× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3771508ea53b3617ef13d72c87994b317cced687181d749500cb89e243dcb97b
File name: invoice_06594797_scan.doc
Detection ratio: 3 / 54
Analysis date: 2015-12-15 13:11:08 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.B 20151215
AVware LooksLike.Macro.Malware.d (v) 20151215
VIPRE LooksLike.Macro.Malware.d (v) 20151215
Ad-Aware 20151215
AegisLab 20151215
Yandex 20151214
AhnLab-V3 20151215
Alibaba 20151208
ALYac 20151215
Antiy-AVL 20151215
Avast 20151215
AVG 20151215
Avira (no cloud) 20151215
Baidu-International 20151215
BitDefender 20151215
Bkav 20151215
ByteHero 20151215
CAT-QuickHeal 20151215
ClamAV 20151215
CMC 20151215
Comodo 20151215
Cyren 20151215
DrWeb 20151215
Emsisoft 20151215
ESET-NOD32 20151215
F-Prot 20151215
F-Secure 20151215
Fortinet 20151215
GData 20151215
Ikarus 20151215
Jiangmin 20151214
K7AntiVirus 20151215
K7GW 20151215
Kaspersky 20151215
Malwarebytes 20151215
McAfee 20151215
McAfee-GW-Edition 20151215
Microsoft 20151215
eScan 20151215
NANO-Antivirus 20151215
nProtect 20151215
Panda 20151213
Qihoo-360 20151215
Rising 20151215
Sophos 20151215
SUPERAntiSpyware 20151215
Symantec 20151214
TheHacker 20151215
TrendMicro 20151215
TrendMicro-HouseCall 20151215
VBA32 20151215
ViRobot 20151215
Zillya 20151214
Zoner 20151215
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 1404 bytes
auto-open
[+] trekdddjvjb.bas word/vbaProject.bin VBA/trekdddjvjb 227 bytes
exe-pattern
[+] oerdkaksnc.bas word/vbaProject.bin VBA/oerdkaksnc 238 bytes
environ obfuscated
[+] jduyewiskd.bas word/vbaProject.bin VBA/jduyewiskd 252 bytes
obfuscated
[+] aIuhYqZk.bas word/vbaProject.bin VBA/aIuhYqZk 1431 bytes
create-file create-ole obfuscated open-file run-file write-file
[+] oGdyeJdhsdd.frm word/vbaProject.bin VBA/oGdyeJdhsdd 38 bytes
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
title
creator
MY PC
lastModifiedBy
MY PC
revision
176
created
2015-12-01T15:53:00Z
modified
2015-12-14T20:17:00Z
Application document properties
Template
Normal.dotm
TotalTime
137
Pages
1
Words
1
Characters
12
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
Company
sdfdsf
LinksUpToDate
false
CharactersWithSpaces
12
SharedDoc
false
HyperlinksChanged
false
AppVersion
15.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
MY PC

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

CreateDate
2015:12:01 15:53:00Z

ZipRequiredVersion
20

ModifyDate
2015:12:14 20:17:00Z

ZipCRC
0x7aec387e

Company
sdfdsf

Words
1

ScaleCrop
No

RevisionNumber
176

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
1

AppVersion
15.0

ZipUncompressedSize
1453

ZipCompressedSize
391

Characters
12

CharactersWithSpaces
12

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
2.3 hours

ZipCompression
Deflated

Pages
1

Creator
MY PC

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
93320
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
File identification
MD5 bbaaab1245d7edd40ee501233162110e
SHA1 8657c23227407a4641332cc01ed9d518b3de7d01
SHA256 3771508ea53b3617ef13d72c87994b317cced687181d749500cb89e243dcb97b
ssdeep
384:vimtPP72AY/QOOb6MLtO37iOQIJTZ00fk5w6TmyUsl/fB40rzf3Pqa8Udc9bq/Ah:vLPVtb6MgXJTFMFmQ15zzf/qa8Udc8s

File size 25.5 KB ( 26161 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated open-file auto-open exe-pattern create-file docx macros environ attachment run-file write-file create-ole

VirusTotal metadata
First submission 2015-12-15 12:43:18 UTC ( 1 year, 3 months ago )
Last submission 2016-11-10 11:53:34 UTC ( 4 months, 2 weeks ago )
File names invoice_06594797_scan.doc
82374.doc
invoice_17918521_scan.doc
invoice_23033704_scan.doc
invoice_82258134_scan.doc
invoice_04930546_scan.doc
invoice_48503739_scan.doc
60768.doc
ceee516a57a123d148984d848fd6e8d17b6f32ab
invoice_74916336_scan.doc
invoice_77874614_scan.doc
invoice_62263966_scan.doc
invoice_53073241_scan.doc
invoice_41061010_scan.doc
71656.doc
22105151616e74d8fe7a757b2dbce616
invoice_43787317_scan(1).doc
invoice_28149780_scan.doc
invoice_99859907_scan.doc
invoice_54471406_scan.doc
invoice_58628882_scan.doc
invoice_84082946_scan - copia.doc
97a77093f189232deeab1bb91a62813b
invoice_04000481_scan.doc
16499.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!