× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c258ffcf53a2bbf22356b58f2baff72ce01f1ca3c28a8c9e6e84b2d0848f588
File name: SecureForm6.doc
Detection ratio: 3 / 60
Analysis date: 2017-12-07 12:54:13 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/MaliciousMacro.GEN 20171207
Fortinet VBA/Agent.F0EA!tr 20171207
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20171207
Ad-Aware 20171207
AegisLab 20171207
AhnLab-V3 20171207
Alibaba 20171207
ALYac 20171207
Antiy-AVL 20171207
Arcabit 20171207
Avast 20171207
Avast-Mobile 20171207
AVG 20171207
Avira (no cloud) 20171207
AVware 20171207
Baidu 20171207
BitDefender 20171207
Bkav 20171207
CAT-QuickHeal 20171206
ClamAV 20171207
CMC 20171207
Comodo 20171207
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171207
Cyren 20171207
DrWeb 20171207
eGambit 20171207
Emsisoft 20171207
Endgame 20171130
ESET-NOD32 20171207
F-Prot 20171207
GData 20171207
Ikarus 20171207
Sophos ML 20170914
Jiangmin 20171207
K7AntiVirus 20171205
K7GW 20171207
Kaspersky 20171207
Kingsoft 20171207
Malwarebytes 20171207
MAX 20171207
McAfee 20171207
McAfee-GW-Edition 20171207
Microsoft 20171207
eScan 20171207
NANO-Antivirus 20171207
nProtect 20171207
Palo Alto Networks (Known Signatures) 20171207
Panda 20171206
Qihoo-360 20171207
Rising 20171207
SentinelOne (Static ML) 20171207
Sophos AV 20171207
SUPERAntiSpyware 20171207
Symantec 20171207
Symantec Mobile Insight 20171207
Tencent 20171207
TheHacker 20171205
TotalDefense 20171207
TrendMicro 20171207
TrendMicro-HouseCall 20171207
Trustlook 20171207
VBA32 20171207
VIPRE 20171207
ViRobot 20171207
Webroot 20171207
WhiteArmor 20171204
Yandex 20171207
Zillya 20171206
Zoner 20171207
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-12-07 13:09:00
revision_number
13
author
Longer
page_count
1
last_saved
2017-12-07 11:47:00
edit_time
1200
word_count
114
template
Normal
application_name
Microsoft Office Word
character_count
650
code_page
Cyrillic
Document summary
line_count
5
company
Grizli777
characters_with_spaces
763
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
36864
type_literal
stream
sid
58
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7016
type_literal
stream
sid
1
name
Data
size
10167
type_literal
stream
sid
57
name
Macros/PROJECT
size
1517
type_literal
stream
sid
56
name
Macros/PROJECTwm
size
632
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Remarqab
size
888
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1241
type_literal
stream
sid
29
name
Macros/VBA/_VBA_PROJECT
size
7084
type_literal
stream
sid
10
type
macro
name
Macros/VBA/avoknetoloZ
size
873
type_literal
stream
sid
11
type
macro
name
Macros/VBA/bulletford
size
1048
type_literal
stream
sid
12
type
macro
name
Macros/VBA/cesaratt
size
1852
type_literal
stream
sid
13
type
macro
name
Macros/VBA/cruisemp3
size
1189
type_literal
stream
sid
30
name
Macros/VBA/dir
size
1712
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/doogierose
size
1174
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/erisdult
size
1171
type_literal
stream
sid
26
type
macro
name
Macros/VBA/ert123456
size
1717
type_literal
stream
sid
14
type
macro
name
Macros/VBA/flyntdig
size
1042
type_literal
stream
sid
15
type
macro
name
Macros/VBA/fovzdn
size
1076
type_literal
stream
sid
16
type
macro
name
Macros/VBA/gorzaram
size
870
type_literal
stream
sid
17
type
macro
name
Macros/VBA/iffgutsp
size
1476
type_literal
stream
sid
27
type
macro (only attributes)
name
Macros/VBA/jinx2003
size
1173
type_literal
stream
sid
18
type
macro
name
Macros/VBA/licdilth
size
870
type_literal
stream
sid
28
type
macro
name
Macros/VBA/mudkristi
size
1663
type_literal
stream
sid
19
type
macro
name
Macros/VBA/naykansab
size
2328
type_literal
stream
sid
9
type
macro
name
Macros/VBA/neniaylebraK
size
916
type_literal
stream
sid
20
type
macro
name
Macros/VBA/nikiwilson
size
1189
type_literal
stream
sid
22
type
macro
name
Macros/VBA/sitepedro
size
892
type_literal
stream
sid
23
type
macro
name
Macros/VBA/snaredrum
size
1894
type_literal
stream
sid
34
name
Macros/doogierose/\x01CompObj
size
97
type_literal
stream
sid
35
name
Macros/doogierose/\x03VBFrame
size
295
type_literal
stream
sid
32
name
Macros/doogierose/f
size
283
type_literal
stream
sid
33
name
Macros/doogierose/o
size
292
type_literal
stream
sid
39
name
Macros/erisdult/\x01CompObj
size
97
type_literal
stream
sid
40
name
Macros/erisdult/\x03VBFrame
size
292
type_literal
stream
sid
37
name
Macros/erisdult/f
size
239
type_literal
stream
sid
38
name
Macros/erisdult/o
size
224
type_literal
stream
sid
44
name
Macros/ert123456/\x01CompObj
size
97
type_literal
stream
sid
45
name
Macros/ert123456/\x03VBFrame
size
291
type_literal
stream
sid
42
name
Macros/ert123456/f
size
327
type_literal
stream
sid
43
name
Macros/ert123456/o
size
444
type_literal
stream
sid
49
name
Macros/jinx2003/\x01CompObj
size
97
type_literal
stream
sid
50
name
Macros/jinx2003/\x03VBFrame
size
289
type_literal
stream
sid
47
name
Macros/jinx2003/f
size
219
type_literal
stream
sid
48
name
Macros/jinx2003/o
size
260
type_literal
stream
sid
54
name
Macros/mudkristi/\x01CompObj
size
97
type_literal
stream
sid
55
name
Macros/mudkristi/\x03VBFrame
size
291
type_literal
stream
sid
52
name
Macros/mudkristi/f
size
371
type_literal
stream
sid
53
name
Macros/mudkristi/o
size
496
type_literal
stream
sid
3
name
WordDocument
size
4148
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 115 bytes
[+] neniaylebraK.bas Macros/VBA/neniaylebraK 66 bytes
[+] avoknetoloZ.bas Macros/VBA/avoknetoloZ 64 bytes
[+] bulletford.bas Macros/VBA/bulletford 132 bytes
[+] cesaratt.bas Macros/VBA/cesaratt 747 bytes
[+] cruisemp3.bas Macros/VBA/cruisemp3 204 bytes
obfuscated
[+] flyntdig.bas Macros/VBA/flyntdig 136 bytes
[+] fovzdn.bas Macros/VBA/fovzdn 179 bytes
[+] gorzaram.bas Macros/VBA/gorzaram 66 bytes
[+] iffgutsp.bas Macros/VBA/iffgutsp 477 bytes
[+] licdilth.bas Macros/VBA/licdilth 64 bytes
[+] naykansab.bas Macros/VBA/naykansab 1099 bytes
[+] nikiwilson.bas Macros/VBA/nikiwilson 274 bytes
[+] Remarqab.bas Macros/VBA/Remarqab 69 bytes
[+] sitepedro.bas Macros/VBA/sitepedro 72 bytes
[+] snaredrum.bas Macros/VBA/snaredrum 786 bytes
[+] ert123456.frm Macros/VBA/ert123456 307 bytes
[+] mudkristi.frm Macros/VBA/mudkristi 265 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1, , 1

