| SHA256: | 3782f96c6d9f3136651da208465fa939313b7e4f21bdc4ef10c05926e0428a65 |
| Detection ratio: | 10 / 58 |
| Analysis date: | 2018-03-28 10:48:54 UTC ( 10 months, 3 weeks ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AegisLab | Vba.Downloader.Fse!c | 20180328 |
| Avast | VBA:Downloader-FSE [Trj] | 20180328 |
| AVG | VBA:Downloader-FSE [Trj] | 20180328 |
| Baidu | VBA.Trojan-Downloader.Agent.cny | 20180328 |
| F-Secure | Trojan:W97M/Nastjencro.A | 20180328 |
| Fortinet | VBA/Agent.YPEZ!tr.dldr | 20180328 |
| Ikarus | Win32.Outbreak | 20180328 |
| Qihoo-360 | Win32/Trojan.Downloader.8eb | 20180328 |
| Tencent | Macro.Trojan.Dropperd.Auto | 20180328 |
| ZoneAlarm by Check Point | HEUR:Trojan-Downloader.Script.Generic | 20180328 |
| Ad-Aware | 20180328 | |
| AhnLab-V3 | 20180328 | |
| Alibaba | 20180328 | |
| ALYac | 20180328 | |
| Antiy-AVL | 20180328 | |
| Arcabit | 20180328 | |
| Avast-Mobile | 20180328 | |
| Avira (no cloud) | 20180328 | |
| AVware | 20180328 | |
| BitDefender | 20180328 | |
| Bkav | 20180328 | |
| CAT-QuickHeal | 20180327 | |
| ClamAV | 20180328 | |
| CMC | 20180328 | |
| Comodo | 20180328 | |
| CrowdStrike Falcon (ML) | 20170201 | |
| Cybereason | None | |
| Cylance | 20180328 | |
| Cyren | 20180328 | |
| DrWeb | 20180328 | |
| eGambit | 20180328 | |
| Emsisoft | 20180328 | |
| Endgame | 20180316 | |
| ESET-NOD32 | 20180328 | |
| F-Prot | 20180328 | |
| GData | 20180328 | |
| Sophos ML | 20180121 | |
| Jiangmin | 20180328 | |
| K7AntiVirus | 20180328 | |
| K7GW | 20180328 | |
| Kaspersky | 20180328 | |
| Kingsoft | 20180328 | |
| Malwarebytes | 20180328 | |
| MAX | 20180328 | |
| McAfee | 20180328 | |
| McAfee-GW-Edition | 20180328 | |
| Microsoft | 20180328 | |
| eScan | 20180328 | |
| NANO-Antivirus | 20180328 | |
| nProtect | 20180328 | |
| Palo Alto Networks (Known Signatures) | 20180328 | |
| Panda | 20180327 | |
| Rising | 20180328 | |
| SentinelOne (Static ML) | 20180225 | |
| Sophos AV | 20180328 | |
| SUPERAntiSpyware | 20180328 | |
| Symantec | 20180328 | |
| Symantec Mobile Insight | 20180311 | |
| TheHacker | 20180327 | |
| TrendMicro | 20180328 | |
| TrendMicro-HouseCall | 20180328 | |
| Trustlook | 20180328 | |
| VBA32 | 20180328 | |
| VIPRE | 20180328 | |
| ViRobot | 20180328 | |
| WhiteArmor | 20180324 | |
| Yandex | 20180328 | |
| Zillya | 20180328 | |
| Zoner | 20180327 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Longer
creation_datetime
2018-03-28 10:32:00
revision_number
2
author
Longer
page_count
1
last_saved
2018-03-28 10:43:00
edit_time
300
word_count
34
template
Normal.dotm
application_name
Microsoft Office Word
character_count
198
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
231
version
786432
paragraph_count
1
code_page
-535
OLE Streams
Macros and VBA code streams
ExifTool file metadata
SharedDoc
No
Author
Longer
HyperlinksChanged
No
System
Windows
LinksUpToDate
No
LastModifiedBy
Longer
HeadingPairs
, 1
Identification
Word 8.0
Template
Normal.dotm
CharCountWithSpaces
231
CreateDate
2018:03:28 09:32:00
Word97
No
LanguageCode
English (US)
ModifyDate
2018:03:28 09:43:00
Characters
198
CodePage
Unicode (UTF-8)
RevisionNumber
2
MIMEType
application/msword
Words
34
FileType
DOC
Lines
1
AppVersion
12.0
Security
None
Software
Microsoft Office Word
TotalEditTime
5 minutes
Pages
1
ScaleCrop
No
CompObjUserTypeLen
0
FileTypeExtension
doc
Paragraphs
1
LastPrinted
0000:00:00 00:00:00
DocFlags
Has picture, 1Table, ExtChar
Compressed bundles
File identification
MD5 72a546259753c4f976aae1dcd3b176f5
SHA1 3ab6818789fe3574de05f5ba7a9a95cf0cd8e710
SHA256 3782f96c6d9f3136651da208465fa939313b7e4f21bdc4ef10c05926e0428a65
ssdeep
768:QneKCBC0MK8aVpIEgcTQV6IzWgSpapbhp:CtIdJeYk0sSEJh
File size
62.0 KB ( 63488 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Tue Mar 27 09:32:00 2018, Last Saved Time/Date: Tue Mar 27 09:43:00 2018, Number of Pages: 1, Number of Words: 34, Number of Characters: 198, Security: 0
| TrID |
Microsoft Word document (80.0%) Generic OLE2 / Multistream Compound File (20.0%) |
Tags
obfuscated
macros
create-ole
attachment
doc
VirusTotal metadata
First submission
2018-03-28 10:32:06 UTC ( 10 months, 3 weeks ago )
Last submission
2018-11-20 09:03:19 UTC ( 3 months ago )
| File names |
2018-03-28-Word-doc-with-macro-for-Trickbot.doc SecureMessage.doc Malware_MSOLE2_3782f96c6d9f3136651da208465fa939313b7e4f21bdc4ef10c05926e0428a65 481f30c87491418f5acfb54b502056af97032611 3782f96c6d9f3136651da208465fa939313b.doc PO |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!