× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39cb85066f09ece243c60fd192877ef6fa1162ff0b83ac8bec16e6df495ee7af
File name: Legal_acknowledgement_for_amy.doc
Detection ratio: 19 / 56
Analysis date: 2017-05-19 22:51:48 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Script.Agent!c 20170519
Avast VBA:Downloader-FDO [Trj] 20170519
Avira (no cloud) W97M/Dldr.Agent.vbfnq 20170519
ClamAV Doc.Dropper.Agent-6319345-0 20170519
Cyren W97M/Agent 20170519
DrWeb W97M.Hancitor.1 20170519
ESET-NOD32 Win32/Agent.SLF 20170519
F-Prot New or modified W97M/Agent 20170519
Fortinet WM/Agent.1146!tr 20170519
GData Generic.Trojan.Agent.HR071V 20170519
Ikarus Trojan-Downloader.VBA.Agent 20170519
Kaspersky HEUR:Trojan.Script.Agent.gen 20170519
McAfee RDN/Generic Downloader.x 20170519
NANO-Antivirus Trojan.Script.ExpKit.eoxnpq 20170519
Qihoo-360 virus.office.qexvmc.1065 20170519
Symantec W97M.Downloader 20170519
TrendMicro-HouseCall Suspicious_GEN.F47V0518 20170519
ViRobot W97M.S.Agent.219648[h] 20170519
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170519
Ad-Aware 20170519
AhnLab-V3 20170519
Alibaba 20170519
ALYac 20170519
Antiy-AVL 20170519
Arcabit 20170519
AVG 20170519
AVware 20170519
Baidu 20170503
BitDefender 20170519
Bkav 20170519
CAT-QuickHeal 20170519
CMC 20170519
Comodo 20170519
CrowdStrike Falcon (ML) 20170130
Emsisoft 20170519
Endgame 20170515
F-Secure 20170519
Sophos ML 20170519
Jiangmin 20170519
K7AntiVirus 20170519
K7GW 20170518
Kingsoft 20170519
Malwarebytes 20170519
McAfee-GW-Edition 20170519
Microsoft 20170519
eScan 20170519
nProtect 20170519
Palo Alto Networks (Known Signatures) 20170519
Panda 20170519
Rising 20170518
SentinelOne (Static ML) 20170516
Sophos AV 20170519
SUPERAntiSpyware 20170519
Symantec Mobile Insight 20170518
Tencent 20170519
TheHacker 20170516
TrendMicro 20170519
Trustlook 20170519
VBA32 20170519
VIPRE 20170519
Webroot 20170519
WhiteArmor 20170517
Yandex 20170518
Zillya 20170518
Zoner 20170519
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
creation_datetime
2017-05-18 12:32:00
revision_number
58
title
page_count
1
last_saved
2017-05-18 15:01:00
edit_time
6120
word_count
519
template
Normal
application_name
Microsoft Office Word
character_count
2961
security
8
code_page
Cyrillic
Document summary
byte_count
11000
characters_with_spaces
3474
line_count
24
version
730895
paragraph_count
6
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14592
type_literal
stream
sid
49
name
\x01CompObj
size
113
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
9918
type_literal
stream
sid
1
name
Data
size
29032
type_literal
stream
sid
21
name
Macros/PROJECT
size
533
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
19
type
macro
name
Macros/VBA/ThisDocument
size
13795
type_literal
stream
sid
20
name
Macros/VBA/_VBA_PROJECT
size
12278
type_literal
stream
sid
10
name
Macros/VBA/__SRP_0
size
3610
type_literal
stream
sid
11
name
Macros/VBA/__SRP_1
size
999
type_literal
stream
sid
12
name
Macros/VBA/__SRP_2
size
2184
type_literal
stream
sid
13
name
Macros/VBA/__SRP_3
size
402
type_literal
stream
sid
14
name
Macros/VBA/__SRP_4
size
292
type_literal
stream
sid
15
name
Macros/VBA/__SRP_5
size
797
type_literal
stream
sid
16
name
Macros/VBA/__SRP_6
size
484
type_literal
stream
sid
17
name
Macros/VBA/__SRP_7
size
66
type_literal
stream
sid
8
name
Macros/VBA/dir
size
870
type_literal
stream
sid
9
type
macro
name
Macros/VBA/trtmodu
size
21788
type_literal
stream
sid
18
type
macro (only attributes)
name
Macros/VBA/unthought
size
1395
type_literal
stream
sid
47
name
Macros/unthought/\x01CompObj
size
97
type_literal
stream
sid
48
name
Macros/unthought/\x03VBFrame
size
290
type_literal
stream
sid
24
name
Macros/unthought/f
size
139
type_literal
stream
sid
46
name
Macros/unthought/i13/\x01CompObj
size
115
type_literal
stream
sid
27
name
Macros/unthought/i13/f
size
260
type_literal
stream
sid
33
name
Macros/unthought/i13/i04/\x01CompObj
size
110
type_literal
stream
sid
31
name
Macros/unthought/i13/i04/f
size
40
type_literal
stream
sid
32
name
Macros/unthought/i13/i04/o
size
0
type_literal
stream
sid
37
name
Macros/unthought/i13/i05/\x01CompObj
size
110
type_literal
stream
sid
35
name
Macros/unthought/i13/i05/f
size
40
type_literal
stream
sid
36
name
Macros/unthought/i13/i05/o
size
0
type_literal
stream
sid
41
name
Macros/unthought/i13/i06/\x01CompObj
size
110
type_literal
stream
sid
39
name
Macros/unthought/i13/i06/f
size
96
type_literal
stream
sid
40
name
Macros/unthought/i13/i06/o
size
12268
type_literal
stream
sid
45
name
Macros/unthought/i13/i08/\x01CompObj
size
110
type_literal
stream
sid
43
name
Macros/unthought/i13/i08/f
size
40
type_literal
stream
sid
44
name
Macros/unthought/i13/i08/o
size
0
type_literal
stream
sid
28
name
Macros/unthought/i13/o
size
224
type_literal
stream
sid
29
name
Macros/unthought/i13/x
size
72
type_literal
stream
sid
25
name
Macros/unthought/o
size
0
type_literal
stream
sid
3
name
WordDocument
size
86464
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4213 bytes
[+] trtmodu.bas Macros/VBA/trtmodu 8258 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
3474

