× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0997950f4e799b62a616a8c17d3e685543ac7232ae31f7b8864350bf78c53b90
File name: 67ec9375133fedb7c67cf136f0d9ac058d610bc7
Detection ratio: 7 / 59
Analysis date: 2017-09-07 11:03:05 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu VBA.Trojan-Downloader.Agent.byb 20170907
Fortinet WM/Agent.Q!tr 20170907
Kaspersky HEUR:Trojan.Script.Agent.gen 20170907
Rising Macro.Agent.dx (classic) 20170901
Sophos AV Troj/DocDl-KHD 20170907
Tencent Macro.Trojan.Dropperx.Auto 20170907
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170907
Ad-Aware 20170907
AegisLab 20170907
AhnLab-V3 20170907
Alibaba 20170907
ALYac 20170907
Antiy-AVL 20170907
Arcabit 20170907
Avast 20170907
AVG 20170907
Avira (no cloud) 20170907
AVware 20170906
BitDefender 20170907
Bkav 20170907
CAT-QuickHeal 20170906
ClamAV 20170907
CMC 20170902
Comodo 20170907
CrowdStrike Falcon (ML) 20170804
Cylance 20170907
Cyren 20170907
DrWeb 20170907
Emsisoft 20170907
Endgame 20170821
ESET-NOD32 20170907
F-Prot 20170907
F-Secure 20170907
GData 20170907
Ikarus 20170907
Sophos ML 20170822
Jiangmin 20170907
K7AntiVirus 20170907
K7GW 20170907
Kingsoft 20170907
Malwarebytes 20170907
MAX 20170907
McAfee 20170907
McAfee-GW-Edition 20170907
Microsoft 20170907
eScan 20170907
NANO-Antivirus 20170907
nProtect 20170907
Palo Alto Networks (Known Signatures) 20170907
Panda 20170906
Qihoo-360 20170907
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170907
Symantec 20170907
Symantec Mobile Insight 20170907
TheHacker 20170904
TotalDefense 20170907
TrendMicro 20170907
TrendMicro-HouseCall 20170907
Trustlook 20170907
VBA32 20170906
VIPRE 20170907
ViRobot 20170907
Webroot 20170907
WhiteArmor 20170829
Yandex 20170906
Zillya 20170907
Zoner 20170907
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
Longer
creation_datetime
2017-09-07 08:52:00
revision_number
36
author
Longer
page_count
1
last_saved
2017-09-07 09:45:00
edit_time
1680
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
company
diakov.net
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4736
type_literal
stream
sid
21
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6916
type_literal
stream
sid
1
name
Data
size
45554
type_literal
stream
sid
20
name
Macros/PROJECT
size
510
type_literal
stream
sid
19
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
854
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module2
size
4329
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1506
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
5650
type_literal
stream
sid
13
name
Macros/VBA/dir
size
865
type_literal
stream
sid
11
type
macro
name
Macros/VBA/myform1
size
16670
type_literal
stream
sid
17
name
Macros/myform1/\x01CompObj
size
97
type_literal
stream
sid
18
name
Macros/myform1/\x03VBFrame
size
289
type_literal
stream
sid
15
name
Macros/myform1/f
size
127
type_literal
stream
sid
16
name
Macros/myform1/o
size
52
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 30 bytes
[+] Module1.bas Macros/VBA/Module1 44 bytes
[+] Module2.bas Macros/VBA/Module2 2682 bytes
[+] myform1.frm Macros/VBA/myform1 6080 bytes
run-file
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:09:07 08:45:00

Company
diakov.net

Characters
1

CodePage
Windows Latin 1 (Western European)

RevisionNumber
36

MIMEType
application/msword

Words
0

CreateDate
2017:09:07 07:52:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
28.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 e359f0e14e600d3911bdc2a8ecbc439a
SHA1 67ec9375133fedb7c67cf136f0d9ac058d610bc7
SHA256 0997950f4e799b62a616a8c17d3e685543ac7232ae31f7b8864350bf78c53b90
ssdeep
1536:ZFvkdZjNwz1nndj64wMxW4S96UjkH4vHW+K6kGILJvRCsrv99:ZFcfNwJMW4399nHnkLLJ5Ckv

File size 100.5 KB ( 102912 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 36, Name of Creating Application: Microsoft Office Word, Total Editing Time: 28:00, Create Time/Date: Wed Sep 06 07:52:00 2017, Last Saved Time/Date: Wed Sep 06 08:45:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2017-09-07 11:03:05 UTC ( 1 year, 5 months ago )
Last submission 2017-09-15 11:36:25 UTC ( 1 year, 5 months ago )
File names 67ec9375133fedb7c67cf136f0d9ac058d610bc7
=?UTF-8?B?cm95YWxiYW5rMTI4NzY0NTQ3MzRfNTIzNS5kb2M=?=
royalbank12876454734_5235.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!