× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ae3b428d3634fd46e2fd8c1a4b66dfa02853ef95507a0b7cfcb5f9a929dd8d6
File name: Customer statement.doc
Detection ratio: 44 / 57
Analysis date: 2017-03-23 04:53:54 UTC ( 5 hours, 34 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.Doc.Downloader.IW 20170323
AegisLab Troj.Downloader.Vbs.Agent!c 20170323
AhnLab-V3 W97M/Downloader 20170323
ALYac Trojan.Downloader.W97M.Gen 20170323
Antiy-AVL Trojan[Downloader]/VBS.Agent.bcm 20170323
Arcabit HEUR.VBA.Trojan.d 20170323
Avast VBA:Downloader-AIK [Trj] 20170323
AVG W97M/Generic 20170323
Avira (no cloud) WM/Agent.abn 20170322
AVware LooksLike.Macro.Malware.n (v) 20170323
Baidu VBA.Trojan-Downloader.Agent.vr 20170323
BitDefender Trojan.Doc.Downloader.IW 20170323
CAT-QuickHeal W97M.Dropper.SO 20170322
ClamAV Doc.Dropper.Agent-1410071 20170323
Comodo TrojWare.MSWord.VBAgent.~I 20170322
Cyren W97M/Downloader.DX 20170323
DrWeb W97M.DownLoader.827 20170323
Emsisoft Trojan.Doc.Downloader.IW (B) 20170323
ESET-NOD32 VBA/TrojanDownloader.Agent.API 20170323
F-Prot W97M/Downloader.DX 20170323
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170323
Fortinet WM/TrojanDownloader.210C!tr 20170323
GData Macro.Trojan-Downloader.Agent.LV 20170323
Ikarus Trojan-Downloader.VBA.Agent 20170322
K7AntiVirus Trojan ( 0001140e1 ) 20170323
K7GW Trojan ( 0001140e1 ) 20170323
Kaspersky Trojan-Downloader.VBS.Agent.bcm 20170323
McAfee Generic.ye 20170323
McAfee-GW-Edition Generic.ye 20170323
Microsoft TrojanDownloader:O97M/Donoff 20170323
eScan Trojan.Doc.Downloader.IW 20170323
NANO-Antivirus Trojan.Ole2.Donoff.efguww 20170323
nProtect Trojan-Downloader/W97M.Bronco 20170323
Panda Trj/WLT.B 20170322
Sophos Troj/DocDl-AYI 20170323
Symantec W97M.Downloader 20170322
Tencent Win32.Trojan-downloader.Agent.Pefy 20170323
TrendMicro W2KM_DRIDEX.SMX3 20170323
TrendMicro-HouseCall W2KM_DRIDEX.SMX3 20170323
VIPRE LooksLike.Macro.Malware.n (v) 20170323
ViRobot W97M.S.Downloader.48128[h] 20170323
Yandex Exploit.Agent.Gen.AGZ 20170321
ZoneAlarm by Check Point Trojan-Downloader.VBS.Agent.bcm 20170323
Zoner Trojan.Agent 20170323
Alibaba 20170323
Bkav 20170322
CMC 20170317
CrowdStrike Falcon (ML) 20170130
Endgame 20170317
Invincea 20170203
Jiangmin 20170323
Kingsoft 20170323
Malwarebytes 20170323
Palo Alto Networks (Known Signatures) 20170323
Qihoo-360 20170323
Rising 20170322
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170323
Symantec Mobile Insight 20170322
TheHacker 20170321
TotalDefense 20170323
Trustlook 20170323
VBA32 20170322
Webroot 20170323
WhiteArmor 20170315
Zillya 20170322
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
User
creation_datetime
2014-09-03 18:55:00
author
Adder
title
Title
page_count
1
last_saved
2016-01-21 10:40:00
edit_time
175380
word_count
67
revision_number
759
application_name
Microsoft Office Word
character_count
387
code_page
Cyrillic
template
Normal.dot
Document summary
byte_count
60416
company
Nsoft
characters_with_spaces
453
line_count
3
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7296
type_literal
stream
size
113
name
\x01CompObj
sid
20
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
6958
name
1Table
sid
1
type_literal
stream
size
548
name
Macros/PROJECT
sid
19
type_literal
stream
size
74
name
Macros/PROJECTwm
sid
18
type_literal
stream
size
97
name
Macros/Tower/\x01CompObj
sid
16
type_literal
stream
size
282
name
Macros/Tower/\x03VBFrame
sid
17
type_literal
stream
size
199
name
Macros/Tower/f
sid
14
type_literal
stream
size
164
name
Macros/Tower/o
sid
15
type_literal
stream
size
4245
type
macro
name
Macros/VBA/Main
sid
7
type_literal
stream
size
1155
type
macro (only attributes)
name
Macros/VBA/Tower
sid
10
type_literal
stream
size
4989
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
4267
type
macro
name
Macros/VBA/bronco
sid
8
type_literal
stream
size
989
name
Macros/VBA/dir
sid
12
type_literal
stream
size
3288
type
macro
name
Macros/VBA/venus
sid
9
type_literal
stream
size
5684
name
WordDocument
sid
2
Macros and VBA code streams
[+] Main.cls Macros/VBA/Main 1386 bytes
exe-pattern create-ole obfuscated run-file
[+] bronco.bas Macros/VBA/bronco 1824 bytes
create-ole obfuscated open-file
[+] venus.bas Macros/VBA/venus 1190 bytes
create-ole obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
Adder

