× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c5747f46f5e368e5fc3e582200e6591f489bf7701964fbda9096f25d69e6b43
File name: 2018-10-17-downloaded-Word-doc-with-macro-for-Hancitor.doc
Detection ratio: 17 / 56
Analysis date: 2018-10-17 19:32:43 UTC ( 4 months ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/Macro.Downloader.PTA.Gen 20181017
Baidu VBA.Trojan-Downloader.Agent.ddl 20181017
CAT-QuickHeal Exp.OLE.Drop.Gen 20181013
Endgame malicious (high confidence) 20180730
F-Secure Trojan:W97M/Nastjencro.A 20181017
Ikarus possible-Threat.Embedded.ExeInOffice 20181017
Kaspersky HEUR:Trojan.Script.Generic 20181017
McAfee-GW-Edition BehavesLike.Downloader.cg 20181017
Microsoft Trojan:O97M/Sonbokli.A!cl 20181017
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181017
Qihoo-360 virus.office.qexvmc.1080 20181017
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/DocDrp-FD 20181017
Symantec W97M.Downloader 20181017
TACHYON Unknown/W97.NS.Gen 20181017
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181017
Zoner Probably W97Shell 20181017
Ad-Aware 20181017
AegisLab 20181017
AhnLab-V3 20181017
Alibaba 20180921
ALYac 20181017
Antiy-AVL 20181017
Arcabit 20181017
Avast 20181017
Avast-Mobile 20181017
AVG 20181017
Babable 20180918
BitDefender 20181017
Bkav 20181017
ClamAV 20181017
CMC 20181017
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181017
Cyren 20181017
DrWeb 20181017
eGambit 20181017
Emsisoft 20181017
ESET-NOD32 20181017
F-Prot 20181017
Fortinet 20181017
GData 20181017
Sophos ML 20180717
Jiangmin 20181017
K7AntiVirus 20181017
K7GW 20181017
Kingsoft 20181017
Malwarebytes 20181017
MAX 20181017
McAfee 20181017
eScan 20181017
Palo Alto Networks (Known Signatures) 20181017
Panda 20181017
Rising 20181017
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
Tencent 20181017
TheHacker 20181015
TrendMicro-HouseCall 20181017
Trustlook 20181017
VBA32 20181017
ViRobot 20181017
Webroot 20181017
Yandex 20181017
Zillya 20181017
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May copy a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
Admin
creation_datetime
2018-10-17 12:25:00
author
444555
title
page_count
1
last_saved
2018-10-17 12:25:00
word_count
3
revision_number
2
application_name
Microsoft Office Word
character_count
20
code_page
Latin I
template
Normal.dotm
Document summary
line_count
1
characters_with_spaces
22
version
983040
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
25408
type_literal
stream
sid
52
name
\x01CompObj
size
114
type_literal
stream
sid
11
name
\x05DocumentSummaryInformation
size
320
type_literal
stream
sid
10
name
\x05SummaryInformation
size
412
type_literal
stream
sid
9
name
1Table
size
11921
type_literal
stream
sid
1
name
Data
size
63929
type_literal
stream
sid
51
name
Macros/PROJECT
size
992
type_literal
stream
sid
50
name
Macros/PROJECTwm
size
266
type_literal
stream
sid
33
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
34
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
31
name
Macros/UserForm1/f
size
110
type_literal
stream
sid
32
name
Macros/UserForm1/o
size
60
type_literal
stream
sid
43
name
Macros/UserForm2/\x01CompObj
size
97
type_literal
stream
sid
44
name
Macros/UserForm2/\x03VBFrame
size
292
type_literal
stream
sid
41
name
Macros/UserForm2/f
size
110
type_literal
stream
sid
42
name
Macros/UserForm2/o
size
60
type_literal
stream
sid
38
name
Macros/UserForm3/\x01CompObj
size
97
type_literal
stream
sid
39
name
Macros/UserForm3/\x03VBFrame
size
292
type_literal
stream
sid
36
name
Macros/UserForm3/f
size
110
type_literal
stream
sid
37
name
Macros/UserForm3/o
size
488
type_literal
stream
sid
48
name
Macros/UserForm4/\x01CompObj
size
97
type_literal
stream
sid
49
name
Macros/UserForm4/\x03VBFrame
size
292
type_literal
stream
sid
46
name
Macros/UserForm4/f
size
110
type_literal
stream
sid
47
name
Macros/UserForm4/o
size
64
type_literal
stream
sid
21
type
macro (only attributes)
name
Macros/VBA/Aaaaaa
size
672
type_literal
stream
sid
18
type
macro
name
Macros/VBA/ThisDocument
size
3271
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/UserForm1
size
1159
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/UserForm2
size
1160
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/UserForm3
size
1159
type_literal
stream
sid
27
type
macro (only attributes)
name
Macros/VBA/UserForm4
size
1160
type_literal
stream
sid
28
name
Macros/VBA/_VBA_PROJECT
size
5407
type_literal
stream
sid
19
type
macro
name
Macros/VBA/bbbbbbb
size
956
type_literal
stream
sid
22
type
macro
name
Macros/VBA/cccccc
size
2389
type_literal
stream
sid
25
type
macro
name
Macros/VBA/ddddd
size
2528
type_literal
stream
sid
29
name
Macros/VBA/dir
size
1162
type_literal
stream
sid
20
type
macro
name
Macros/VBA/eeeeee
size
5146
type_literal
stream
sid
14
name
MsoDataStore/\xc2Q\xd6\xdeN\xc2\xc9\xd0\xd0\xd40\xdd5\xd4\xd2Q\xd0\xdcF\xca\xdf\xc0==/Item
size
252
type_literal
stream
sid
15
name
MsoDataStore/\xc2Q\xd6\xdeN\xc2\xc9\xd0\xd0\xd40\xdd5\xd4\xd2Q\xd0\xdcF\xca\xdf\xc0==/Properties
size
341
type_literal
stream
sid
6
name
ObjectPool/_1601254696/\x01CompObj
size
76
type_literal
stream
sid
8
name
ObjectPool/_1601254696/\x01Ole10Native
size
61168
type_literal
stream
sid
5
name
ObjectPool/_1601254696/\x03EPRINT
size
3212
type_literal
stream
sid
7
name
ObjectPool/_1601254696/\x03ObjInfo
size
6
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1072 bytes
[+] bbbbbbb.bas Macros/VBA/bbbbbbb 125 bytes
[+] eeeeee.bas Macros/VBA/eeeeee 2270 bytes
exe-pattern create-ole environ open-file run-file write-file
[+] cccccc.bas Macros/VBA/cccccc 678 bytes
copy-file create-ole environ
[+] ddddd.bas Macros/VBA/ddddd 712 bytes
copy-file create-ole environ
ExifTool file metadata
SharedDoc
No

