× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 345f2734e5d25a5ccee9c52b61d3a815125db501bd187d9772fadfb0c2dc1f92
File name: localfile~
Detection ratio: 38 / 60
Analysis date: 2018-09-12 13:24:04 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.953 20180912
AegisLab Troj.Script.Agent!c 20180912
AhnLab-V3 W97M/Downloader 20180912
ALYac Trojan.Downloader.VBA.gen 20180912
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.ffs 20180912
Arcabit VB:Trojan.Valyria.953 20180912
Avast VBA:Downloader-FSE [Trj] 20180912
AVG VBA:Downloader-FSE [Trj] 20180912
Avira (no cloud) W97M/Agent.06750252 20180912
Baidu VBA.Trojan-Downloader.Agent.cfb 20180912
BitDefender VB:Trojan.Valyria.953 20180912
CAT-QuickHeal W97M.Donoff.3992 20180912
Cyren W97M/Downldr 20180912
Emsisoft VB:Trojan.Valyria.953 (B) 20180912
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.FFS 20180912
F-Prot New or modified W97M/Downldr 20180912
F-Secure VB:Trojan.Valyria.953 20180912
Fortinet VBA/Dloader.CNJ!tr 20180912
GData VB:Trojan.Valyria.953 20180912
Ikarus Trojan-Downloader.VBA.Agent 20180912
Kaspersky HEUR:Trojan.Script.Agent.gen 20180912
MAX malware (ai score=94) 20180912
McAfee RDN/Generic Downloader.x 20180912
McAfee-GW-Edition BehavesLike.Downloader.cg 20180912
Microsoft TrojanDownloader:O97M/Donoff 20180912
eScan VB:Trojan.Valyria.953 20180912
Qihoo-360 Win32/Trojan.Script.af7 20180912
Rising Downloader.Donoff!8.36C (TOPIS:dsnSLkaYWYC) 20180912
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/DocDl-LJB 20180912
Symantec W97M.Downloader 20180912
Tencent Heur.Macro.Generic.Gen.f 20180912
TrendMicro W2KM_POWLOAD.AUSJUY 20180912
TrendMicro-HouseCall W2KM_POWLOAD.AUSJUY 20180912
ViRobot W97M.S.Agent.126979 20180912
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20180912
Zoner Probably W97Obfuscated 20180912
Alibaba 20180713
Avast-Mobile 20180912
AVware 20180912
Babable 20180907
Bkav 20180912
CMC 20180912
Comodo 20180912
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180912
DrWeb 20180912
eGambit 20180912
Sophos ML 20180717
Jiangmin 20180912
K7AntiVirus 20180912
K7GW 20180912
Kingsoft 20180912
Malwarebytes 20180912
NANO-Antivirus 20180912
Palo Alto Networks (Known Signatures) 20180912
Panda 20180912
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180912
TheHacker 20180907
TotalDefense 20180912
Trustlook 20180912
VBA32 20180912
VIPRE 20180912
Webroot 20180912
Yandex 20180910
Zillya 20180911
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
user
creation_datetime
2017-11-13 13:03:00
revision_number
23
author
Longer
page_count
1
last_saved
2017-11-13 12:02:00
edit_time
1680
word_count
26
template
Normal
application_name
Microsoft Office Word
character_count
152
code_page
Cyrillic
Document summary
line_count
1
company
Grizli777
characters_with_spaces
177
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
33472
type_literal
stream
sid
57
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7052
type_literal
stream
sid
1
name
Data
size
54485
type_literal
stream
sid
38
name
Macros/Gwzn/\x01CompObj
size
97
type_literal
stream
sid
39
name
Macros/Gwzn/\x03VBFrame
size
289
type_literal
stream
sid
36
name
Macros/Gwzn/f
size
327
type_literal
stream
sid
37
name
Macros/Gwzn/o
size
444
type_literal
stream
sid
43
name
Macros/Hzxzxx/\x01CompObj
size
97
type_literal
stream
sid
44
name
Macros/Hzxzxx/\x03VBFrame
size
289
type_literal
stream
sid
41
name
Macros/Hzxzxx/f
size
239
type_literal
stream
sid
42
name
Macros/Hzxzxx/o
size
224
type_literal
stream
sid
48
name
Macros/Ohqg/\x01CompObj
size
97
type_literal
stream
sid
49
name
Macros/Ohqg/\x03VBFrame
size
281
type_literal
stream
sid
46
name
Macros/Ohqg/f
size
182
type_literal
stream
sid
47
name
Macros/Ohqg/o
size
260
type_literal
stream
sid
56
name
Macros/PROJECT
size
1404
type_literal
stream
sid
55
name
Macros/PROJECTwm
size
521
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Fguvmltcyfbs
size
859
type_literal
stream
sid
24
type
macro
name
Macros/VBA/Gwzn
size
1666
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Hudzcdkgcdi
size
1229
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Huikez
size
925
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/Hzxzxx
size
1171
type_literal
stream
sid
16
type
macro
name
Macros/VBA/Mxnzxbbllqh
size
1233
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/Ohqg
size
1169
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Oluwuuawpl8
size
900
type_literal
stream
sid
18
type
macro
name
Macros/VBA/Rbrxck
size
1037
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Rkepjwicbz
size
861
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1177
type_literal
stream
sid
22
type
macro
name
Macros/VBA/Thpaalcuoz
size
1588
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Xxv
size
1592
type_literal
stream
sid
28
name
Macros/VBA/_VBA_PROJECT
size
6697
type_literal
stream
sid
9
type
macro
name
Macros/VBA/bkh_zjocm
size
858
type_literal
stream
sid
10
type
macro
name
Macros/VBA/bo_qrhir0
size
1604
type_literal
stream
sid
29
name
Macros/VBA/dir
size
1617
type_literal
stream
sid
23
type
macro
name
Macros/VBA/dzuxgwlti3
size
1429
type_literal
stream
sid
11
type
macro
name
Macros/VBA/exq
size
889
type_literal
stream
sid
15
type
macro
name
Macros/VBA/kbi
size
868
type_literal
stream
sid
20
type
macro
name
Macros/VBA/spysunspjp
size
1035
type_literal
stream
sid
27
type
macro (only attributes)
name
Macros/VBA/tyq
size
1168
type_literal
stream
sid
33
name
Macros/dzuxgwlti3/\x01CompObj
size
97
type_literal
stream
sid
34
name
Macros/dzuxgwlti3/\x03VBFrame
size
289
type_literal
stream
sid
31
name
Macros/dzuxgwlti3/f
size
347
type_literal
stream
sid
32
name
Macros/dzuxgwlti3/o
size
492
type_literal
stream
sid
53
name
Macros/tyq/\x01CompObj
size
97
type_literal
stream
sid
54
name
Macros/tyq/\x03VBFrame
size
280
type_literal
stream
sid
51
name
Macros/tyq/f
size
283
type_literal
stream
sid
52
name
Macros/tyq/o
size
292
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 77 bytes
[+] bkh_zjocm.bas Macros/VBA/bkh_zjocm 52 bytes
[+] bo_qrhir0.bas Macros/VBA/bo_qrhir0 520 bytes
[+] exq.bas Macros/VBA/exq 78 bytes
[+] Fguvmltcyfbs.bas Macros/VBA/Fguvmltcyfbs 46 bytes
[+] Hudzcdkgcdi.bas Macros/VBA/Hudzcdkgcdi 247 bytes
[+] Huikez.bas Macros/VBA/Huikez 77 bytes
[+] kbi.bas Macros/VBA/kbi 69 bytes
[+] Mxnzxbbllqh.bas Macros/VBA/Mxnzxbbllqh 192 bytes
[+] Oluwuuawpl8.bas Macros/VBA/Oluwuuawpl8 65 bytes
[+] Rbrxck.bas Macros/VBA/Rbrxck 125 bytes
[+] Rkepjwicbz.bas Macros/VBA/Rkepjwicbz 45 bytes
[+] spysunspjp.bas Macros/VBA/spysunspjp 109 bytes
[+] Xxv.bas Macros/VBA/Xxv 479 bytes
[+] Thpaalcuoz.bas Macros/VBA/Thpaalcuoz 640 bytes
[+] dzuxgwlti3.frm Macros/VBA/dzuxgwlti3 103 bytes
create-ole
[+] Gwzn.frm Macros/VBA/Gwzn 242 bytes
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1, , 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
177

