× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
File name: SUPEE-9789.doc
Detection ratio: 34 / 60
Analysis date: 2018-02-20 00:56:27 UTC ( 5 hours, 10 minutes ago )
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.406 20180219
AegisLab Troj.Script.Agent!c 20180219
ALYac VB:Trojan.Valyria.406 20180220
Antiy-AVL Trojan[Downloader]/MSOffice.Agent 20180220
Arcabit HEUR.VBA.Trojan.e 20180219
Avast VBA:Downloader-EYG [Trj] 20180219
AVG VBA:Downloader-EYG [Trj] 20180219
Avira (no cloud) W97M/Agent.88345262 20180220
Baidu VBA.Trojan-Downloader.Agent.bjw 20180208
BitDefender VB:Trojan.Valyria.406 20180219
CAT-QuickHeal W97M.Downloader.AJX 20180219
ClamAV Doc.Downloader.Heuristic-6312759-0 20180219
Cyren W97M/Agent 20180219
Emsisoft VB:Trojan.Valyria.406 (B) 20180219
ESET-NOD32 VBA/TrojanDownloader.Agent.DDI 20180220
F-Prot New or modified W97M/Agent 20180220
F-Secure VB:Trojan.Valyria.406 20180220
Fortinet WM/Agent.DDR!tr.dldr 20180220
GData Macro.Trojan-Downloader.TeslaCrypt.AC 20180220
Ikarus Trojan-Downloader.VBA.Agent 20180219
Kaspersky HEUR:Trojan.Script.Agent.gen 20180219
MAX malware (ai score=80) 20180220
McAfee W97M/Downloader.bxx 20180220
McAfee-GW-Edition W97M/Downloader.bxx 20180219
Microsoft Trojan:O97M/Madeba.A!det 20180220
eScan VB:Trojan.Valyria.406 20180219
NANO-Antivirus Trojan.Script.Agent.epyrxh 20180219
Panda O97M/Downloader 20180219
Qihoo-360 virus.office.qexvmc.1100 20180220
Symantec W97M.Downloader 20180219
Tencent Win32.Trojan.Agent.Szky 20180220
TrendMicro-HouseCall Suspicious_GEN.F47V0217 20180219
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180219
Zoner Probably W97Obfuscated 20180219
AhnLab-V3 20180219
Alibaba 20180216
Avast-Mobile 20180219
AVware 20180219
Bkav 20180212
CMC 20180219
Comodo 20180220
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180220
DrWeb 20180220
eGambit 20180220
Endgame 20180216
Sophos ML 20180121
Jiangmin 20180219
K7AntiVirus 20180219
K7GW 20180220
Kingsoft 20180220
Malwarebytes 20180220
nProtect 20180219
Palo Alto Networks (Known Signatures) 20180220
Rising 20180220
SentinelOne (Static ML) 20180115
Sophos AV 20180219
SUPERAntiSpyware 20180219
Symantec Mobile Insight 20180220
TheHacker 20180219
TotalDefense 20180219
TrendMicro 20180220
Trustlook 20180220
VBA32 20180219
VIPRE 20180219
ViRobot 20180220
Webroot 20180220
WhiteArmor 20180205
Yandex 20180216
Zillya 20180219
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
admin
creation_datetime
2017-04-20 20:05:00
author
admin
title
info
page_count
1
last_saved
2017-04-20 20:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
94208
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7616
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7417
type_literal
stream
sid
1
name
Data
size
73453
type_literal
stream
sid
19
name
Macros/PROJECT
size
484
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module1
size
2147
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module2
size
32199
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module3
size
31957
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
1127
type_literal
stream
sid
14
name
Macros/VBA/_VBA_PROJECT
size
12400
type_literal
stream
sid
16
name
Macros/VBA/__SRP_0
size
1956
type_literal
stream
sid
17
name
Macros/VBA/__SRP_1
size
198
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
348
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
106
type_literal
stream
sid
15
name
Macros/VBA/dir
size
713
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 588 bytes
[+] Module2.bas Macros/VBA/Module2 14091 bytes
create-file create-ole handle-file open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 13779 bytes
ExifTool file metadata
SharedDoc
No

Author
admin

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:04:20 19:05:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:04:20 19:05:00

Company
home

Title
info

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
94208

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 c3d03f0eedf1b1e222130b478b3ab231
SHA1 c59897166ba1ce057ca290370af214990be9d730
SHA256 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ssdeep
3072:gTTwHo66OblnBQMFCESpcSO6iNAJWq3gouW3kVxaX:3HXRblnBvFCESpcSYouW

File size 180.0 KB ( 184320 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: info, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 19 19:05:00 2017, Last Saved Time/Date: Wed Apr 19 19:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file handle-file doc create-file run-file macros write-file create-ole

VirusTotal metadata
First submission 2017-04-21 07:30:11 UTC ( 10 months ago )
Last submission 2017-04-24 00:46:57 UTC ( 10 months ago )
File names SUPEE-9789.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!