× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39cb85066f09ece243c60fd192877ef6fa1162ff0b83ac8bec16e6df495ee7af
File name: Legal_acknowledgement_for_amy.doc
Detection ratio: 19 / 56
Analysis date: 2017-05-19 22:51:48 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Troj.Script.Agent!c 20170519
Avast VBA:Downloader-FDO [Trj] 20170519
Avira (no cloud) W97M/Dldr.Agent.vbfnq 20170519
ClamAV Doc.Dropper.Agent-6319345-0 20170519
Cyren W97M/Agent 20170519
DrWeb W97M.Hancitor.1 20170519
ESET-NOD32 Win32/Agent.SLF 20170519
F-Prot New or modified W97M/Agent 20170519
Fortinet WM/Agent.1146!tr 20170519
GData Generic.Trojan.Agent.HR071V 20170519
Ikarus Trojan-Downloader.VBA.Agent 20170519
Kaspersky HEUR:Trojan.Script.Agent.gen 20170519
McAfee RDN/Generic Downloader.x 20170519
NANO-Antivirus Trojan.Script.ExpKit.eoxnpq 20170519
Qihoo-360 virus.office.qexvmc.1065 20170519
Symantec W97M.Downloader 20170519
TrendMicro-HouseCall Suspicious_GEN.F47V0518 20170519
ViRobot W97M.S.Agent.219648[h] 20170519
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170519
Ad-Aware 20170519
AhnLab-V3 20170519
Alibaba 20170519
ALYac 20170519
Antiy-AVL 20170519
Arcabit 20170519
AVG 20170519
AVware 20170519
Baidu 20170503
BitDefender 20170519
Bkav 20170519
CAT-QuickHeal 20170519
CMC 20170519
Comodo 20170519
CrowdStrike Falcon (ML) 20170130
Emsisoft 20170519
Endgame 20170515
F-Secure 20170519
Sophos ML 20170519
Jiangmin 20170519
K7AntiVirus 20170519
K7GW 20170518
Kingsoft 20170519
Malwarebytes 20170519
McAfee-GW-Edition 20170519
Microsoft 20170519
eScan 20170519
nProtect 20170519
Palo Alto Networks (Known Signatures) 20170519
Panda 20170519
Rising 20170518
SentinelOne (Static ML) 20170516
Sophos AV 20170519
SUPERAntiSpyware 20170519
Symantec Mobile Insight 20170518
Tencent 20170519
TheHacker 20170516
TrendMicro 20170519
Trustlook 20170519
VBA32 20170519
VIPRE 20170519
Webroot 20170519
WhiteArmor 20170517
Yandex 20170518
Zillya 20170518
Zoner 20170519
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
creation_datetime
2017-05-18 12:32:00
template
Normal
title
page_count
1
last_saved
2017-05-18 15:01:00
edit_time
6120
word_count
519
revision_number
58
application_name
Microsoft Office Word
character_count
2961
security
8
code_page
Cyrillic
Document summary
byte_count
11000
characters_with_spaces
3474
line_count
24
version
730895
paragraph_count
6
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14592
type_literal
stream
size
113
name
\x01CompObj
sid
49
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
9918
name
1Table
sid
2
type_literal
stream
size
29032
name
Data
sid
1
type_literal
stream
size
533
name
Macros/PROJECT
sid
21
type_literal
stream
size
95
name
Macros/PROJECTwm
sid
22
type_literal
stream
size
13795
type
macro
name
Macros/VBA/ThisDocument
sid
19
type_literal
stream
size
12278
name
Macros/VBA/_VBA_PROJECT
sid
20
type_literal
stream
size
3610
name
Macros/VBA/__SRP_0
sid
10
type_literal
stream
size
999
name
Macros/VBA/__SRP_1
sid
11
type_literal
stream
size
2184
name
Macros/VBA/__SRP_2
sid
12
type_literal
stream
size
402
name
Macros/VBA/__SRP_3
sid
13
type_literal
stream
size
292
name
Macros/VBA/__SRP_4
sid
14
type_literal
stream
size
797
name
Macros/VBA/__SRP_5
sid
15
type_literal
stream
size
484
name
Macros/VBA/__SRP_6
sid
16
type_literal
stream
size
66
name
Macros/VBA/__SRP_7
sid
17
type_literal
stream
size
870
name
Macros/VBA/dir
sid
8
type_literal
stream
size
21788
type
macro
name
Macros/VBA/trtmodu
sid
9
type_literal
stream
size
1395
type
macro (only attributes)
name
Macros/VBA/unthought
sid
18
type_literal
stream
size
97
name
Macros/unthought/\x01CompObj
sid
47
type_literal
stream
size
290
name
Macros/unthought/\x03VBFrame
sid
48
type_literal
stream
size
139
name
Macros/unthought/f
sid
24
type_literal
stream
size
115
name
Macros/unthought/i13/\x01CompObj
sid
46
type_literal
stream
size
260
name
Macros/unthought/i13/f
sid
27
type_literal
stream
size
110
name
Macros/unthought/i13/i04/\x01CompObj
sid
33
type_literal
stream
size
40
name
Macros/unthought/i13/i04/f
sid
31
type_literal
stream
size
0
name
Macros/unthought/i13/i04/o
sid
32
type_literal
stream
size
110
name
Macros/unthought/i13/i05/\x01CompObj
sid
37
type_literal
stream
size
40
name
Macros/unthought/i13/i05/f
sid
35
type_literal
stream
size
0
name
Macros/unthought/i13/i05/o
sid
36
type_literal
stream
size
110
name
Macros/unthought/i13/i06/\x01CompObj
sid
41
type_literal
stream
size
96
name
Macros/unthought/i13/i06/f
sid
39
type_literal
stream
size
12268
name
Macros/unthought/i13/i06/o
sid
40
type_literal
stream
size
110
name
Macros/unthought/i13/i08/\x01CompObj
sid
45
type_literal
stream
size
40
name
Macros/unthought/i13/i08/f
sid
43
type_literal
stream
size
0
name
Macros/unthought/i13/i08/o
sid
44
type_literal
stream
size
224
name
Macros/unthought/i13/o
sid
28
type_literal
stream
size
72
name
Macros/unthought/i13/x
sid
29
type_literal
stream
size
0
name
Macros/unthought/o
sid
25
type_literal
stream
size
86464
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4213 bytes
[+] trtmodu.bas Macros/VBA/trtmodu 8258 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
3474

