× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bd3616754991fff27e300e7bf732061bcc2243bfaf6f766f392b64c2e38c66
File name: Aras_kargo_Takip.doc
Detection ratio: 20 / 57
Analysis date: 2018-10-30 13:43:26 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20181030
Avast VBA:Downloader-BDZ [Trj] 20181030
AVG VBA:Downloader-BDZ [Trj] 20181030
Avira (no cloud) HEUR/Macro.Downloader.TPA.Gen 20181030
Baidu VBA.Trojan-Downloader.Agent.dkb 20181030
DrWeb W97M.DownLoader.3060 20181030
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.KWD 20181030
F-Secure Trojan:W97M/MaliciousMacro.GEN 20181030
Fortinet VBA/Agent.KWD!tr.dldr 20181030
McAfee W97M/Downloader.du 20181030
McAfee-GW-Edition BehavesLike.Downloader.gl 20181030
Microsoft Trojan:Script/Foretype.A!ml 20181030
Qihoo-360 virus.office.obfuscated.1 20181030
Rising Trojan.Obfus/VBA!1.A609 (CLASSIC) 20181030
SentinelOne (Static ML) static engine - malicious 20181011
TACHYON Suspicious/W97M.Obfus.Gen.3 20181030
Tencent Heur.Macro.Generic.Gen.a 20181030
TrendMicro HEUR_VBA.O2 20181030
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20181030
Ad-Aware 20181030
AegisLab 20181030
AhnLab-V3 20181030
Alibaba 20180921
ALYac 20181030
Antiy-AVL 20181030
Avast-Mobile 20181030
Babable 20180918
BitDefender 20181030
Bkav 20181030
CAT-QuickHeal 20181028
ClamAV 20181030
CMC 20181030
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181030
Cyren 20181030
eGambit 20181030
Emsisoft 20181030
F-Prot 20181030
GData 20181030
Ikarus 20181030
Sophos ML 20180717
Jiangmin 20181030
K7AntiVirus 20181030
K7GW 20181030
Kaspersky 20181030
Kingsoft 20181030
Malwarebytes 20181030
MAX 20181030
eScan 20181030
NANO-Antivirus 20181030
Palo Alto Networks (Known Signatures) 20181030
Panda 20181030
Sophos AV 20181030
SUPERAntiSpyware 20181029
Symantec 20181029
Symantec Mobile Insight 20181026
TheHacker 20181025
TrendMicro-HouseCall 20181030
Trustlook 20181030
VBA32 20181030
ViRobot 20181030
Webroot 20181030
Yandex 20181026
Zillya 20181029
Zoner 20181030
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to hide the viewer or other applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Ad Coelum
creation_datetime
2018-10-29 20:29:00
revision_number
2
author
lyiXV64SfcY87v
page_count
1
last_saved
2018-10-30 06:30:00
template
Normal
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
byte_count
11000
characters_with_spaces
1
line_count
1
version
917504
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
17728
type_literal
stream
sid
44
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6394
type_literal
stream
sid
1
name
Data
size
50309
type_literal
stream
sid
42
name
Macros/PROJECT
size
1828
type_literal
stream
sid
43
name
Macros/PROJECTwm
size
851
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
37888
type_literal
stream
sid
18
type
macro
name
Macros/VBA/Module10
size
8948
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Module11
size
11436
type_literal
stream
sid
20
type
macro
name
Macros/VBA/Module12
size
13241
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Module13
size
8216
type_literal
stream
sid
22
type
macro
name
Macros/VBA/Module14
size
7724
type_literal
stream
sid
23
type
macro
name
Macros/VBA/Module15
size
11009
type_literal
stream
sid
24
type
macro
name
Macros/VBA/Module16
size
9051
type_literal
stream
sid
25
type
macro
name
Macros/VBA/Module17
size
4972
type_literal
stream
sid
26
type
macro
name
Macros/VBA/Module18
size
4879
type_literal
stream
sid
27
type
macro
name
Macros/VBA/Module19
size
18294
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module2
size
6958
type_literal
stream
sid
28
type
macro
name
Macros/VBA/Module20
size
7670
type_literal
stream
sid
29
type
macro
name
Macros/VBA/Module21
size
10796
type_literal
stream
sid
30
type
macro
name
Macros/VBA/Module22
size
7425
type_literal
stream
sid
31
type
macro
name
Macros/VBA/Module23
size
13826
type_literal
stream
sid
32
type
macro
name
Macros/VBA/Module24
size
5118
type_literal
stream
sid
33
type
macro
name
Macros/VBA/Module25
size
7084
type_literal
stream
sid
34
type
macro
name
Macros/VBA/Module26
size
5819
type_literal
stream
sid
35
type
macro
name
Macros/VBA/Module27
size
43257
type_literal
stream
sid
36
type
macro
name
Macros/VBA/Module28
size
12467
type_literal
stream
sid
37
type
macro
name
Macros/VBA/Module29
size
9861
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module3
size
3221
type_literal
stream
sid
38
type
macro
name
Macros/VBA/Module30
size
3447
type_literal
stream
sid
39
type
macro
name
Macros/VBA/Module31
size
11520
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module4
size
4180
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module5
size
3676
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Module6
size
12529
type_literal
stream
sid
15
type
macro
name
Macros/VBA/Module7
size
7969
type_literal
stream
sid
16
type
macro
name
Macros/VBA/Module8
size
13362
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Module9
size
2996
type_literal
stream
sid
40
type
macro
name
Macros/VBA/ThisDocument
size
6263
type_literal
stream
sid
41
name
Macros/VBA/_VBA_PROJECT
size
20993
type_literal
stream
sid
8
name
Macros/VBA/dir
size
1390
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 3300 bytes
obfuscated
[+] Module1.bas Macros/VBA/Module1 21080 bytes
create-ole hide-app obfuscated
[+] Module2.bas Macros/VBA/Module2 3234 bytes
obfuscated
[+] Module3.bas Macros/VBA/Module3 1280 bytes
[+] Module4.bas Macros/VBA/Module4 1843 bytes
obfuscated
[+] Module5.bas Macros/VBA/Module5 1537 bytes
obfuscated
[+] Module6.bas Macros/VBA/Module6 6307 bytes
obfuscated
[+] Module7.bas Macros/VBA/Module7 3941 bytes
obfuscated
[+] Module8.bas Macros/VBA/Module8 6982 bytes
obfuscated
[+] Module9.bas Macros/VBA/Module9 1172 bytes
obfuscated
[+] Module10.bas Macros/VBA/Module10 4553 bytes
obfuscated
[+] Module11.bas Macros/VBA/Module11 5782 bytes
obfuscated
[+] Module12.bas Macros/VBA/Module12 6817 bytes
obfuscated
[+] Module13.bas Macros/VBA/Module13 3990 bytes
obfuscated
[+] Module14.bas Macros/VBA/Module14 3806 bytes
obfuscated
[+] Module15.bas Macros/VBA/Module15 5492 bytes
obfuscated
[+] Module16.bas Macros/VBA/Module16 4541 bytes
obfuscated
[+] Module17.bas Macros/VBA/Module17 2213 bytes
obfuscated
[+] Module18.bas Macros/VBA/Module18 2263 bytes
obfuscated
[+] Module19.bas Macros/VBA/Module19 9657 bytes
environ obfuscated
[+] Module20.bas Macros/VBA/Module20 3722 bytes
obfuscated
[+] Module21.bas Macros/VBA/Module21 5493 bytes
obfuscated
[+] Module22.bas Macros/VBA/Module22 3719 bytes
obfuscated
[+] Module23.bas Macros/VBA/Module23 7203 bytes
obfuscated
[+] Module24.bas Macros/VBA/Module24 2249 bytes
obfuscated
[+] Module25.bas Macros/VBA/Module25 3565 bytes
obfuscated
[+] Module26.bas Macros/VBA/Module26 2736 bytes
obfuscated
[+] Module27.bas Macros/VBA/Module27 23983 bytes
create-file create-ole environ obfuscated open-file write-file
[+] Module28.bas Macros/VBA/Module28 6348 bytes
obfuscated
[+] Module29.bas Macros/VBA/Module29 4899 bytes
obfuscated
[+] Module30.bas Macros/VBA/Module30 1433 bytes
obfuscated
[+] Module31.bas Macros/VBA/Module31 5690 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
lyiXV64SfcY87v

