× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2389ecc421ef80711344174f11f07cd68502ea1723630d46c014640156bc04bd
File name: 115403772_11_07_2017_14_87_41.doc
Detection ratio: 11 / 60
Analysis date: 2017-11-07 10:01:02 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Winlnk.Agent!c 20171107
DrWeb PowerShell.DownLoader.457 20171107
Fortinet LNK/Agent.EDF!tr.dldr 20171107
K7AntiVirus Trojan ( 0051ac931 ) 20171107
K7GW Trojan ( 0051ac931 ) 20171107
Kaspersky HEUR:Trojan.WinLNK.Agent.gen 20171107
McAfee Downloader-FBQI!996C204180EE 20171107
McAfee-GW-Edition Downloader-FBQI!996C204180EE 20171107
Sophos AV Mal/DocLnk-B 20171107
ZoneAlarm by Check Point HEUR:Trojan.WinLNK.Agent.gen 20171107
Zoner Probably LNKScript 20171107
Ad-Aware 20171107
AhnLab-V3 20171106
Alibaba 20170911
ALYac 20171107
Antiy-AVL 20171103
Arcabit 20171107
Avast 20171107
Avast-Mobile 20171107
AVG 20171107
Avira (no cloud) 20171107
AVware 20171106
Baidu 20171107
BitDefender 20171107
Bkav 20171107
CAT-QuickHeal 20171107
ClamAV 20171106
CMC 20171104
Comodo 20171106
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171107
Cyren 20171107
eGambit 20171107
Emsisoft 20171107
Endgame 20171024
ESET-NOD32 20171107
F-Prot 20171107
F-Secure 20171107
GData 20171107
Ikarus 20171106
Sophos ML 20170914
Jiangmin 20171107
Kingsoft 20171107
Malwarebytes 20171107
MAX 20171107
Microsoft 20171106
eScan 20171107
NANO-Antivirus 20171107
nProtect 20171107
Palo Alto Networks (Known Signatures) 20171107
Panda 20171106
Qihoo-360 20171107
Rising 20171107
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171107
Symantec 20171107
Symantec Mobile Insight 20171107
Tencent 20171107
TheHacker 20171102
TrendMicro 20171107
TrendMicro-HouseCall 20171107
Trustlook 20171107
VBA32 20171104
VIPRE 20171107
ViRobot 20171107
Webroot 20171107
WhiteArmor 20171104
Yandex 20171102
Zillya 20171106
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Content types
bin
rels
emf
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
alex
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2017-11-07T08:06:00Z
dcterms:modified
2017-11-07T08:06:00Z
Application document properties
Template
Normal.dotm
TotalTime
1
Pages
1
Words
3
Characters
19
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
21
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
3
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2017:11:07 08:06:00Z

ZipCRC
0x1fcfe670

Words
3

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.openxmlformats-officedocument.wordprocessingml.document

ZipBitFlag
0x0006

CreateDate
2017:11:07 08:06:00Z

Lines
1

AppVersion
16.0

ZipUncompressedSize
1510

ZipCompressedSize
380

Characters
19

CharactersWithSpaces
21

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCX

Application
Microsoft Office Word

TotalEditTime
1 minute

ZipCompression
Deflated

Pages
1

Creator
alex

FileTypeExtension
docx

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
193232
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
9
bin
1
emf
1
png
1
Contained files by type
XML
11
unknown
1
Microsoft Office
1
PNG
1
File identification
MD5 f9b75f625dcd38a9400563c8c0d574ae
SHA1 838487729811f69cd6bd0a6f068a4635a3c80522
SHA256 2389ecc421ef80711344174f11f07cd68502ea1723630d46c014640156bc04bd
ssdeep
3072:cLp89WQaj/8GvJ9r8KSbQtcHmccH84+xJCZaarRmlbVG24i:cLpIWBvJ9A46miJCZJgZ14i

File size 144.6 KB ( 148065 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (51.0%)
Open Packaging Conventions container (38.0%)
ZIP compressed archive (8.6%)
PrintFox/Pagefox bitmap (var. P) (2.1%)
Tags
docx cve-2017-8464 attachment exploit

VirusTotal metadata
First submission 2017-11-07 09:43:23 UTC ( 1 year, 2 months ago )
Last submission 2018-05-09 12:30:35 UTC ( 8 months, 1 week ago )
File names 812198940_11_07_2017_19_12_99.doc
978287744_11_07_2017_56_86_04.doc
120362450_11_07_2017_06_55_82.doc
922487079_11_07_2017_67_03_94.doc
495730315_11_07_2017_60_09_62.doc
071202242_11_07_2017_17_62_31.doc
154080762_11_07_2017_44_66_82.doc
615296217_11_07_2017_56_57_06.doc
562133464_11_07_2017_05_32_38.doc
465672082_11_07_2017_08_32_95.doc
705006077_11_07_2017_51_74_01.doc
115403772_11_07_2017_14_87_41.doc
115403772_11_07_2017_14_87_41.doc
476453589_11_07_2017_33_54_99.doc
e921b3f44ff88816cca555525f2feb0c179aaabf
762577027_11_07_2017_03_65_21.doc
1 stage mawlare downloader DOC
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!