Template
Normal

CharCountWithSpaces
763

CreateDate
2017:12:07 12:09:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:12:07 10:47:00

TitleOfParts
,

Company
Grizli777

Characters
650

CodePage
Windows Cyrillic

RevisionNumber
13

MIMEType
application/msword

Words
114

FileType
DOC

Lines
5

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
20.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 8056ae6643415e60b1b3b3aaa2618c67
SHA1 6c8da219ecb930e03f7a74dbdb2af13fef3436f2
SHA256 2c258ffcf53a2bbf22356b58f2baff72ce01f1ca3c28a8c9e6e84b2d0848f588
ssdeep
768:Fu77D3jz4y49vYaEMrTZrOSzY23mVjF/A/SlMzc1xrcJNhma7vJX30JEptpMp298:o3jz4y49JEMnJOHDLrwZEJEXuo9ODNn

File size 84.0 KB ( 86019 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Longer, Template: Normal, Last Saved By: user, Revision Number: 13, Name of Creating Application: Microsoft Office Word, Total Editing Time: 20:00, Create Time/Date: Wed Dec 06 12:09:00 2017, Last Saved Time/Date: Wed Dec 06 10:47:00 2017, Number of Pages: 1, Number of Words: 114, Number of Characters: 650, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros doc create-ole

VirusTotal metadata
First submission 2017-12-07 12:54:13 UTC ( 1 year, 3 months ago )
Last submission 2017-12-12 07:58:17 UTC ( 1 year, 3 months ago )
File names SecureForm6.doc
SecureForm6.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!