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Ad Coelum

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:10:30 13:30:00

Characters
1

CodePage
Windows Latin 1 (Western European)

RevisionNumber
2

MIMEType
application/msword

Words
0

Lines
1

CreateDate
2018:10:30 03:29:00

Bytes
11000

AppVersion
14.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 f2a5dd9accd751731731a212ac18ba7d
SHA1 34b28d578d3565ee9465e5fd80d22689861fad65
SHA256 02bd3616754991fff27e300e7bf732061bcc2243bfaf6f766f392b64c2e38c66
ssdeep
6144:/+r1ULCttvhEz57MPMz4IwWuo4/Ka2dCP/j1uAtWoct:/IyMtZqQPfLWuo2KpdL3

File size 439.5 KB ( 450048 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: lyiXV64SfcY87v, Template: Normal, Last Saved By: Ad Coelum, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 29 04:29:00 2018, Last Saved Time/Date: Mon Oct 29 14:30:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file doc create-file macros environ write-file hide-app create-ole

VirusTotal metadata
First submission 2018-10-30 13:43:26 UTC ( 5 months, 2 weeks ago )
Last submission 2018-11-22 10:07:22 UTC ( 4 months, 3 weeks ago )
File names Aras_kargo_Takip.doc
f2a5dd9accd751731731a212ac18ba7d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!