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
User

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
453

CreateDate
2014:09:03 17:55:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:01:21 09:40:00

TitleOfParts
Title

Company
Nsoft

Title
Title

HyperlinksChanged
No

Characters
387

ScaleCrop
No

RevisionNumber
759

MIMEType
application/msword

Words
67

Lines
3

FileType
DOC

Bytes
60416

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
2.0 days

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 4f22d820263514b7e5dc3f7014f6fb9a
SHA1 aa2316504b3e4bc4bf5e77b2a5273f6fb9f191a7
SHA256 1ae3b428d3634fd46e2fd8c1a4b66dfa02853ef95507a0b7cfcb5f9a929dd8d6
ssdeep
384:AT04G44mPMYn4efrbQBnY+CBFPb/U6PJC/5CxmQttYq9DvpX0j+LmVqqlg:Iz4eTEBYjPzU6PJC/MxtBQzl

File size 47.0 KB ( 48128 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Title: Title, Author: Adder, Template: Normal.dot, Last Saved By: User, Revision Number: 759, Name of Creating Application: Microsoft Office Word, Total Editing Time: 2d+00:43:00, Create Time/Date: Tue Sep 02 17:55:00 2014, Last Saved Time/Date: Wed Jan 20 09:40:00 2016, Number of Pages: 1, Number of Words: 67, Number of Characters: 387, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated run-file exe-pattern doc open-file macros attachment via-tor create-ole

VirusTotal metadata
First submission 2016-01-21 10:21:02 UTC ( 1 year, 2 months ago )
Last submission 2016-06-21 02:08:36 UTC ( 9 months ago )
File names 270f60ea4d4b8873c2b309f619708da8
Invoice_316103_Jul_2013.doc
6d9baceb04053ce7cce4a6fd6bbc6d2f
Customer statement.doc
4f22d820263514b7e5dc3f7014f6fb9a
aa2316504b3e4bc4bf5e77b2a5273f6fb9f191a7.doc
Customer statement_.doc
Invoice_316103_Jul_2013.doc
Malware-Sample-Statement.doc
__substg1.0_37010102
Customer_statement.doc
Virus_Customer statement.doc
Invoice_316103_Jul_2013.doc
Invoice_316103_Jul_2013.do_
e5a0f175220f35b97fa29eafe1017b9c
Customer statement (2).doc
57adc1785b56012221bd8b49df928542
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!