× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292
File name: 109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292.doc
Detection ratio: 40 / 57
Analysis date: 2017-04-17 23:31:16 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Downloader.JRVD 20170417
AegisLab Troj.Downloader.MSWord.Agent.kq!c 20170417
AhnLab-V3 W97M/Downloader 20170417
ALYac Trojan.Downloader.JRVD 20170417
Antiy-AVL Trojan[Downloader]/MSWord.Agent.kq 20170417
Arcabit HEUR.VBA.Trojan.d 20170417
Avast VBA:Downloader-EE [Trj] 20170417
AVG W97M/Downloader 20170417
Avira (no cloud) W97M/Adnel.C.98 20170417
AVware LooksLike.Macro.Malware.g (v) 20170417
Baidu VBA.Trojan-Downloader.Agent.ok 20170417
BitDefender Trojan.Downloader.JRVD 20170417
CAT-QuickHeal W97M.Dropper.GE 20170417
ClamAV Doc.Macro.ObfuscatedHeuristic-5931994-0 20170417
Cyren W97M/Downloader 20170417
DrWeb W97M.DownLoader.530 20170418
Emsisoft Trojan.Downloader.JRVD (B) 20170417
ESET-NOD32 VBA/TrojanDownloader.Agent.SI 20170417
F-Prot New or modified W97M/Downloader 20170418
F-Secure Trojan-Downloader:W97M/Dridex.R 20170418
GData Macro.Trojan-Downloader.Agent.FZ 20170418
Ikarus Trojan-Downloader.VBA.Agent 20170417
Jiangmin WM/Downloader.Agent.kq 20170417
Kaspersky Trojan-Downloader.MSWord.Agent.kq 20170418
McAfee W97M/Downloader.ahh 20170418
McAfee-GW-Edition W97M/Downloader.ahh 20170417
Microsoft TrojanDownloader:O97M/Adnel 20170417
eScan Trojan.Downloader.JRVD 20170418
NANO-Antivirus Trojan.Script.Agent.dsgamf 20170416
Panda W97M/Downloader 20170417
Qihoo-360 heur.macro.download.va 20170418
Rising Heur.Macro.Downloader.e (classic) 20170417
Sophos Troj/DocDl-OT 20170417
Symantec W97M.Downloader 20170417
Tencent Win32.Trojan-downloader.Agent.Wnwn 20170418
TrendMicro W2KM_DLOADER.FLG 20170417
TrendMicro-HouseCall W2KM_DLOADER.FLG 20170417
VIPRE LooksLike.Macro.Malware.g (v) 20170417
ViRobot DOC.Z.Agent.74240.BX[h] 20170417
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.kq 20170417
Alibaba 20170417
Bkav 20170415
CMC 20170417
Comodo 20170417
CrowdStrike Falcon (ML) 20170130
Endgame 20170413
Fortinet 20170417
Invincea 20170413
K7AntiVirus 20170417
K7GW 20170417
Kingsoft 20170418
Malwarebytes 20170417
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170418
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170418
Symantec Mobile Insight 20170414
TheHacker 20170416
TotalDefense 20170417
Trustlook 20170418
VBA32 20170417
Webroot 20170418
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
Zoner 20170417
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Alex
creation_datetime
2015-05-26 07:38:00
template
Normal.dotm
author
1
page_count
1
last_saved
2015-05-26 07:38:00
edit_time
60
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
30848
type_literal
stream
size
114
name
\x01CompObj
sid
32
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
11062
name
1Table
sid
1
type_literal
stream
size
761
name
Macros/PROJECT
sid
31
type_literal
stream
size
173
name
Macros/PROJECTwm
sid
30
type_literal
stream
size
4721
type
macro
name
Macros/VBA/M11
sid
10
type_literal
stream
size
678
type
macro (only attributes)
name
Macros/VBA/M2
sid
22
type_literal
stream
size
2317
type
macro
name
Macros/VBA/M3
sid
19
type_literal
stream
size
3573
type
macro
name
Macros/VBA/M3F1
sid
21
type_literal
stream
size
3108
type
macro
name
Macros/VBA/M4F1
sid
23
type_literal
stream
size
2657
type
macro
name
Macros/VBA/Module1
sid
13
type_literal
stream
size
3699
type
macro
name
Macros/VBA/Module2
sid
16
type_literal
stream
size
2267
type
macro
name
Macros/VBA/Module3
sid
20
type_literal
stream
size
2003
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
5846
name
Macros/VBA/_VBA_PROJECT
sid
26
type_literal
stream
size
2727
name
Macros/VBA/__SRP_0
sid
28
type_literal
stream
size
298
name
Macros/VBA/__SRP_1
sid
29
type_literal
stream
size
420
name
Macros/VBA/__SRP_2
sid
8
type_literal
stream
size
149
name
Macros/VBA/__SRP_3
sid
9
type_literal
stream
size
2666
name
Macros/VBA/__SRP_4
sid
17
type_literal
stream
size
105
name
Macros/VBA/__SRP_5
sid
18
type_literal
stream
size
316
name
Macros/VBA/__SRP_6
sid
14
type_literal
stream
size
213
name
Macros/VBA/__SRP_7
sid
15
type_literal
stream
size
292
name
Macros/VBA/__SRP_8
sid
24
type_literal
stream
size
195
name
Macros/VBA/__SRP_9
sid
25
type_literal
stream
size
198
name
Macros/VBA/__SRP_a
sid
11
type_literal
stream
size
158
name
Macros/VBA/__SRP_b
sid
12
type_literal
stream
size
1026
name
Macros/VBA/dir
sid
27
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 90 bytes
[+] M11.bas Macros/VBA/M11 2360 bytes
create-file obfuscated open-file write-file
[+] Module1.bas Macros/VBA/Module1 743 bytes
create-ole
[+] Module2.bas Macros/VBA/Module2 1448 bytes
obfuscated open-file
[+] M3.bas Macros/VBA/M3 893 bytes
[+] Module3.bas Macros/VBA/Module3 824 bytes
[+] M3F1.bas Macros/VBA/M3F1 1449 bytes
[+] M4F1.bas Macros/VBA/M4F1 883 bytes
obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
Alex

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
0

CreateDate
2015:05:26 06:38:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:05:26 06:38:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1.0 minutes

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

File identification
MD5 638d92a118c46a9c415c635131d4ef19
SHA1 6d05955b0a810e9bcb9f4a03d724d83ecf48d32d
SHA256 109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292
ssdeep
768:JWJgmPbW/DvgUjzfImtUVK9TF8wFWKrPRinR4x5DclF:3mKxjjaK9T5FWq5sR4TDK

File size 72.5 KB ( 74240 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dotm, Last Saved By: Alex, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon May 25 06:38:00 2015, Last Saved Time/Date: Mon May 25 06:38:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file doc create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2015-05-26 09:01:13 UTC ( 2 years ago )
Last submission 2017-04-17 23:31:16 UTC ( 2 months, 1 week ago )
File names BlankX11.doc
e305d38fd1833d467ced8ec54760fb4b
109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292.doc
Invoice INV232654.doc
Blank 11.doc
6d8c74584924eaf0ac00abe93239b38e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!