× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f3afda2b4a9f57f3e2fb655f0c612df3a1692b7f00aef9f8cde2f8d65ab41f6
File name: 0a363f2f61bc2483d8cd85722328b804.doc
Detection ratio: 29 / 60
Analysis date: 2018-08-20 23:30:41 UTC ( 1 day ago )
Antivirus Result Update
Ad-Aware Exploit.CVE-2012-1856.Gen 20180820
AegisLab Hacktool.MSWord.CVE-2012-1856.3!c 20180820
ALYac Exploit.CVE-2012-1856.Gen 20180821
Arcabit Exploit.CVE-2012-1856.Gen 20180820
Avast MO97:ShellCode-AE [Expl] 20180820
AVG MO97:ShellCode-AE [Expl] 20180820
Avira (no cloud) EXP/CVE-2012-1856 20180820
BitDefender Exploit.CVE-2012-1856.Gen 20180820
CAT-QuickHeal Exp.OLE.CVE-2012-1856.Gen 20180820
ClamAV Doc.Dropper.Agent-6373747-0 20180820
Cyren Trojan.TUEE-1 20180820
Emsisoft Exploit.CVE-2012-1856.Gen (B) 20180820
ESET-NOD32 Win32/Exploit.CVE-2012-1856.A 20180820
F-Secure Exploit.CVE-2012-1856.Gen 20180820
GData Exploit.CVE-2012-1856.Gen 20180820
Kaspersky Exploit.MSWord.CVE-2012-1856.a 20180820
MAX malware (ai score=98) 20180821
McAfee RDN/Generic Exploit 20180820
McAfee-GW-Edition RDN/Generic Exploit 20180820
eScan Exploit.CVE-2012-1856.Gen 20180820
NANO-Antivirus Trojan.Ole2.Mlw.edeczz 20180820
Qihoo-360 Win32/Trojan.Exploit.c70 20180821
Rising Exploit.CVE-2012-1856!8.4CA0 (TOPIS:DcRzrkSFV1) 20180820
Sophos AV Exp/20121856-A 20180820
Symantec Trojan.Mdropper 20180820
Tencent Word.Exploit.Cve-2012-1856.Eyg 20180821
TrendMicro HEUR_MACTX.A 20180820
TrendMicro-HouseCall Suspicious_GEN.F47V0713 20180820
ZoneAlarm by Check Point Exploit.MSWord.CVE-2012-1856.a 20180820
AhnLab-V3 20180820
Alibaba 20180713
Antiy-AVL 20180821
Avast-Mobile 20180820
AVware 20180820
Babable 20180725
Baidu 20180820
Bkav 20180820
CMC 20180817
Comodo 20180820
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180821
DrWeb 20180820
eGambit 20180821
Endgame 20180730
F-Prot 20180820
Fortinet 20180820
Ikarus 20180820
Sophos ML 20180717
Jiangmin 20180820
K7AntiVirus 20180820
K7GW 20180820
Kingsoft 20180821
Malwarebytes 20180820
Microsoft 20180820
Palo Alto Networks (Known Signatures) 20180821
Panda 20180820
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180820
Symantec Mobile Insight 20180814
TACHYON 20180820
TheHacker 20180818
TotalDefense 20180820
Trustlook 20180821
VBA32 20180820
VIPRE 20180820
ViRobot 20180820
Webroot 20180821
Yandex 20180820
Zillya 20180820
Zoner 20180820
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Summary
last_author
user
creation_datetime
2013-06-18 03:14:00
revision_number
4
author
aaa
page_count
2
last_saved
2013-06-18 03:15:00
edit_time
120
word_count
247
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1414
code_page
Latin I
Document summary
line_count
11
company
aaa
characters_with_spaces
1658
version
786432
paragraph_count
3
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14656
type_literal
stream
sid
38
name
\x01CompObj
size
121
type_literal
stream
sid
22
name
\x05DocumentSummaryInformation
size
280
type_literal
stream
sid
21
name
\x05SummaryInformation
size
408
type_literal
stream
sid
20
name
1Table
size
7476
type_literal
stream
sid
1
name
Data
size
55479
type_literal
stream
sid
36
name
Macros/PROJECT
size
435
type_literal
stream
sid
37
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
34
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
1671
type_literal
stream
sid
35
name
Macros/VBA/_VBA_PROJECT
size
2943
type_literal
stream
sid
30
name
Macros/VBA/__SRP_0
size
1608
type_literal
stream
sid
31
name
Macros/VBA/__SRP_1
size
240
type_literal
stream
sid
32
name
Macros/VBA/__SRP_2
size
796
type_literal
stream
sid
33
name
Macros/VBA/__SRP_3
size
222
type_literal
stream
sid
29
name
Macros/VBA/dir
size
812
type_literal
stream
sid
25
name
MsoDataStore/\xd7\xc5R\xddIFUCDE\xc6QDKAUS\xd7MP\xc9A==/Item
size
232
type_literal
stream
sid
26
name
MsoDataStore/\xd7\xc5R\xddIFUCDE\xc6QDKAUS\xd7MP\xc9A==/Properties
size
341
type_literal
stream
sid
18
name
ObjectPool/_1433055662/\x03OCXNAME
size
24
type_literal
stream
sid
17
name
ObjectPool/_1433055662/\x03ObjInfo
size
6
type_literal
stream
sid
19
name
ObjectPool/_1433055662/Contents
size
19339
type_literal
stream
sid
14
name
ObjectPool/_1433055663/\x03OCXNAME
size
24
type_literal
stream
sid
13
name
ObjectPool/_1433055663/\x03ObjInfo
size
6
type_literal
stream
sid
15
name
ObjectPool/_1433055663/Contents
size
215
type_literal
stream
sid
10
name
ObjectPool/_1433055664/\x03OCXNAME
size
26
type_literal
stream
sid
9
name
ObjectPool/_1433055664/\x03ObjInfo
size
6
type_literal
stream
sid
11
name
ObjectPool/_1433055664/Contents
size
3067
type_literal
stream
sid
6
name
ObjectPool/_1433055665/\x03OCXNAME
size
26
type_literal
stream
sid
5
name
ObjectPool/_1433055665/\x03ObjInfo
size
6
type_literal
stream
sid
7
name
ObjectPool/_1433055665/Contents
size
227
type_literal
stream
sid
2
name
WordDocument
size
6203
ExifTool file metadata
SharedDoc
No

