× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10841585f9856262b8fa5fdeab9ff5ae3adab09a73af00c3fbc772bb96028275
File name: IRN001549_60020918_I_01_01.doc
Detection ratio: 0 / 57
Analysis date: 2015-02-24 09:34:42 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150224
AegisLab 20150224
Yandex 20150223
AhnLab-V3 20150224
Alibaba 20150224
ALYac 20150224
Antiy-AVL 20150224
Avast 20150224
AVG 20150224
Avira (no cloud) 20150224
AVware 20150224
Baidu-International 20150224
BitDefender 20150224
Bkav 20150213
ByteHero 20150224
CAT-QuickHeal 20150224
ClamAV 20150224
CMC 20150223
Comodo 20150224
Cyren 20150224
DrWeb 20150224
Emsisoft 20150224
ESET-NOD32 20150224
F-Prot 20150224
F-Secure 20150224
Fortinet 20150224
GData 20150224
Ikarus 20150224
Jiangmin 20150223
K7AntiVirus 20150224
K7GW 20150224
Kaspersky 20150224
Kingsoft 20150224
Malwarebytes 20150224
McAfee 20150224
McAfee-GW-Edition 20150224
Microsoft 20150224
eScan 20150224
NANO-Antivirus 20150224
Norman 20150224
nProtect 20150223
Panda 20150224
Qihoo-360 20150224
Rising 20150223
Sophos AV 20150224
SUPERAntiSpyware 20150224
Symantec 20150224
Tencent 20150224
TheHacker 20150222
TotalDefense 20150223
TrendMicro 20150224
TrendMicro-HouseCall 20150224
VBA32 20150220
VIPRE 20150224
ViRobot 20150224
Zillya 20150223
Zoner 20150223
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-01-20 11:08:00
revision_number
5
author
1
page_count
1
last_saved
2015-01-20 11:11:00
edit_time
120
template
Normal.dot
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
46976
type_literal
stream
sid
35
name
\x01CompObj
size
113
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
5860
type_literal
stream
sid
34
name
Macros/PROJECT
size
1107
type_literal
stream
sid
33
name
Macros/PROJECTwm
size
437
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Class1
size
3406
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Class2
size
2346
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Class3
size
3228
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Class4
size
2442
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Class5
size
2595
type_literal
stream
sid
15
type
macro
name
Macros/VBA/Class6
size
2594
type_literal
stream
sid
16
type
macro
name
Macros/VBA/Module1
size
2112
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/Module10
size
685
type_literal
stream
sid
26
type
macro
name
Macros/VBA/Module11
size
12578
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Module2
size
2902
type_literal
stream
sid
18
type
macro
name
Macros/VBA/Module3
size
1962
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Module4
size
1970
type_literal
stream
sid
20
type
macro (only attributes)
name
Macros/VBA/Module5
size
698
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Module6
size
2807
type_literal
stream
sid
22
type
macro
name
Macros/VBA/Module7
size
2427
type_literal
stream
sid
23
type
macro
name
Macros/VBA/Module8
size
2662
type_literal
stream
sid
24
type
macro
name
Macros/VBA/Module9
size
1966
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1515
type_literal
stream
sid
29
name
Macros/VBA/_VBA_PROJECT
size
8539
type_literal
stream
sid
31
name
Macros/VBA/__SRP_0
size
2425
type_literal
stream
sid
32
name
Macros/VBA/__SRP_1
size
292
type_literal
stream
sid
8
name
Macros/VBA/__SRP_2
size
284
type_literal
stream
sid
9
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
27
name
Macros/VBA/__SRP_4
size
1970
type_literal
stream
sid
28
name
Macros/VBA/__SRP_5
size
286
type_literal
stream
sid
30
name
Macros/VBA/dir
size
975
type_literal
stream
sid
2
name
WordDocument
size
4142
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 25 bytes
[+] Class1.cls Macros/VBA/Class1 594 bytes
[+] Class2.cls Macros/VBA/Class2 324 bytes
[+] Class3.cls Macros/VBA/Class3 537 bytes
[+] Class4.cls Macros/VBA/Class4 375 bytes
[+] Class5.cls Macros/VBA/Class5 394 bytes
[+] Class6.cls Macros/VBA/Class6 390 bytes
[+] Module1.bas Macros/VBA/Module1 382 bytes
[+] Module2.bas Macros/VBA/Module2 655 bytes
[+] Module3.bas Macros/VBA/Module3 339 bytes
[+] Module4.bas Macros/VBA/Module4 354 bytes
[+] Module6.bas Macros/VBA/Module6 565 bytes
[+] Module7.bas Macros/VBA/Module7 493 bytes
[+] Module8.bas Macros/VBA/Module8 573 bytes
[+] Module9.bas Macros/VBA/Module9 326 bytes
[+] Module11.bas Macros/VBA/Module11 3489 bytes
download environ obfuscated run-dll run-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:01:20 10:08:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:01:20 10:11:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
5

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
2.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 f3c3fbeed637cccc7549636b7e0f7cdb
SHA1 51fbe45ef0c612b2f864e97faeaad89701985fcc
SHA256 10841585f9856262b8fa5fdeab9ff5ae3adab09a73af00c3fbc772bb96028275
ssdeep
768:OkHAMKx2wBg+aGe5mXnzwdIwldwBnVnbwdbsLtOHp/Y9878hayRD:OkHAGwHIuwjCBnhmstz1d

File size 94.5 KB ( 96768 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 5, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Mon Jan 19 10:08:00 2015, Last Saved Time/Date: Mon Jan 19 10:11:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated run-file doc macros run-dll environ attachment download

VirusTotal metadata
First submission 2015-02-24 09:03:18 UTC ( 2 years, 9 months ago )
Last submission 2016-07-21 07:35:13 UTC ( 1 year, 4 months ago )
File names b4d8777ba0d0d8e32c6c31f6fadf6c62
suspect.xls
63831ff760b9dca50608a8fe71c2b8c6
79c9e3f62fce8a0bc3a65739cfc4f544
SCAN_20150224_100752437.doc
400693c37f549e39e35e700c63c3c654
f306d00b397350ef655d374421454e7d
roexport.doc
cd86bce274ca635c67b58c181a6b86b9
7a87966103ebf1239dff2422d0f86035
IRN001549_60020918_I_01_01.doc
VIRUS.doc1
IRN001549_60020918_I_01_01.doc
attachment(1).doc
0357541959c644234e6af61d3b2492ea
91bab4f1e1489f2f6737697e0a1226e8
582b266bddd189eb6765a8fbe5b9b73d
fd04bcc54d83e0001dbbd289ed3ebd0c
aea9cf44a3885e716e58a57d3b38c2a5
088e16abdc66bdb51e735f6d58930a64
29b5c5c4c402d7082b7589699e74b534
IRN001549_60020918_I_01_01.doc
3a96173cadb47e133318a901cb8eeb10
9e662c2bd3fda18ab8465ebfe1a38fb1
1ce7f3767eed661174d7f590535cd12a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!