Author
444555

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Admin

HeadingPairs
Title, 1, , 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
22

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:10:17 11:25:00

TitleOfParts
,

Characters
20

CodePage
Unicode (UTF-8)

RevisionNumber
2

MIMEType
application/msword

Words
3

CreateDate
2018:10:17 11:25:00

Lines
1

AppVersion
15.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 8359e029989b712bfd33b6b82d36ab46
SHA1 324007bcd4632e35485c4565bc0c231e0c499017
SHA256 2c5747f46f5e368e5fc3e582200e6591f489bf7701964fbda9096f25d69e6b43
ssdeep
3072:oLb2VblJuJ9mLlGyy97xhD6iBMJZ+jHL+/IkD0KFESz0cQ9PIvYxBqa3T27uiluS:oL9nmlGyy7bMvn/ITGESzC9A6Bqa3C7o

File size 185.5 KB ( 189952 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: 444555, Template: Normal.dotm, Last Saved By: Admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Oct 16 11:25:00 2018, Last Saved Time/Date: Tue Oct 16 11:25:00 2018, Number of Pages: 1, Number of Words: 3, Number of Characters: 20, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file exe-pattern doc copy-file run-file macros environ write-file create-ole

VirusTotal metadata
First submission 2018-10-17 14:30:57 UTC ( 4 months ago )
Last submission 2018-10-17 17:39:49 UTC ( 4 months ago )
File names invoice_968627.doc
invoice_761330.doc
invoice_510584.doc
invoice_644591.doc
invoice_816375.doc
invoice_923977.doc
invoice_902779.doc
invoice_487941.doc
invoice_230403.doc
invoice_658088.doc
invoice_874515.doc
invoice_465700.doc
invoice_298908.doc
invoice_781280.doc
invoice_943821.doc
invoice_329561.doc
invoice_135980.doc
invoice_434014.doc
invoice_143586.doc
invoice_636333.doc
invoice_871783.doc
invoice_891649.doc
invoice_690833.doc
invoice_883378.doc
invoice_250091.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!