× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981
File name: VargheseJ.doc
Detection ratio: 15 / 54
Analysis date: 2017-03-02 18:39:41 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.68 20170302
Arcabit VB:Trojan.Valyria.68 20170302
Avast VBA:Downloader-BVC [Trj] 20170302
BitDefender VB:Trojan.Valyria.68 20170302
ClamAV Win.Trojan.PowerShell-9 20170302
Cyren Trojan.ORJM-5 20170302
Emsisoft VB:Trojan.Valyria.68 (B) 20170302
ESET-NOD32 PowerShell/TrojanDownloader.Agent.AP 20170302
F-Secure VB:Trojan.Valyria.68 20170302
Fortinet WM/Agent.AP!tr 20170302
GData VB:Trojan.Valyria.68 20170302
eScan VB:Trojan.Valyria.68 20170302
Qihoo-360 heur.macro.powershell.c 20170302
Rising Macro.Powershell.b (classic) 20170302
Symantec Trojan.Gen.2 20170302
AegisLab 20170302
AhnLab-V3 20170302
Alibaba 20170228
Antiy-AVL 20170302
AVG 20170302
Avira (no cloud) 20170302
AVware 20170302
Baidu 20170302
Bkav 20170302
CAT-QuickHeal 20170302
CMC 20170302
Comodo 20170302
CrowdStrike Falcon (ML) 20170130
DrWeb 20170302
Endgame 20170222
F-Prot 20170302
Sophos ML 20170203
Jiangmin 20170301
K7AntiVirus 20170302
K7GW 20170302
Kaspersky 20170302
Kingsoft 20170302
Malwarebytes 20170302
McAfee 20170302
McAfee-GW-Edition 20170302
Microsoft 20170302
NANO-Antivirus 20170302
nProtect 20170302
Panda 20170302
Sophos AV 20170302
SUPERAntiSpyware 20170302
Tencent 20170302
TheHacker 20170302
TotalDefense 20170302
TrendMicro 20170302
TrendMicro-HouseCall 20170302
Trustlook 20170302
VBA32 20170302
VIPRE 20170302
ViRobot 20170302
Webroot 20170302
WhiteArmor 20170222
Yandex 20170225
Zillya 20170301
Zoner 20170302
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May write to a file.
May try to hide the viewer or other applications.
May execute powershell commands.
May try to download additional files from the Internet.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2017-01-16 23:47:00
revision_number
30
author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
page_count
1
last_saved
2017-02-10 18:54:00
edit_time
252960
word_count
14
template
Normal
application_name
Microsoft Office Word
character_count
86
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
99
version
917504
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3776
type_literal
stream
sid
13
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
10495
type_literal
stream
sid
1
name
Data
size
52347
type_literal
stream
sid
12
name
Macros/PROJECT
size
376
type_literal
stream
sid
11
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
146172
type_literal
stream
sid
9
name
Macros/VBA/_VBA_PROJECT
size
2612
type_literal
stream
sid
10
name
Macros/VBA/dir
size
523
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 22001 bytes
exe-pattern url-pattern download hide-app powershell write-file
ExifTool file metadata
SharedDoc
No

Author
Windows

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Windows

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
99

CreateDate
2017:01:16 22:47:00

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:02:10 17:54:00

Characters
86

CodePage
Windows Cyrillic

RevisionNumber
30

MIMEType
application/msword

Words
14

FileType
DOC

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
2.9 days

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 2abad0ae32dd72bac5da0af1e580a2eb
SHA1 d00225d485c597bea712e7c7baa4fba7d7f281e3
SHA256 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981
ssdeep
1536:iIEqy4Rbey1iKUUY3yOCw95N0t7pAQg5KKqOvtl559S97vTicZ:CqjRl1ihUbI95Wt7CL0wvtj53

File size 226.0 KB ( 231424 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: ������������ Windows, Template: Normal, Last Saved By: ������������ Windows, Revision Number: 30, Name of Creating Application: Microsoft Office Word, Total Editing Time: 2d+22:16:00, Create Time/Date: Sun Jan 15 22:47:00 2017, Last Saved Time/Date: Thu Feb 09 17:54:00 2017, Number of Pages: 1, Number of Words: 14, Number of Characters: 86, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
exe-pattern url-pattern macros doc download write-file powershell hide-app

VirusTotal metadata
First submission 2017-02-13 10:41:07 UTC ( 1 year, 11 months ago )
Last submission 2018-10-04 21:20:52 UTC ( 3 months, 1 week ago )
File names VargheseJ.doc
2abad0ae32dd72bac5da0af1e580a2eb.virus
340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981.doc
340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!