× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d92b1656112ed73fe98fd6c714d7959dd8ecc85759b87a6b01747a2ab0f8335
Detection ratio: 10 / 59
Analysis date: 2017-10-05 01:26:52 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Baidu VBA.Trojan.Agent.bj 20170930
DrWeb W97M.DownLoader.2068 20171004
Fortinet WM/Agent.Q!tr 20171005
Ikarus Win32.Outbreak 20171004
Qihoo-360 virus.office.qexvmc.1080 20171005
Rising Macro.Agent.dx (CLASSIC) 20171004
Sophos AV Troj/DocDl-KMR 20171005
Symantec W97M.Downloader 20171005
TrendMicro-HouseCall Suspicious_GEN.F47V0928 20171004
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20171005
Ad-Aware 20171004
AegisLab 20171005
AhnLab-V3 20171004
Alibaba 20170911
ALYac 20171005
Antiy-AVL 20171004
Arcabit 20171005
Avast 20171004
Avast-Mobile 20171004
AVG 20171004
Avira (no cloud) 20171004
AVware 20171004
BitDefender 20171005
Bkav 20171004
CAT-QuickHeal 20171004
ClamAV 20171004
CMC 20171004
Comodo 20171005
CrowdStrike Falcon (ML) 20170804
Cylance 20171005
Cyren 20171005
Emsisoft 20171005
Endgame 20170821
ESET-NOD32 20171004
F-Prot 20171005
F-Secure 20171005
GData 20171005
Sophos ML 20170914
Jiangmin 20171004
K7AntiVirus 20171004
K7GW 20171005
Kaspersky 20171005
Kingsoft 20171005
Malwarebytes 20171004
MAX 20171004
McAfee 20171005
McAfee-GW-Edition 20171004
Microsoft 20171005
eScan 20171005
NANO-Antivirus 20171004
nProtect 20171005
Palo Alto Networks (Known Signatures) 20171005
Panda 20171004
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171005
Symantec Mobile Insight 20171004
Tencent 20171005
TheHacker 20171002
TrendMicro 20171005
Trustlook 20171005
VBA32 20171004
VIPRE 20171004
ViRobot 20171004
Webroot 20171005
WhiteArmor 20170927
Yandex 20171004
Zillya 20171004
Zoner 20171005
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
Longer
creation_datetime
2017-10-04 11:03:00
revision_number
3
author
PC
page_count
1
last_saved
2017-10-04 11:11:00
word_count
39
template
Normal.dotm
application_name
Microsoft Office Word
character_count
223
code_page
Latin I
Document summary
line_count
1
company
diakov.net
characters_with_spaces
261
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
20224
type_literal
stream
sid
34
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8080
type_literal
stream
sid
1
name
Data
size
4746
type_literal
stream
sid
33
name
Macros/PROJECT
size
857
type_literal
stream
sid
32
name
Macros/PROJECTwm
size
311
type_literal
stream
sid
30
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
31
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
28
name
Macros/UserForm1/f
size
267
type_literal
stream
sid
29
name
Macros/UserForm1/o
size
312
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
3489
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module2
size
870
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module3
size
927
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module4
size
1105
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module5
size
1171
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Module6
size
1363
type_literal
stream
sid
15
type
macro
name
Macros/VBA/Module7
size
1093
type_literal
stream
sid
16
type
macro
name
Macros/VBA/Module8
size
981
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Module9
size
1487
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1205
type_literal
stream
sid
19
type
macro
name
Macros/VBA/UserForm1
size
1423
type_literal
stream
sid
20
name
Macros/VBA/_VBA_PROJECT
size
6247
type_literal
stream
sid
21
name
Macros/VBA/dir
size
1054
type_literal
stream
sid
18
type
macro
name
Macros/VBA/myform1
size
15230
type_literal
stream
sid
25
name
Macros/myform1/\x01CompObj
size
97
type_literal
stream
sid
26
name
Macros/myform1/\x03VBFrame
size
290
type_literal
stream
sid
23
name
Macros/myform1/f
size
273
type_literal
stream
sid
24
name
Macros/myform1/o
size
360
type_literal
stream
sid
3
name
WordDocument
size
4660
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 30 bytes
[+] Module1.bas Macros/VBA/Module1 2112 bytes
[+] Module2.bas Macros/VBA/Module2 56 bytes
[+] Module3.bas Macros/VBA/Module3 67 bytes
[+] Module4.bas Macros/VBA/Module4 103 bytes
[+] Module5.bas Macros/VBA/Module5 149 bytes
[+] Module6.bas Macros/VBA/Module6 208 bytes
[+] Module7.bas Macros/VBA/Module7 105 bytes
[+] Module8.bas Macros/VBA/Module8 69 bytes
[+] Module9.bas Macros/VBA/Module9 269 bytes
[+] myform1.frm Macros/VBA/myform1 5553 bytes
[+] UserForm1.frm Macros/VBA/UserForm1 67 bytes
run-file
ExifTool file metadata
SharedDoc
No

Author
PC

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
Title, 1

Hyperlinks
https://products.office.com/en-us/word, https://products.office.com/en-us/word

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
261

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:10:04 18:11:00

Company
diakov.net

Characters
223

CodePage
Windows Latin 1 (Western European)

RevisionNumber
3

MIMEType
application/msword

Words
39

CreateDate
2017:10:04 18:03:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 bed6c109e1ce4ec3e0673c4445b1a043
SHA1 3ab49d6e009c2b97a6f23ef97f8642d3f828e900
SHA256 0d92b1656112ed73fe98fd6c714d7959dd8ecc85759b87a6b01747a2ab0f8335
ssdeep
768:T72xgrVRrj5VsLnhpXDupzvgQf2SmhznuG5q25t0sSTrdpEpC:mxej5V0nz9hiG9cqc

File size 75.0 KB ( 76800 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: PC, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Oct 03 19:03:00 2017, Last Saved Time/Date: Tue Oct 03 19:11:00 2017, Number of Pages: 1, Number of Words: 39, Number of Characters: 223, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2017-10-04 21:45:37 UTC ( 1 year, 7 months ago )
Last submission 2018-12-13 00:35:22 UTC ( 5 months, 1 week ago )
File names 2018_12_12_23_13_25.000408
PaymentAdvice.doc
2018_12_13_00_35_21.000838
samples_05_10_2017 (11)
__substg1.0_37010102
POP3-6422e14f_15ec66bab90_-7d16.doc
PaymentAdvice_00001D33D5A8AEDE04E2FFF43F7.doc
66c28376f2ec0eac6a5d7494d86835f75ed71bab
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!