× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0856c39963280c37850897d9a7ce80fd1c225c0a96d1a827e003e91a95866169
File name: invoice_320579.doc
Detection ratio: 33 / 61
Analysis date: 2018-09-11 21:08:07 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.390015 20180911
ALYac Gen:Variant.Razy.390015 20180911
Arcabit Trojan.Razy.D5F37F 20180911
Avira (no cloud) W97M/Agent.3118415 20180911
AVware LooksLike.Macro.Malware.h (v) 20180911
Baidu VBA.Trojan-Downloader.Agent.ddl 20180910
BitDefender Gen:Variant.Razy.390015 20180911
CAT-QuickHeal Exp.OLE.Drop.Gen 20180909
Cyren W97M/Downldr 20180911
Emsisoft Gen:Variant.Razy.390015 (B) 20180911
Endgame malicious (high confidence) 20180730
F-Prot New or modified W97M/Downldr 20180911
F-Secure Trojan:W97M/Nastjencro.A 20180911
GData Gen:Variant.Razy.390015 20180911
Ikarus possible-Threat.Embedded.ExeInOffice 20180911
Kaspersky HEUR:Trojan.Script.Generic 20180911
MAX malware (ai score=82) 20180911
McAfee Artemis!A1AC08123D98 20180911
McAfee-GW-Edition BehavesLike.Downloader.dg 20180911
Microsoft Trojan:O97M/Sonbokli.A!cl 20180911
eScan Gen:Variant.Razy.390015 20180911
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180911
Qihoo-360 Win32/Trojan.Script.ed4 20180911
Rising Trojan.Hancitor!8.B197 (TOPIS:xfJqIzlG5BU) 20180911
SentinelOne (Static ML) static engine - malicious 20180830
Symantec W97M.Downloader 20180911
TACHYON Unknown/W97.NS.Gen 20180911
Tencent Heur.Macro.Generic.Gen.a 20180911
TrendMicro TROJ_FRS.VSN0AI18 20180911
TrendMicro-HouseCall TROJ_FRS.VSN0AI18 20180911
VIPRE LooksLike.Macro.Malware.h (v) 20180911
ZoneAlarm by Check Point HEUR:Trojan.Script.Generic 20180911
Zoner Probably W97Shell 20180910
AegisLab 20180911
AhnLab-V3 20180911
Alibaba 20180713
Antiy-AVL 20180911
Avast 20180911
Avast-Mobile 20180911
AVG 20180911
Babable 20180907
Bkav 20180911
ClamAV 20180911
CMC 20180911
Comodo 20180911
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20180911
DrWeb 20180911
eGambit 20180911
ESET-NOD32 20180911
Fortinet 20180911
Sophos ML 20180717
Jiangmin 20180911
K7AntiVirus 20180911
K7GW 20180911
Kingsoft 20180911
Malwarebytes 20180911
Palo Alto Networks (Known Signatures) 20180911
Panda 20180911
Sophos AV 20180911
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TheHacker 20180907
TotalDefense 20180911
Trustlook 20180911
VBA32 20180911
ViRobot 20180911
Webroot 20180911
Yandex 20180910
Zillya 20180911
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May copy a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
win7home
creation_datetime
2018-09-11 16:15:00
author
444555
title
page_count
1
last_saved
2018-09-11 16:16:00
word_count
3
revision_number
3
application_name
Microsoft Office Word
character_count
20
code_page
Latin I
template
Normal.dotm
Document summary
line_count
1
company
Home
characters_with_spaces
22
version
983040
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
15488
type_literal
stream
sid
39
name
\x01CompObj
size
114
type_literal
stream
sid
11
name
\x05DocumentSummaryInformation
size
324
type_literal
stream
sid
10
name
\x05SummaryInformation
size
416
type_literal
stream
sid
9
name
1Table
size
10405
type_literal
stream
sid
1
name
Data
size
88458
type_literal
stream
sid
38
name
Macros/PROJECT
size
742
type_literal
stream
sid
37
name
Macros/PROJECTwm
size
197
type_literal
stream
sid
30
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
31
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
28
name
Macros/UserForm1/f
size
110
type_literal
stream
sid
29
name
Macros/UserForm1/o
size
60
type_literal
stream
sid
35
name
Macros/UserForm3/\x01CompObj
size
97
type_literal
stream
sid
36
name
Macros/UserForm3/\x03VBFrame
size
292
type_literal
stream
sid
33
name
Macros/UserForm3/f
size
110
type_literal
stream
sid
34
name
Macros/UserForm3/o
size
60
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Module1
size
961
type_literal
stream
sid
20
type
macro
name
Macros/VBA/Module2
size
5692
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Module3
size
1110
type_literal
stream
sid
22
type
macro
name
Macros/VBA/Module4
size
2571
type_literal
stream
sid
18
type
macro
name
Macros/VBA/ThisDocument
size
3023
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/UserForm1
size
1160
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/UserForm3
size
1160
type_literal
stream
sid
25
name
Macros/VBA/_VBA_PROJECT
size
4914
type_literal
stream
sid
26
name
Macros/VBA/dir
size
1046
type_literal
stream
sid
14
name
MsoDataStore/4XZ\xd7U\xcc\xc7\xdc2\xd4K\xcf\xd7C\xd2HNZV\xd0M\xc0==/Item
size
252
type_literal
stream
sid
15
name
MsoDataStore/4XZ\xd7U\xcc\xc7\xdc2\xd4K\xcf\xd7C\xd2HNZV\xd0M\xc0==/Properties
size
341
type_literal
stream
sid
6
name
ObjectPool/_1598191286/\x01CompObj
size
76
type_literal
stream
sid
8
name
ObjectPool/_1598191286/\x01Ole10Native
size
91412
type_literal
stream
sid
5
name
ObjectPool/_1598191286/\x03EPRINT
size
17256
type_literal
stream
sid
7
name
ObjectPool/_1598191286/\x03ObjInfo
size
6
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 878 bytes
[+] Module1.bas Macros/VBA/Module1 125 bytes
[+] Module2.bas Macros/VBA/Module2 2553 bytes
exe-pattern create-ole environ open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 211 bytes
[+] Module4.bas Macros/VBA/Module4 780 bytes
copy-file create-ole environ
ExifTool file metadata
SharedDoc
No

