× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 239778878e29a96215e6387f92d755574ac53b557ebb152e8ca08052d6a46449
File name: Document No 992958719.doc
Detection ratio: 7 / 56
Analysis date: 2016-04-20 10:31:10 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
AegisLab Macro.Troj.Downloader!c 20160420
Arcabit HEUR.VBA.Trojan.d 20160420
CAT-QuickHeal W97M.Dropper.AX 20160420
F-Secure Trojan-Downloader:W97M/Dridex.R 20160420
GData Macro.Trojan-Downloader.Agent.KF 20160420
Panda O97M/Downloader 20160419
Qihoo-360 virus.office.obfuscated.1 20160420
Ad-Aware 20160420
AhnLab-V3 20160419
Alibaba 20160420
ALYac 20160420
Antiy-AVL 20160420
Avast 20160420
AVG 20160420
Avira (no cloud) 20160420
AVware 20160420
Baidu 20160420
Baidu-International 20160419
BitDefender 20160420
Bkav 20160419
ClamAV 20160420
CMC 20160415
Comodo 20160420
Cyren 20160420
DrWeb 20160420
Emsisoft 20160420
ESET-NOD32 20160420
F-Prot 20160420
Fortinet 20160420
Ikarus 20160420
Jiangmin 20160420
K7AntiVirus 20160420
K7GW 20160420
Kaspersky 20160420
Kingsoft 20160420
Malwarebytes 20160420
McAfee 20160420
McAfee-GW-Edition 20160420
Microsoft 20160420
eScan 20160420
NANO-Antivirus 20160420
nProtect 20160420
Rising 20160420
Sophos 20160420
SUPERAntiSpyware 20160420
Symantec 20160420
Tencent 20160420
TheHacker 20160419
TrendMicro 20160420
TrendMicro-HouseCall 20160420
VBA32 20160420
VIPRE 20160420
ViRobot 20160420
Yandex 20160419
Zillya 20160420
Zoner 20160420
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2016-04-20 09:03:00
template
Normal
author
1
page_count
1
last_saved
2016-04-20 09:03:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
10432
type_literal
stream
size
114
name
\x01CompObj
sid
27
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
8028
name
1Table
sid
1
type_literal
stream
size
708
name
Macros/PROJECT
sid
20
type_literal
stream
size
191
name
Macros/PROJECTwm
sid
21
type_literal
stream
size
97
name
Macros/UserForm2/\x01CompObj
sid
25
type_literal
stream
size
255
name
Macros/UserForm2/\x03VBFrame
sid
26
type_literal
stream
size
334
name
Macros/UserForm2/f
sid
23
type_literal
stream
size
60
name
Macros/UserForm2/o
sid
24
type_literal
stream
size
6186
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
7557
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
5261
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
10847
type
macro
name
Macros/VBA/Module4
sid
11
type_literal
stream
size
10491
type
macro
name
Macros/VBA/Module6
sid
12
type_literal
stream
size
31248
type
macro
name
Macros/VBA/ThisDocument
sid
18
type_literal
stream
size
1423
type
macro (only attributes)
name
Macros/VBA/UserForm2
sid
17
type_literal
stream
size
11751
name
Macros/VBA/_VBA_PROJECT
sid
19
type_literal
stream
size
2306
name
Macros/VBA/__SRP_0
sid
13
type_literal
stream
size
488
name
Macros/VBA/__SRP_1
sid
14
type_literal
stream
size
1804
name
Macros/VBA/__SRP_2
sid
15
type_literal
stream
size
1277
name
Macros/VBA/__SRP_3
sid
16
type_literal
stream
size
962
name
Macros/VBA/dir
sid
7
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 17536 bytes
exe-pattern create-ole environ obfuscated open-file run-file
[+] Module1.bas Macros/VBA/Module1 3606 bytes
create-ole
[+] Module4.bas Macros/VBA/Module4 5032 bytes
obfuscated open-file
[+] Module2.bas Macros/VBA/Module2 3338 bytes
[+] Module3.bas Macros/VBA/Module3 2863 bytes
[+] Module6.bas Macros/VBA/Module6 2549 bytes
create-ole obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2016:04:20 08:03:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2016:04:20 08:03:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

File identification
MD5 fe79562115183bae091bec432e836d04
SHA1 bda1e47febe99880391a8c16da11ddda300859ae
SHA256 239778878e29a96215e6387f92d755574ac53b557ebb152e8ca08052d6a46449
ssdeep
3072:4Rzt2et4SH8GNFN/EjGzGLUe4lBAh011hfnzML6g9yeUjx:Kx

File size 120.0 KB ( 122880 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Apr 19 08:03:00 2016, Last Saved Time/Date: Tue Apr 19 08:03:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (38.3%)
Microsoft Excel sheet (alternate) (29.3%)
Microsoft Word document (old ver.) (22.7%)
Generic OLE2 / Multistream Compound File (9.5%)
Tags
obfuscated open-file exe-pattern doc run-file macros environ create-ole

VirusTotal metadata
First submission 2016-04-20 10:06:40 UTC ( 1 year, 2 months ago )
Last submission 2016-04-27 14:56:56 UTC ( 1 year, 2 months ago )
File names (239778878e29a96215e6387f92d755574ac53b557ebb152e8ca08052d6a46449) - Document No 995362460.doc
fe79562115183bae091bec432e836d04.virus
1.doc
Documentx2520Nox2520359867505.doc
Document No 992958719.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!