× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1621100f6132a3e077f830df789eff30c55f2ba4f10a3a82844415cd2d4e5f58
File name: OFCOM_REN04_20150715_0976659.docm
Detection ratio: 37 / 58
Analysis date: 2017-05-04 21:03:55 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware X97M.Downloader.R 20170504
AegisLab Troj.Downloader.Msword!c 20170504
AhnLab-V3 W97M/Downloader 20170504
Arcabit HEUR.VBA.Trojan.d 20170504
Avast VBA:Downloader-JN [Trj] 20170504
AVG W97M/Generic 20170504
Avira (no cloud) WM/Agent.21359 20170504
AVware LooksLike.Macro.Malware.g (v) 20170504
Baidu VBA.Trojan-Downloader.Agent.gn 20170503
BitDefender X97M.Downloader.R 20170504
CAT-QuickHeal O97M.Dropper.GO 20170504
ClamAV Doc.Dropper.Agent-1710401 20170504
Comodo UnclassifiedMalware 20170504
Cyren PP97M/Donoff 20170504
DrWeb W97M.DownLoader.541 20170504
Emsisoft X97M.Downloader.R (B) 20170504
ESET-NOD32 VBA/TrojanDownloader.Agent.ZN 20170504
F-Prot New or modified PP97M/Donoff 20170504
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170504
Fortinet WM/Agent!tr 20170504
GData Macro.Trojan-Downloader.Donoff.O 20170504
Ikarus Trojan-Downloader.VBA.Agent 20170504
Jiangmin WM/Downloader.Agent.qe 20170504
Kaspersky Trojan-Downloader.MSWord.Agent.qk 20170504
McAfee W97M/Downloader.all 20170504
McAfee-GW-Edition W97M/Downloader.all 20170504
Microsoft TrojanDownloader:O97M/Donoff 20170504
eScan X97M.Downloader.R 20170504
NANO-Antivirus Trojan.Script.PDF.eahysj 20170504
Panda W97M/Downloader 20170504
Qihoo-360 heur.macro.encodefeature.d 20170504
Sophos Troj/DocDl-WH 20170504
Symantec W97M.Downloader 20170504
Tencent Word.Trojan-downloader.Agent.Stua 20170504
TrendMicro-HouseCall W2KM_DRIDEX.SYN 20170504
ViRobot W97M.S.Downloader.49527[h] 20170504
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.qk 20170504
Alibaba 20170504
ALYac 20170504
Bkav 20170504
CMC 20170504
CrowdStrike Falcon (ML) 20170130
Endgame 20170503
Invincea 20170413
K7AntiVirus 20170504
K7GW 20170426
Kingsoft 20170504
Malwarebytes 20170504
nProtect 20170504
Palo Alto Networks (Known Signatures) 20170504
Rising 20170501
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170504
Symantec Mobile Insight 20170504
TheHacker 20170504
TotalDefense 20170504
TrendMicro 20170504
VBA32 20170504
VIPRE 20170504
Webroot 20170504
WhiteArmor 20170502
Yandex 20170504
Zillya 20170504
Zoner 20170504
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May copy a file.
May create additional files.
May attempt to create directories.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 83 bytes
[+] Module2.bas word/vbaProject.bin VBA/Module2 9990 bytes
copy-file create-file obfuscated open-file
[+] Module1.bas word/vbaProject.bin VBA/Module1 2686 bytes
copy-file
[+] Module3.bas word/vbaProject.bin VBA/Module3 23403 bytes
copy-file create-dir create-ole handle-file obfuscated open-file write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2015-08-05T06:29:00Z
dcterms:modified
2015-08-05T06:29:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
ru-ru
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2015:08:05 06:29:00Z

ZipRequiredVersion
20

ModifyDate
2015:08:05 06:29:00Z

ZipCRC
0xc1a32581

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
1

AppVersion
12.0

ZipUncompressedSize
1453

ZipCompressedSize
406

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
115062
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
Compressed bundles
File identification
MD5 5264748c7cf45e8ed33bdec693078e55
SHA1 a0c5f30426c8836c5a6076117626eede9fc7cb25
SHA256 1621100f6132a3e077f830df789eff30c55f2ba4f10a3a82844415cd2d4e5f58
ssdeep
768:M2yoAwU6fPNFVIfoyY55z85zjNbwNST/rWVPNcIGlKqs/PqQTz0bXKCtTEZQTdZ:M2swPV9t8zjNcOSPihu/paEWTf

File size 48.4 KB ( 49527 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.6%)
Word Microsoft Office Open XML Format document (24.2%)
Open Packaging Conventions container (18.0%)
ZIP compressed archive (4.1%)
Tags
obfuscated open-file create-dir handle-file copy-file create-file docx macros write-file create-ole

VirusTotal metadata
First submission 2015-08-05 07:28:00 UTC ( 1 year, 10 months ago )
Last submission 2016-09-26 01:04:05 UTC ( 9 months ago )
File names 3-OFCOM_REN04_20150715_0976659.docm
2dabdfe44e48d01e6eac6df256c65e05
68ec60f7575a86588660a5aeaff4e0bb
4ff62572f62acb908785efec0c3b8c72
1621100f6132a3e077f830df789eff30c55f2ba4f10a3a82844415cd2d4e5f58.bin
OFCOM_REN04_20150715_0976659.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!