Author
444555

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
win7home

HeadingPairs
Title, 1, , 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
22

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:09:11 14:16:00

TitleOfParts
,

Company
Home

Characters
20

CodePage
Unicode (UTF-8)

RevisionNumber
3

MIMEType
application/msword

Words
3

CreateDate
2018:09:11 14:15:00

Lines
1

AppVersion
15.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

PCAP parents
File identification
MD5 cf507d9158eed1ae053218e37c05a80c
SHA1 628c2c358025e6deccd29a0b1ae9a3c9f31dbcf0
SHA256 0856c39963280c37850897d9a7ce80fd1c225c0a96d1a827e003e91a95866169
ssdeep
3072:IgXY/YthSVosBbzZkvHxj9oZfYA4rTXAeuue30vTlr186RDBb1Qaai5PEFLu:Pokh1skvRSCjtzeU8QDBki5PEF6

File size 242.5 KB ( 248320 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: 444555, Template: Normal.dotm, Last Saved By: win7home, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Sep 10 15:15:00 2018, Last Saved Time/Date: Mon Sep 10 15:16:00 2018, Number of Pages: 1, Number of Words: 3, Number of Characters: 20, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file exe-pattern doc copy-file run-file macros environ write-file create-ole

VirusTotal metadata
First submission 2018-09-11 15:13:25 UTC ( 7 months, 2 weeks ago )
Last submission 2018-09-11 15:13:25 UTC ( 7 months, 2 weeks ago )
File names invoice_694333.doc
invoice_201144.doc
invoice_187907.doc
invoice_704844.doc
invoice_527842.doc
invoice_269165.doc
invoice_420876.doc
invoice_492522.doc
invoice_914650.doc
invoice_320579.doc
invoice_151777.doc
invoice_745482.doc
invoice_153605.doc
invoice_353273.doc
invoice_915109.doc
invoice_574464.doc
invoice_247730.doc
invoice_939329.doc
invoice_759712.doc
invoice_197406.doc
invoice_116496.doc
invoice_913775.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!