Author
aaa

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1658

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2013:06:18 02:15:00

Company
aaa

HyperlinksChanged
No

Characters
1414

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
247

CreateDate
2013:06:18 02:14:00

Lines
11

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
2.0 minutes

Pages
2

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
3

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 0a363f2f61bc2483d8cd85722328b804
SHA1 c0a6817f1c1bd1f2f37eb574831fcef096b464ee
SHA256 2f3afda2b4a9f57f3e2fb655f0c612df3a1692b7f00aef9f8cde2f8d65ab41f6
ssdeep
1536:Fw2P40b+T0WJuRvKJ53qZzhTKvB14LnzRd79Dz3KEuF:KE40bU0quRvcJmVKvOzRd7kE

File size 109.5 KB ( 112128 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Author: aaa, Template: Normal.dotm, Last Saved By: user, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Mon Jun 17 02:14:00 2013, Last Saved Time/Date: Mon Jun 17 02:15:00 2013, Number of Pages: 2, Number of Words: 247, Number of Characters: 1414, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
cve-2012-1856 macros exploit doc

VirusTotal metadata
First submission 2013-07-14 09:12:45 UTC ( 5 years, 1 month ago )
Last submission 2018-05-14 23:49:51 UTC ( 3 months, 1 week ago )
File names 0a363f2f61bc2483d8cd85722328b804.doc
0a363f2f61bc2483d8cd85722328b804.c0a6817f1c1bd1f2f37eb574831fcef096b464ee
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0426.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!