× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d
File name: 07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d....
Detection ratio: 40 / 62
Analysis date: 2018-09-05 12:07:11 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.MAC.VBA 20180905
AegisLab Trojan.VBS.Formac.a!c 20180905
AhnLab-V3 W2KM/Downloader 20180905
Antiy-AVL Trojan/MSOffice.gen 20180905
Arcabit Trojan.MAC.VBA 20180905
Avast VBA:Downloader-DWV [Trj] 20180905
AVG VBA:Downloader-DWV [Trj] 20180905
Avira (no cloud) W2000M/Agent.6297111 20180905
AVware Trojan.OLE.Generic.a (v) 20180823
Baidu VBA.Trojan-Downloader.Agent.crt 20180905
BitDefender Trojan.MAC.VBA 20180905
CAT-QuickHeal O97M.Downloader.ZO 20180905
ClamAV Doc.Dropper.Agent-5783397-0 20180905
Comodo UnclassifiedMalware 20180905
Cyren PP97M/Agent 20180905
DrWeb W97M.DownLoader.1470 20180905
Emsisoft Trojan.MAC.VBA (B) 20180905
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDropper.Agent.TO 20180905
F-Prot New or modified PP97M/Agent 20180905
F-Secure Trojan.MAC.VBA 20180905
Fortinet WM/Agent.A4EF!tr 20180905
Ikarus Trojan.MAC.VBA.EmPyre 20180905
Kaspersky Trojan-Downloader.VBS.Formac.a 20180905
MAX malware (ai score=100) 20180905
McAfee W97M/Downloader.bve 20180905
McAfee-GW-Edition W97M/Downloader.bve 20180905
Microsoft Trojan:O97M/Multos.A 20180905
eScan Trojan.MAC.VBA 20180905
NANO-Antivirus Trojan.Script.Agent.eygbyu 20180905
Qihoo-360 virus.office.qexvmc.1100 20180905
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/DocDl-HFN 20180905
Symantec W97M.Downloader.M 20180905
TACHYON Suspicious/WOX.Obfus.Gen.2 20180905
Tencent OLE.Win32.Macro.700419 20180905
TrendMicro W2KM_DLOADR.YYSXV 20180905
TrendMicro-HouseCall W2KM_DLOADR.YYSXV 20180905
ViRobot W97M.S.Downloader.33726 20180905
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180905
Alibaba 20180713
ALYac 20180905
Avast-Mobile 20180905
Babable 20180902
Bkav 20180905
CMC 20180905
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180905
eGambit 20180905
GData 20180905
Sophos ML 20180717
Jiangmin 20180905
K7AntiVirus 20180905
K7GW 20180905
Kingsoft 20180905
Malwarebytes 20180905
Palo Alto Networks (Known Signatures) 20180905
Panda 20180905
Rising 20180905
SUPERAntiSpyware 20180905
Symantec Mobile Insight 20180831
TheHacker 20180904
TotalDefense 20180905
Trustlook 20180905
VBA32 20180905
VIPRE 20180905
Webroot 20180905
Yandex 20180904
Zillya 20180904
Zoner 20180904
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Content types
xml
rels
bin
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
rootroot root
cp:lastModifiedBy
john john
cp:revision
5
dcterms:created
2016-12-14T04:48:00Z
dcterms:modified
2016-12-21T11:03:00Z
Application document properties
Template
Normal.dotm
TotalTime
11
Pages
2
Words
498
Characters
2842
Application
Microsoft Macintosh Word
DocSecurity
0
Lines
23
Paragraphs
6
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
3334
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ja-jp
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
john john

Application
Microsoft Macintosh Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:12:21 11:03:00Z

ZipCRC
0xa4f88776

Words
498

ScaleCrop
No

RevisionNumber
5

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:12:14 04:48:00Z

Lines
23

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
418

Characters
2842

CharactersWithSpaces
3334

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Creator
rootroot root

TotalEditTime
11 minutes

ZipCompression
Deflated

Pages
2

FileTypeExtension
docm

Paragraphs
6

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
109285
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 1de4838f13c49d9f959d04b363326ac1
SHA1 598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6
SHA256 07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d
ssdeep
768:j3YODZ2mk3Il95WBSwQ+46zFqxaKhXNrk+AY:UuZ2mkfWu5ejb

File size 32.9 KB ( 33726 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
macros docx

VirusTotal metadata
First submission 2017-01-16 18:48:58 UTC ( 1 year, 10 months ago )
Last submission 2018-05-30 04:59:13 UTC ( 5 months, 2 weeks ago )
File names 1.docm
sample.docm
U.S. Allies and Rivals Digest Trump’s Victory - Carnegie Endowment for International Peace.docm
07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d.docx
598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6_U.S. Allies and Rivals Digest Trump_s Victory - Carnegie Endowment for International Peace.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!