CreateDate
2017:05:18 11:32:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:05:18 14:01:00

Characters
2961

CodePage
Windows Cyrillic

RevisionNumber
58

MIMEType
application/msword

Words
519

Bytes
11000

FileType
DOC

Lines
24

AppVersion
11.9999

Security
Locked for annotations

Software
Microsoft Office Word

TotalEditTime
1.7 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
6

File identification
MD5 51c45a4e3cd09cc54a10cc92f3fe1146
SHA1 06146d24e8c9d806fc0b94d4b9265d32a74bc6d4
SHA256 39cb85066f09ece243c60fd192877ef6fa1162ff0b83ac8bec16e6df495ee7af
ssdeep
3072:R4lyCFZpA9hYlxK9WPVhfLUWo7lK4GNaI5qJRduR5F8FF8r9:R4lyCNwWPK5sNXYRduR5FsF+9

File size 214.5 KB ( 219648 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Template: Normal, Revision Number: 58, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:42:00, Create Time/Date: Wed May 17 11:32:00 2017, Last Saved Time/Date: Wed May 17 14:01:00 2017, Number of Pages: 1, Number of Words: 519, Number of Characters: 2961, Security: 8

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-05-18 14:31:18 UTC ( 1 year ago )
Last submission 2017-06-06 01:49:12 UTC ( 11 months, 3 weeks ago )
File names talktalkplc_invoice_154922.doc
audensfood_invoice_777635.doc
d2techsolutions_invoice_916124.doc
Legal_acknowledgement_for_marj212.doc
hafina_invoice_433538.doc
isys_invoice_872795.doc
salesforce_invoice_198509.doc
Legal_acknowledgement_for_ilovehydroponics.doc
jabil_invoice_911221.doc
Legal_acknowledgement_for_salamnannat.doc
Legal_acknowledgement_for_ulrich.geiger.doc
Legal_acknowledgement_for_sd.projectoffice.doc
Legal_acknowledgement_for_mike.thul.doc
Legal_acknowledgement_for_bari.doc
Legal_acknowledgement_for_melissa.wyman.doc
Legal_acknowledgement_for_jose.arnaldo.doc
minyoru.co_invoice_434479.doc
Legal_acknowledgement_for_darren.kewley.doc
Legal_acknowledgement_for_sarah.owen.doc
Legal_acknowledgement_for_sam.agha.doc
Legal_acknowledgement_for_kiran.kanneganti.doc
cerner_invoice_636241.doc
Legal_acknowledgement_for_jonathanyip.doc
thesafesteptub_invoice_359141.doc
Legal_acknowledgement_for_pmehta1.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!