× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36dbae28c3cc61747f5e0fc10e715b7509260084eefd0df67cd2181af221c716
File name: Message efax system-9848.doc
Detection ratio: 5 / 54
Analysis date: 2016-11-21 22:59:53 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20161121
AVware LooksLike.Macro.Malware.k (v) 20161121
McAfee W97M/Downloader.bqy 20161121
McAfee-GW-Edition W97M/Downloader.bqy 20161121
VIPRE LooksLike.Macro.Malware.k (v) 20161121
Ad-Aware 20161121
AegisLab 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161121
Antiy-AVL 20161121
Avast 20161121
AVG 20161121
Avira (no cloud) 20161121
Baidu 20161121
BitDefender 20161121
Bkav 20161121
CAT-QuickHeal 20161121
ClamAV 20161121
CMC 20161121
Comodo 20161121
CrowdStrike Falcon (ML) 20161024
Cyren 20161121
DrWeb 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
Fortinet 20161121
GData 20161121
Ikarus 20161121
Sophos ML 20161018
Jiangmin 20161121
K7AntiVirus 20161121
K7GW 20161121
Kaspersky 20161121
Kingsoft 20161122
Malwarebytes 20161121
Microsoft 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161121
Qihoo-360 20161122
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
Symantec 20161121
Tencent 20161122
TheHacker 20161117
TrendMicro 20161121
TrendMicro-HouseCall 20161121
Trustlook 20161122
VBA32 20161121
ViRobot 20161121
Yandex 20161121
Zillya 20161121
Zoner 20161121
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
user
creation_datetime
2016-11-21 20:37:00
revision_number
3
author
LaLka
page_count
1
last_saved
2016-11-21 20:39:00
edit_time
120
template
Normal
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RL-TEAM.NET
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
13312
type_literal
stream
sid
24
name
\x01CompObj
size
121
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
7618
type_literal
stream
sid
23
name
Macros/PROJECT
size
665
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
137
type_literal
stream
sid
11
type
macro
name
Macros/VBA/ThisDocument
size
1087
type_literal
stream
sid
15
name
Macros/VBA/_VBA_PROJECT
size
3655
type_literal
stream
sid
16
name
Macros/VBA/dir
size
920
type_literal
stream
sid
13
type
macro
name
Macros/VBA/newform
size
1452
type_literal
stream
sid
14
type
macro
name
Macros/VBA/qweqwe
size
1398
type_literal
stream
sid
12
type
macro
name
Macros/VBA/usdfjkggkskkjghd
size
1583
type_literal
stream
sid
20
name
Macros/newform/\x01CompObj
size
97
type_literal
stream
sid
21
name
Macros/newform/\x03VBFrame
size
286
type_literal
stream
sid
18
name
Macros/newform/f
size
441
type_literal
stream
sid
19
name
Macros/newform/o
size
500
type_literal
stream
sid
7
name
MsoDataStore/\xc3\xd8\xd1V4\xcaT\xcfVU\xceYG\xd8LO3\xdaS0SQ==/Item
size
218
type_literal
stream
sid
8
name
MsoDataStore/\xc3\xd8\xd1V4\xcaT\xcfVU\xceYG\xd8LO3\xdaS0SQ==/Properties
size
341
type_literal
stream
sid
2
name
WordDocument
size
41994
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 32 bytes
[+] usdfjkggkskkjghd.bas Macros/VBA/usdfjkggkskkjghd 422 bytes
run-file
[+] newform.frm Macros/VBA/newform 72 bytes
[+] qweqwe.bas Macros/VBA/qweqwe 285 bytes
ExifTool file metadata
SharedDoc
No

Author
LaLka

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1, , 1

Template
Normal

CharCountWithSpaces
1

CreateDate
2016:11:21 19:37:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2016:11:21 19:39:00

TitleOfParts
,

Company
RL-TEAM.NET

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
2.0 minutes

Pages
1

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 746db2abd581fa07d4f398df9aece819
SHA1 f9b3588c9ce453eacc5a41de4d6a4aab2ee53d86
SHA256 36dbae28c3cc61747f5e0fc10e715b7509260084eefd0df67cd2181af221c716
ssdeep
1536:WJc5C7U9KCP6pBQGsHHSXfSLHbxCHXH8ZBDW36XJGs:WJc51syUQdHyXAbxC6Nz

File size 76.0 KB ( 77824 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: LaLka, Template: Normal, Last Saved By: user, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Sun Nov 20 19:37:00 2016, Last Saved Time/Date: Sun Nov 20 19:39:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file doc attachment via-tor

VirusTotal metadata
First submission 2016-11-21 21:56:04 UTC ( 2 years, 5 months ago )
Last submission 2016-12-15 01:28:23 UTC ( 2 years, 4 months ago )
File names Message efax system-7677.doc
Message efax system-1024.doc
f9b3588c9ce453eacc5a41de4d6a4aab2ee53d86.doc
Message efax system-9339.doc
Message efax system-1024.doc_
Message efax system-9898.doc
Message efax system-2777.doc
d4c2e3c2717dda1f70549fc10592ea0d
Message efax system-2125.doc
Message efax system-1943.doc
Message efax system-1875.doc
Message efax system-1604.doc
MessageXefaxXsystem-8808.doc
7b5206369c13c0e68857319443108f26
d98d39e6b2bb14a95833b57db1e87b58
Message efax system-9888.doc
MessageXefaxXsystem-5978.doc
Message efax system-3902.doc
Message efax system-2119.doc
e9daa27abed45e9453d9e286963b957a
ab8518ffe2c19772f7c03232b760d12a
9fa3da27c790fa1fb6b590263bf4ecb4
7918ccf4d54dd0e9b6685d6d1ed56b18
Message efax system-3829.doc
Message efax system-2794.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!