× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1499e4c2e5d525de5a0d8c012ec843d244e3ed99e7b3b438e3a86afee606bc17
File name: Q7FX9ZH.doc
Detection ratio: 2 / 54
Analysis date: 2016-02-17 08:57:43 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20160217
Qihoo-360 virus.macos.gen.33 20160217
Ad-Aware 20160217
AegisLab 20160217
Yandex 20160216
AhnLab-V3 20160216
Alibaba 20160217
ALYac 20160217
Antiy-AVL 20160217
Avast 20160217
AVG 20160217
Avira (no cloud) 20160217
Baidu-International 20160216
BitDefender 20160217
Bkav 20160215
ByteHero 20160217
CAT-QuickHeal 20160216
ClamAV 20160217
CMC 20160216
Comodo 20160217
Cyren 20160217
DrWeb 20160217
Emsisoft 20160217
ESET-NOD32 20160217
F-Prot 20160217
F-Secure 20160217
Fortinet 20160217
GData 20160217
Ikarus 20160217
Jiangmin 20160217
K7AntiVirus 20160217
K7GW 20160217
Kaspersky 20160217
Malwarebytes 20160217
McAfee 20160217
McAfee-GW-Edition 20160217
Microsoft 20160216
eScan 20160217
NANO-Antivirus 20160217
nProtect 20160216
Panda 20160216
Rising 20160216
Sophos AV 20160217
SUPERAntiSpyware 20160217
Symantec 20160216
Tencent 20160217
TheHacker 20160217
TrendMicro 20160217
TrendMicro-HouseCall 20160217
VBA32 20160216
VIPRE 20160217
ViRobot 20160217
Zillya 20160217
Zoner 20160217
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
Summary
last_author
m5vKu7O
creation_datetime
2016-02-16 08:29:00
revision_number
3
author
yc4D6ra
page_count
1
last_saved
2016-02-16 17:46:00
edit_time
120
word_count
2690
template
Normal.dotm
application_name
Microsoft Office Word
character_count
15335
code_page
Latin I
Document summary
line_count
127
company
gdz5zb0XZYa
characters_with_spaces
17990
version
983040
paragraph_count
35
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1920
type_literal
stream
sid
13
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
292
type_literal
stream
sid
4
name
\x05SummaryInformation
size
412
type_literal
stream
sid
2
name
1Table
size
7377
type_literal
stream
sid
1
name
Data
size
64242
type_literal
stream
sid
11
name
Macros/PROJECT
size
372
type_literal
stream
sid
12
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
9
type
macro
name
Macros/VBA/ThisDocument
size
122957
type_literal
stream
sid
10
name
Macros/VBA/_VBA_PROJECT
size
7873
type_literal
stream
sid
8
name
Macros/VBA/dir
size
522
type_literal
stream
sid
3
name
WordDocument
size
21550
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 70036 bytes
obfuscated run-file send-keys
ExifTool file metadata
SharedDoc
No

Author
yc4D6ra

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
m5vKu7O

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
17990

CreateDate
2016:02:16 07:29:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2016:02:16 16:46:00

Company
gdz5zb0XZYa

HyperlinksChanged
No

Characters
15335

ScaleCrop
No

RevisionNumber
3

MIMEType
application/msword

Words
2690

FileType
DOC

Lines
127

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
2.0 minutes

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
35

Compressed bundles
File identification
MD5 cea9edc5cd5450ba845c1cf929d35eea
SHA1 d471a5e6f8ed8817c46e49b508a79dfdac64dd26
SHA256 1499e4c2e5d525de5a0d8c012ec843d244e3ed99e7b3b438e3a86afee606bc17
ssdeep
3072:6yVJCqDd0M/eDaDlYNKmLLWsjk2Tk4i8ZXnybw2ce0ZPTeLvbA:fVJp9YSjMLRjk2Tk4i8tybPcdPI

File size 235.5 KB ( 241152 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: yc4D6ra, Template: Normal.dotm, Last Saved By: m5vKu7O, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Mon Feb 15 07:29:00 2016, Last Saved Time/Date: Mon Feb 15 16:46:00 2016, Number of Pages: 1, Number of Words: 2690, Number of Characters: 15335, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file send-keys doc

VirusTotal metadata
First submission 2016-02-17 08:57:43 UTC ( 3 years, 3 months ago )
Last submission 2016-02-18 05:59:02 UTC ( 3 years, 3 months ago )
File names localfile~
Q7FX9ZH.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!