× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09515dd0cd0c29bb473e8358f2ee90f113fe56e451e9a9a15902198a87260da8
File name: 02-pm51A.docm
Detection ratio: 5 / 55
Analysis date: 2016-03-08 10:42:58 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160308
Avast VBA:Downloader-AUR [Trj] 20160308
GData Macro.Trojan-Downloader.Agent.MV 20160308
Ikarus Trojan-Downloader.VBA.Agent 20160308
Panda VBS/Jenxcus.A 20160307
Ad-Aware 20160308
AegisLab 20160308
Yandex 20160308
AhnLab-V3 20160307
Alibaba 20160308
ALYac 20160308
Antiy-AVL 20160308
AVG 20160308
Avira (no cloud) 20160308
AVware 20160308
Baidu-International 20160308
BitDefender 20160308
Bkav 20160307
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
DrWeb 20160308
Emsisoft 20160308
ESET-NOD32 20160308
F-Prot 20160308
F-Secure 20160308
Fortinet 20160308
Jiangmin 20160308
K7AntiVirus 20160308
K7GW 20160308
Kaspersky 20160307
Malwarebytes 20160308
McAfee 20160308
McAfee-GW-Edition 20160308
Microsoft 20160308
eScan 20160308
NANO-Antivirus 20160308
nProtect 20160308
Qihoo-360 20160308
Rising 20160308
Sophos AV 20160308
SUPERAntiSpyware 20160308
Symantec 20160307
Tencent 20160308
TheHacker 20160307
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
VIPRE 20160308
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May copy a file.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 46 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 3565 bytes
create-ole obfuscated open-file
[+] Module2.bas word/vbaProject.bin VBA/Module2 6303 bytes
copy-file create-ole obfuscated open-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
Microsoft Office
cp:revision
2
dcterms:created
2016-03-08T09:17:00Z
dcterms:modified
2016-03-08T09:17:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Microsoft Office

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

CreateDate
2016:03:08 09:17:00Z

ZipRequiredVersion
20

ModifyDate
2016:03:08 09:17:00Z

ZipCRC
0x7aec387e

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
16.0

ZipUncompressedSize
1453

ZipCompressedSize
391

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
89218
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
File identification
MD5 e7aa388316b1094e0f756ebb40bca838
SHA1 489693ec0cbe2fbd10255017eb5512c635096733
SHA256 09515dd0cd0c29bb473e8358f2ee90f113fe56e451e9a9a15902198a87260da8
ssdeep
384:/imtIh+m8fnN4Kf2me29ETqbXVIxB9mh3h/160rUt3xW5FOKRMP1aYSd/lMy64oN:/L1fOmpjuxBI9JrUxxjban9nHotBlic

File size 28.1 KB ( 28779 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file copy-file docx macros create-ole

VirusTotal metadata
First submission 2016-03-08 10:37:50 UTC ( 3 years, 2 months ago )
Last submission 2016-03-08 10:42:58 UTC ( 3 years, 2 months ago )
File names 73755c8cd949e7b13733b5be5df6d665
02-pm51A.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!