× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31b9a179451f9110863376bbc0ab529adea834edfda8eaf667d73422b76ae19a
File name: 29974723389213605574.doc
Detection ratio: 36 / 55
Analysis date: 2019-03-14 19:08:40 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31787732 20190314
AegisLab Trojan.MSOffice.SAgent.4!c 20190314
AhnLab-V3 DOC/Downloader 20190314
ALYac Trojan.GenericKD.31787732 20190314
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.nby 20190314
Arcabit Trojan.Generic.D1E50AD4 20190314
Avast Other:Malware-gen [Trj] 20190314
AVG Other:Malware-gen [Trj] 20190314
Avira (no cloud) VBA/Dldr.Agent.xosge 20190314
BitDefender Trojan.GenericKD.31787732 20190314
CAT-QuickHeal W97M.Downloader.30507 20190314
Cyren Trojan.CGXR-2 20190314
Emsisoft Trojan-Downloader.Macro.Generic.O (A) 20190314
Endgame malicious (high confidence) 20190215
ESET-NOD32 VBA/TrojanDownloader.Agent.NBY 20190314
F-Secure Malware.VBA/Dldr.Agent.xosge 20190314
Fortinet VBA/Agent.NBP!tr.dldr 20190314
GData Macro.Trojan-Downloader.Shallow.Y 20190314
Ikarus Trojan-Downloader.VBA.Agent 20190314
K7AntiVirus Trojan ( 00536d111 ) 20190314
K7GW Trojan ( 00536d111 ) 20190314
Kaspersky HEUR:Trojan.MSOffice.SAgent.gen 20190314
MAX malware (ai score=100) 20190314
McAfee RDN/Generic Downloader.x 20190314
McAfee-GW-Edition RDN/Generic Downloader.x 20190314
Microsoft TrojanDownloader:O97M/Obfuse.DR 20190314
eScan Trojan.GenericKD.31787732 20190314
Qihoo-360 Win32/Trojan.Downloader.251 20190314
Rising Downloader.Obfuse!8.105AD (TOPIS:E0:PerQXFx5ZIP) 20190314
SentinelOne (Static ML) DFI - Malicious OLE 20190311
Sophos AV Troj/DocDl-SNN 20190314
Tencent Heur.Macro.Generic.Gen.h 20190314
TrendMicro-HouseCall Trojan.W97M.POWLOAD.THCADAI 20190314
ViRobot DOC.Z.Agent.219776.B 20190314
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20190314
Zoner Probably W97Obfuscated 20190314
Acronis 20190313
Alibaba 20190306
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
ClamAV 20190314
CMC 20190314
Comodo 20190314
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
DrWeb 20190314
eGambit 20190314
Sophos ML 20190313
Jiangmin 20190314
Kingsoft 20190314
Malwarebytes 20190314
NANO-Antivirus 20190314
Palo Alto Networks (Known Signatures) 20190314
Panda 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190314
TheHacker 20190308
TotalDefense 20190314
Trapmine 20190301
Trustlook 20190314
VBA32 20190314
Yandex 20190314
Zillya 20190314
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to hide the viewer or other applications.
Summary
creation_datetime
2019-03-12 23:05:00
revision_number
1
page_count
1
last_saved
2019-03-12 23:05:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
5
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
5
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3584
type_literal
stream
sid
19
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7482
type_literal
stream
sid
1
name
Data
size
65344
type_literal
stream
sid
18
name
Macros/PROJECT
size
465
type_literal
stream
sid
17
name
Macros/PROJECTwm
size
77
type_literal
stream
sid
8
type
macro
name
Macros/VBA/I4wQDB
size
10761
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
41619
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
1347
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
110
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
436
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
187
type_literal
stream
sid
14
name
Macros/VBA/dir
size
598
type_literal
stream
sid
12
type
macro
name
Macros/VBA/iXACk1AC
size
17506
type_literal
stream
sid
11
type
macro
name
Macros/VBA/sQAoBZxA
size
45849
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] I4wQDB.cls Macros/VBA/I4wQDB 5773 bytes
[+] sQAoBZxA.bas Macros/VBA/sQAoBZxA 27164 bytes
[+] iXACk1AC.bas Macros/VBA/iXACk1AC 10301 bytes
hide-app
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
5

CreateDate
2019:03:12 22:05:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2019:03:12 22:05:00

Characters
5

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 6298af68f171747bae43b58ea74e0026
SHA1 744b4f263c9a7645341111b0281834df473357ca
SHA256 31b9a179451f9110863376bbc0ab529adea834edfda8eaf667d73422b76ae19a
ssdeep
6144:/77HUUUUUUUUUUUUUUUUUUUT52VLarFNrKApA2JPcQz:/77HUUUUUUUUUUUUUUUUUUUTCLG/eAOU

File size 214.6 KB ( 219776 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Mar 11 22:05:00 2019, Last Saved Time/Date: Mon Mar 11 22:05:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 5, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros hide-app doc

VirusTotal metadata
First submission 2019-03-12 22:53:14 UTC ( 1 month, 1 week ago )
Last submission 2019-03-12 22:53:14 UTC ( 1 month, 1 week ago )
File names 29974723389213605574.doc
US8464408008.doc
28258754403217187.doc
2508303198.doc
PAY8341818966554081.doc
NV4532144559313584521.doc
INSTR002981243844.doc
TKBN7492197611052480.doc
9210294961173.doc
11529171315728627435.doc
219738524.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!