× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 021b3dd80f0b0d69fad9fef8efde555a77bb294a5a959a89099b09e78aeff71a
File name: df3bf668150240f6b143563653095926.doc
Detection ratio: 1 / 53
Analysis date: 2016-06-29 12:11:22 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Fortinet WM/Agent.BII!tr.dldr 20160629
Ad-Aware 20160629
AegisLab 20160629
AhnLab-V3 20160629
Alibaba 20160629
ALYac 20160629
Antiy-AVL 20160629
Arcabit 20160629
Avast 20160629
AVG 20160629
Avira (no cloud) 20160629
AVware 20160629
Baidu 20160629
BitDefender 20160629
Bkav 20160629
CAT-QuickHeal 20160629
ClamAV 20160629
CMC 20160627
Comodo 20160629
Cyren 20160629
DrWeb 20160629
Emsisoft 20160629
ESET-NOD32 20160629
F-Prot 20160629
F-Secure 20160629
GData 20160629
Ikarus 20160629
Jiangmin 20160629
K7AntiVirus 20160629
K7GW 20160629
Kaspersky 20160629
Kingsoft 20160629
Malwarebytes 20160629
McAfee 20160629
McAfee-GW-Edition 20160629
Microsoft 20160629
eScan 20160629
NANO-Antivirus 20160629
nProtect 20160629
Panda 20160628
Qihoo-360 20160629
Sophos AV 20160629
SUPERAntiSpyware 20160629
Symantec 20160629
Tencent 20160629
TheHacker 20160628
TrendMicro 20160629
TrendMicro-HouseCall 20160629
VBA32 20160627
VIPRE 20160629
ViRobot 20160629
Zillya 20160629
Zoner 20160629
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May create OLE objects.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 87 bytes
[+] lxMdOfAhFY.bas word/vbaProject.bin VBA/lxMdOfAhFY 1565 bytes
create-ole
[+] juyJH.bas word/vbaProject.bin VBA/juyJH 1666 bytes
[+] ukZBMmO.bas word/vbaProject.bin VBA/ukZBMmO 3310 bytes
[+] MpNOyy.bas word/vbaProject.bin VBA/MpNOyy 1436 bytes
[+] xsxWFB.bas word/vbaProject.bin VBA/xsxWFB 1229 bytes
environ open-file
Content types
bin
rels
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
revision
1
created
2016-06-28T10:52:00Z
modified
2016-06-28T10:52:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
1
Characters
11
Application
Microsoft Office Word
DocSecurity
8
Lines
1
Paragraphs
1
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
11
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
de-ch
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:06:28 10:52:00Z

ZipCRC
0x23cbfb46

Words
1

ScaleCrop
No

RevisionNumber
1

MIMEType
application/vnd.ms-word.template.macroEnabledTemplate

ZipBitFlag
0x0006

CreateDate
2016:06:28 10:52:00Z

Lines
1

AppVersion
14.0

ZipUncompressedSize
1511

ZipCompressedSize
415

Characters
11

CharactersWithSpaces
11

DocSecurity
Locked for annotations

ZipModifyDate
1980:01:01 00:00:00

FileType
DOTM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
dotm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
130247
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
png
2
bin
1
Contained files by type
XML
13
PNG
2
Microsoft Office
1
File identification
MD5 df3bf668150240f6b143563653095926
SHA1 1d64d12d54cae613805ab5407783fa54c97a52ef
SHA256 021b3dd80f0b0d69fad9fef8efde555a77bb294a5a959a89099b09e78aeff71a
ssdeep
768:TrLODDx2MMPcqhKn59MD6jWv+QOZ18q2winsd9WvD+Kytsny58gJUZsNNRDKGuJf:TrCl2HPcgi++WYEf3yB2nyyjsNNJKG4f

File size 68.7 KB ( 70341 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
macros open-file environ docx create-ole

VirusTotal metadata
First submission 2016-06-29 12:11:22 UTC ( 1 year, 4 months ago )
Last submission 2016-07-13 11:35:59 UTC ( 1 year, 4 months ago )
File names skyguide ltd.doc
df3bf668150240f6b143563653095926.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!