69603 bytes
ExifTool file metadata
SharedDoc
No

Title
Devolved fresh-thinking forecast

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1, Title, 1

Template
Normal

CharCountWithSpaces
1

CreateDate
2018:04:25 21:21:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2018:07:03 21:08:00

TitleOfParts
Devolved fresh-thinking forecast,

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
1

MIMEType
application/msword

Words
0

Bytes
308736

FileType
DOC

Lines
1

AppVersion
16.0

Comments
Optimized empowering local area network

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Subject
Moore-Pfeffer

File identification
MD5 2ff53146b1b76e2a8c22d8d45aabf605
SHA1 5699ee002e08860a811b9b95f406c027335df5ac
SHA256 00aaafd7384aaf5e4980c12bd2ee5add13adabf79f3359a716b84413bd08b9b7
ssdeep
6144:ijLtge+kOPP47zzLh8X9Gkh3pApLG11o52jA:ijpFu4LLh8tGkh3p+a1e52j

File size 302.0 KB ( 309248 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Title: Devolved fresh-thinking forecast, Subject: Moore-Pfeffer, Comments: Optimized empowering local area network, Template: Normal, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Apr 24 21:21:00 2018, Last Saved Time/Date: Mon Jul 02 21:08:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros doc

VirusTotal metadata
First submission 2018-07-04 05:01:28 UTC ( 9 months, 2 weeks ago )
Last submission 2018-07-05 07:15:14 UTC ( 9 months, 2 weeks ago )
File names Richiesta.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!