× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39d3dfe0d7950a6b73034f9f97289b9acfe5f0e7e0ec3384a24cdd268b3ff279
File name: notice.doc
Detection ratio: 19 / 59
Analysis date: 2018-11-02 20:21:47 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware W97m.Downloader.HIQ 20181102
Arcabit W97m.Downloader.HIQ 20181102
Baidu VBA.Trojan-Downloader.Agent.dnl 20181102
BitDefender W97m.Downloader.HIQ 20181102
Emsisoft W97m.Downloader.HIQ (B) 20181102
Endgame malicious (high confidence) 20180730
F-Secure W97m.Downloader.HIQ 20181102
Fortinet VBA/Agent.31A1!tr.dldr 20181102
GData W97m.Downloader.HIQ 20181102
MAX malware (ai score=84) 20181102
eScan W97m.Downloader.HIQ 20181102
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181102
Qihoo-360 virus.office.qexvmc.1085 20181102
SentinelOne (Static ML) static engine - malicious 20181011
TACHYON Suspicious/WOX.Obfus.Gen.1 20181102
Tencent Heur.Macro.Generic.Gen.h 20181102
TrendMicro HEUR_VBA.O2 20181102
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20181102
Zoner Probably W97Obfuscated 20181102
AegisLab 20181102
AhnLab-V3 20181102
Alibaba 20180921
ALYac 20181102
Antiy-AVL 20181102
Avast 20181102
Avast-Mobile 20181102
AVG 20181102
Avira (no cloud) 20181102
Babable 20180918
Bkav 20181102
CAT-QuickHeal 20181102
ClamAV 20181102
CMC 20181102
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181102
Cyren 20181102
DrWeb 20181102
eGambit 20181102
ESET-NOD32 20181102
F-Prot 20181102
Ikarus 20181102
Sophos ML 20180717
Jiangmin 20181102
K7AntiVirus 20181102
K7GW 20181102
Kaspersky 20181102
Kingsoft 20181102
Malwarebytes 20181102
McAfee 20181102
McAfee-GW-Edition 20181102
Microsoft 20181102
Palo Alto Networks (Known Signatures) 20181102
Panda 20181102
Rising 20181102
Sophos AV 20181102
SUPERAntiSpyware 20181031
Symantec 20181102
Symantec Mobile Insight 20181030
TheHacker 20181031
TrendMicro-HouseCall 20181102
Trustlook 20181102
VBA32 20181102
ViRobot 20181102
Webroot 20181102
Yandex 20181102
Zillya 20181102
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
May open a file.
May try to run other files, shell commands or applications.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 2465 bytes
[+] HFeqbtb.bas word/vbaProject.bin VBA/HFeqbtb 19065 bytes
exe-pattern url-pattern obfuscated open-file run-file send-keys
Content types
bin
rels
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
Victor Hernandez
cp:lastModifiedBy
Victor Hernandez
cp:revision
2
dcterms:created
2018-11-01T23:18:00Z
dcterms:modified
2018-11-01T23:20:00Z
Application document properties
Template
test.doc
TotalTime
1
Pages
1
Words
0
Characters
1
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
Company
Vicom Cleaning
LinksUpToDate
false
CharactersWithSpaces
1
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Victor Hernandez

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
test.doc

CreateDate
2018:11:01 23:18:00Z

ZipRequiredVersion
20

ModifyDate
2018:11:01 23:20:00Z

ZipCRC
0x23cbfb46

Company
Vicom Cleaning

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.template.macroEnabledTemplate

ZipBitFlag
0x0006

FileType
DOTM

Lines
1

AppVersion
16.0

ZipUncompressedSize
1511

ZipCompressedSize
404

Characters
1

CharactersWithSpaces
1

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

Creator
Victor Hernandez

TotalEditTime
1 minute

ZipCompression
Deflated

Pages
1

FileTypeExtension
dotm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
166629
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
png
1
Contained files by type
XML
13
Microsoft Office
1
PNG
1
File identification
MD5 a8d30f1eccf7308380abea5eba486dd2
SHA1 9e624b56bd2503e0539dac8b63b9016811f1c02c
SHA256 39d3dfe0d7950a6b73034f9f97289b9acfe5f0e7e0ec3384a24cdd268b3ff279
ssdeep
1536:lds4pbdM/bJH/DpIsO8GQxQCekSzCKVeYFGg2QO+I2AGXp8ZCH6LI8:84pba/FfdIsP3mecKQVtXpNa3

File size 97.5 KB ( 99860 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated run-file exe-pattern url-pattern open-file docx via-tor send-keys

VirusTotal metadata
First submission 2018-11-02 19:20:36 UTC ( 5 months, 2 weeks ago )
Last submission 2019-01-06 17:19:58 UTC ( 3 months, 1 week ago )
File names notice.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!