× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 386990fb92835fdcf1c6e9c0bfdf04cf6b23ac16ba89e0a1a03d5ef001f34756
File name: 82041-invoice9251495369.doc
Detection ratio: 41 / 61
Analysis date: 2018-09-05 11:25:30 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware VBS.MMacro.BI 20180905
AegisLab Trojan.MSWord.Agent.a!c 20180905
Antiy-AVL Trojan/MSOffice.gen 20180905
Arcabit VBS.MMacro.BI 20180905
Avast VBS:Dropper-HC [Trj] 20180905
AVG VBS:Dropper-HC [Trj] 20180905
Avira (no cloud) HEUR/Macro.Downloader 20180905
AVware Trojan.OOXML.Generic.a (v) 20180823
Baidu VBA.Trojan-Downloader.Agent.bc 20180905
BitDefender VBS.MMacro.BI 20180905
CAT-QuickHeal O97M.Dropper.AX 20180904
ClamAV Doc.Dropper.Agent-6262138-0 20180905
Cyren PP97M/Downloader.L 20180905
DrWeb W97M.DownLoader.210 20180905
Emsisoft VBS.MMacro.BI (B) 20180905
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.HN 20180905
F-Prot PP97M/Downloader.L 20180905
F-Secure VB.Chronos.7.Gen 20180905
Fortinet W97M/Agent.MAD!tr.dldr 20180905
GData Macro.Trojan-Downloader.Bartallex.A 20180905
Ikarus Trojan-Downloader.VBA.Agent 20180905
Jiangmin WM/Downloader.Agent.eq 20180905
Kaspersky Trojan-Downloader.MSWord.Agent.el 20180905
MAX malware (ai score=100) 20180905
McAfee W97M/Downloader.acl 20180905
McAfee-GW-Edition W97M/Downloader.acl 20180905
Microsoft TrojanDownloader:O97M/Bartallex.A 20180905
eScan VBS.MMacro.BI 20180905
NANO-Antivirus Trojan.Script.Agent.dntiyr 20180905
Qihoo-360 Win32/Trojan.Downloader.365 20180905
Rising Macro.Downloader.n (CLASSIC) 20180905
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/DocDl-JA 20180905
Symantec W97M.Downloader 20180905
TACHYON Suspicious/WOX.Obfus.Gen.1 20180905
Tencent OLE.Win32.Macro.700314 20180905
TrendMicro W2KM_DLOAD.A 20180905
TrendMicro-HouseCall W2KM_DLOAD.A 20180905
VIPRE Trojan.OOXML.Generic.a (v) 20180905
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.el 20180905
AhnLab-V3 20180905
ALYac 20180905
Avast-Mobile 20180905
Babable 20180902
Bkav 20180905
CMC 20180905
Comodo 20180905
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180905
eGambit 20180905
Sophos ML 20180717
K7AntiVirus 20180905
K7GW 20180905
Kingsoft 20180905
Malwarebytes 20180905
Palo Alto Networks (Known Signatures) 20180905
Panda 20180905
SUPERAntiSpyware 20180905
Symantec Mobile Insight 20180831
TheHacker 20180904
TotalDefense 20180905
Trustlook 20180905
VBA32 20180905
ViRobot 20180905
Webroot 20180905
Yandex 20180904
Zillya 20180904
Zoner 20180904
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 14390 bytes
ipv4-pattern auto-open create-file enum-windows environ obfuscated open-file run-file write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
cp:revision
1
dcterms:created
2014-12-18T10:29:00Z
dcterms:modified
2015-02-02T16:03:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
72
Characters
417
Application
Microsoft Office Word
DocSecurity
0
Lines
3
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
488
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2015:02:02 16:03:00Z

ZipCRC
0x92c003b9

Words
72

ScaleCrop
No

RevisionNumber
1

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2014:12:18 10:29:00Z

Lines
3

AppVersion
12.0

ZipUncompressedSize
2485

ZipCompressedSize
482

Characters
417

CharactersWithSpaces
488

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
22
Uncompressed size
112756
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
18
bin
1
Contained files by type
XML
21
Microsoft Office
1
File identification
MD5 cd5fdb7574010fd23f9501523fdc2aa4
SHA1 f9268cdb837629663ca892db325cf987b5f2ba27
SHA256 386990fb92835fdcf1c6e9c0bfdf04cf6b23ac16ba89e0a1a03d5ef001f34756
ssdeep
768:cEH3S15FD5DrGHmB24apnKiK0DW2fj1bJ9y4g/++CnuoWhvsuHMN5:cs3GpBWpnK4DWwjBJ9A/++Cnmhvv65

File size 38.6 KB ( 39489 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated run-file auto-open create-file docx open-file macros enum-windows environ attachment write-file ipv4-pattern

VirusTotal metadata
First submission 2015-02-02 16:43:17 UTC ( 3 years, 9 months ago )
Last submission 2017-04-12 16:32:49 UTC ( 1 year, 7 months ago )
File names invoice7009602398.doc
invoice4094913311.doc
invoice7169532064.doc
invoice9029179821.doc
invoice1226790974.doc
invoice7286497185.doc
invoice3879340196.doc
invoice2810500503.doc
invoice5443601322.doc
invoice9279757771.doc
invoice3204144058.doc
invoice1823663133.doc
0
4
invoice2350953983.doc
8
invoice9273283281.doc
invoice5483390480.doc
invoice5231905708.doc
invoice6191157085.doc
invoice8052363157.doc
invoice3661130049.doc
invoice0270371710.doc
invoice9232868949.doc
invoice3673156566.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!