CreateDate
2017:05:18 11:32:00

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:05:18 14:01:00

Characters
2961

CodePage
Windows Cyrillic

RevisionNumber
58

MIMEType
application/msword

Words
519

Bytes
11000

FileType
DOC

Lines
24

AppVersion
11.9999

Security
Locked for annotations

Software
Microsoft Office Word

TotalEditTime
1.7 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
6

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 51c45a4e3cd09cc54a10cc92f3fe1146
SHA1 06146d24e8c9d806fc0b94d4b9265d32a74bc6d4
SHA256 39cb85066f09ece243c60fd192877ef6fa1162ff0b83ac8bec16e6df495ee7af
ssdeep
3072:R4lyCFZpA9hYlxK9WPVhfLUWo7lK4GNaI5qJRduR5F8FF8r9:R4lyCNwWPK5sNXYRduR5FsF+9

File size 214.5 KB ( 219648 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Template: Normal, Revision Number: 58, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:42:00, Create Time/Date: Wed May 17 11:32:00 2017, Last Saved Time/Date: Wed May 17 14:01:00 2017, Number of Pages: 1, Number of Words: 519, Number of Characters: 2961, Security: 8

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-05-18 14:31:18 UTC ( 1 year, 4 months ago )
Last submission 2017-06-06 01:49:12 UTC ( 1 year, 3 months ago )
File names talktalkplc_invoice_154922.doc
audensfood_invoice_777635.doc
d2techsolutions_invoice_916124.doc
Legal_acknowledgement_for_marj212.doc
hafina_invoice_433538.doc
isys_invoice_872795.doc
salesforce_invoice_198509.doc
Legal_acknowledgement_for_ilovehydroponics.doc
jabil_invoice_911221.doc
Legal_acknowledgement_for_salamnannat.doc
Legal_acknowledgement_for_ulrich.geiger.doc
Legal_acknowledgement_for_sd.projectoffice.doc
Legal_acknowledgement_for_mike.thul.doc
Legal_acknowledgement_for_bari.doc
Legal_acknowledgement_for_melissa.wyman.doc
Legal_acknowledgement_for_jose.arnaldo.doc
minyoru.co_invoice_434479.doc
Legal_acknowledgement_for_darren.kewley.doc
Legal_acknowledgement_for_sarah.owen.doc
Legal_acknowledgement_for_sam.agha.doc
Legal_acknowledgement_for_kiran.kanneganti.doc
cerner_invoice_636241.doc
Legal_acknowledgement_for_jonathanyip.doc
thesafesteptub_invoice_359141.doc
Legal_acknowledgement_for_pmehta1.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!