× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08094b01d1fb2f583c4352c75893049b6015e2cd4cdcb527f16f6bafb4669d3f
File name: =?UTF-8?B?RDpcMeyblOyyq+ynuFxJbnZvaWNlIF8gNTlTNDkwOTU3LmRvYw==?=
Detection ratio: 21 / 56
Analysis date: 2018-08-09 00:38:30 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20180808
Avira (no cloud) HEUR/Macro.Downloader.APL.Gen 20180809
AVware LooksLike.Macro.Malware.k (v) 20180727
Baidu VBA.Trojan.Agent.dx 20180808
Emsisoft Trojan-Downloader.Macro.Generic (A) 20180809
Endgame malicious (high confidence) 20180730
Fortinet VBA/Agent.JUB!tr.dldr 20180808
Ikarus Trojan-Downloader.VBA.Agent 20180808
K7AntiVirus Trojan ( 00536d111 ) 20180808
K7GW Trojan ( 00536d111 ) 20180809
McAfee W97M/Downloader.cqc 20180809
McAfee-GW-Edition W97M/Downloader.cqc 20180808
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180808
Qihoo-360 virus.office.obfuscated.4 20180809
Sophos AV Troj/DocDl-PDR 20180808
Symantec ISB.Downloader!gen131 20180808
TACHYON Suspicious/W97M.Obfus.Gen 20180808
Tencent Heur.Macro.Generic.Gen.f 20180809
TrendMicro-HouseCall Trojan.W97M.POWLOAD.SMTHF3 20180809
VIPRE LooksLike.Macro.Malware.k (v) 20180808
Zoner Probably W97Obfuscated 20180808
Ad-Aware 20180808
AegisLab 20180808
AhnLab-V3 20180808
Alibaba 20180713
ALYac 20180808
Antiy-AVL 20180809
Avast 20180808
Avast-Mobile 20180809
AVG 20180808
Babable 20180725
BitDefender 20180808
Bkav 20180807
CAT-QuickHeal 20180807
ClamAV 20180808
CMC 20180808
Comodo 20180808
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20180809
Cyren 20180809
DrWeb 20180808
eGambit 20180809
ESET-NOD32 20180809
F-Prot 20180808
F-Secure 20180809
GData 20180808
Sophos ML 20180717
Jiangmin 20180808
Kaspersky 20180809
Kingsoft 20180809
Malwarebytes 20180808
MAX 20180809
eScan 20180809
Palo Alto Networks (Known Signatures) 20180809
Panda 20180808
Rising 20180808
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180809
Symantec Mobile Insight 20180809
TheHacker 20180807
Trustlook 20180809
VBA32 20180808
ViRobot 20180808
Webroot 20180809
Yandex 20180808
ZoneAlarm by Check Point 20180808
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-08-08 23:59:00
template
Normal.dotm
author
Asadulyh-PC
page_count
1
last_saved
2018-08-08 23:59:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5312
type_literal
stream
size
114
name
\x01CompObj
sid
18
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
412
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7876
name
1Table
sid
2
type_literal
stream
size
42348
name
Data
sid
1
type_literal
stream
size
431
name
Macros/PROJECT
sid
16
type_literal
stream
size
56
name
Macros/PROJECTwm
sid
17
type_literal
stream
size
4502
name
Macros/VBA/_VBA_PROJECT
sid
15
type_literal
stream
size
1248
name
Macros/VBA/__SRP_0
sid
10
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
11
type_literal
stream
size
292
name
Macros/VBA/__SRP_2
sid
12
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
13
type_literal
stream
size
563
name
Macros/VBA/dir
sid
8
type_literal
stream
size
1748
type
macro
name
Macros/VBA/nApbHzK
sid
9
type_literal
stream
size
9695
type
macro
name
Macros/VBA/rlSjpwvIJ
sid
14
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] nApbHzK.cls Macros/VBA/nApbHzK 299 bytes
run-file
[+] rlSjpwvIJ.bas Macros/VBA/rlSjpwvIJ 4940 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
Asadulyh-PC

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2018:08:08 22:59:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:08:08 22:59:00

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 31d5e98d1d0613bd272c7db3f174f013
SHA1 7c95e5f2c87c101e94901125db2e87a6ffd87963
SHA256 08094b01d1fb2f583c4352c75893049b6015e2cd4cdcb527f16f6bafb4669d3f
ssdeep
1536:kTxjwKZ09cB7y9ghN8+mQ90MTu+a9yX8SVxT:IxjnB29gb8on46

File size 94.9 KB ( 97152 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Asadulyh-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Aug 07 22:59:00 2018, Last Saved Time/Date: Tue Aug 07 22:59:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-08-09 00:17:07 UTC ( 3 months, 1 week ago )
Last submission 2018-08-09 18:46:35 UTC ( 3 months, 1 week ago )
File names =?UTF-8?B?RDpcMeyblOyyq+ynuFxJbnZvaWNlIF8gNTlTNDkwOTU3LmRvYw==?=
ACH 1271308GWPEBWZU Aug-09-2018.doc
WIRE 69P Aug-09-2018.doc
.
Invoice Query.doc
WIRE 653927HMRLUG.doc
WIRE 7TC.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!