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:11:13 11:02:00

TitleOfParts
,

Company
Grizli777

Characters
152

CodePage
Windows Cyrillic

RevisionNumber
23

MIMEType
application/msword

Words
26

CreateDate
2017:11:13 12:03:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
28.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 f78b7325a69e85e260dc3e6341f06fd8
SHA1 cc5b4b7d97ce9136668ebb430f4e914d08a8bc96
SHA256 345f2734e5d25a5ccee9c52b61d3a815125db501bd187d9772fadfb0c2dc1f92
ssdeep
1536:acLVcNrDk+C9hpv9V1K4Q4QCWxm0g63Z+VcIH9kwASny:acJ4k+khpvNRWgoAiwASny

File size 124.0 KB ( 126979 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Longer, Template: Normal, Last Saved By: user, Revision Number: 23, Name of Creating Application: Microsoft Office Word, Total Editing Time: 28:00, Create Time/Date: Sun Nov 12 12:03:00 2017, Last Saved Time/Date: Sun Nov 12 11:02:00 2017, Number of Pages: 1, Number of Words: 26, Number of Characters: 152, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-11-13 12:14:24 UTC ( 1 year, 2 months ago )
Last submission 2018-05-06 09:31:13 UTC ( 8 months, 2 weeks ago )
File names localfile~
__substg1.0_37010102
76SagePay.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!