× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39f98e51bcd3696766ee8f0e7c7f7b5d87d75ed730a19ef63cbf88b74cf8f0cd
File name: Payment_Status_0498983.doc
Detection ratio: 19 / 59
Analysis date: 2018-12-19 15:51:41 UTC ( 5 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20181219
Avast VBS:Downloader-AVK [Trj] 20181219
AVG VBS:Downloader-AVK [Trj] 20181219
Cyren W97M/Emotet.D.gen!Eldorado 20181219
Emsisoft Trojan-Downloader.Macro.Generic.L (A) 20181219
Endgame malicious (high confidence) 20181108
Fortinet VBA/Agent.LWI!tr.dldr 20181219
Ikarus Trojan.VBA.Agent 20181219
MAX malware (ai score=88) 20181219
McAfee W97M/Downloader!528CC107D697 20181219
McAfee-GW-Edition BehavesLike.Downloader.cg 20181219
Microsoft Trojan:Script/Foretype.A!ml 20181219
eScan VB:Trojan.DOC.Downloader.AOX 20181219
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181219
Rising Macro.Agent.dx (CLASSIC) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ISB.Downloader!gen186 20181219
TACHYON Suspicious/W97M.Obfus.Gen.6 20181219
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181219
Acronis 20180726
Ad-Aware 20181219
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Avast-Mobile 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181219
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181219
DrWeb 20181219
eGambit 20181219
ESET-NOD32 20181219
F-Prot 20181219
F-Secure 20181219
GData 20181219
Sophos ML 20181128
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kaspersky 20181219
Kingsoft 20181219
Malwarebytes 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181219
Qihoo-360 20181219
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
Trapmine 20181205
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VBA32 20181219
ViRobot 20181219
Webroot 20181219
Yandex 20181219
Zillya 20181219
Zoner 20181219
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-12-19 14:24:00
revision_number
1
page_count
1
word_count
2
last_saved
2018-12-19 14:24:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
18
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
19
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
22720
type_literal
stream
sid
36
name
\x01CompObj
size
114
type_literal
stream
sid
12
name
\x05DocumentSummaryInformation
size
280
type_literal
stream
sid
11
name
\x05SummaryInformation
size
404
type_literal
stream
sid
10
name
1Table
size
7908
type_literal
stream
sid
1
name
Data
size
82328
type_literal
stream
sid
35
name
Macros/PROJECT
size
1107
type_literal
stream
sid
34
name
Macros/PROJECTwm
size
467
type_literal
stream
sid
20
type
macro (only attributes)
name
Macros/VBA/A12744838726203
size
684
type_literal
stream
sid
19
type
macro (only attributes)
name
Macros/VBA/I18061011743
size
681
type_literal
stream
sid
22
type
macro (only attributes)
name
Macros/VBA/M99154177
size
678
type_literal
stream
sid
21
type
macro (only attributes)
name
Macros/VBA/P3363846
size
677
type_literal
stream
sid
15
type
macro
name
Macros/VBA/P383108942
size
1477
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/T07731366762
size
991
type_literal
stream
sid
18
type
macro
name
Macros/VBA/Y43575824
size
2934
type_literal
stream
sid
30
name
Macros/VBA/_VBA_PROJECT
size
6185
type_literal
stream
sid
32
name
Macros/VBA/__SRP_0
size
2174
type_literal
stream
sid
33
name
Macros/VBA/__SRP_1
size
230
type_literal
stream
sid
16
name
Macros/VBA/__SRP_2
size
428
type_literal
stream
sid
17
name
Macros/VBA/__SRP_3
size
142
type_literal
stream
sid
28
type
macro (only attributes)
name
Macros/VBA/c05817973
size
988
type_literal
stream
sid
27
type
macro (only attributes)
name
Macros/VBA/c3613646299
size
990
type_literal
stream
sid
31
name
Macros/VBA/dir
size
1447
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/i10549381
size
678
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/m280329191
size
679
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/v766325831598
size
993
type_literal
stream
sid
29
type
macro (only attributes)
name
Macros/VBA/z17863544214122
size
995
type_literal
stream
sid
6
name
ObjectPool/_1606741816/\x01CompObj
size
116
type_literal
stream
sid
8
name
ObjectPool/_1606741816/\x03OCXNAME
size
20
type_literal
stream
sid
7
name
ObjectPool/_1606741816/\x03ObjInfo
size
6
type_literal
stream
sid
5
name
ObjectPool/_1606741816/\x03PRINT
size
514
type_literal
stream
sid
9
name
ObjectPool/_1606741816/contents
size
932
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] P383108942.cls Macros/VBA/P383108942 31 bytes
[+] Y43575824.bas Macros/VBA/Y43575824 1254 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
19

CreateDate
2018:12:19 13:24:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:12:19 13:24:00

Characters
18

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 528cc107d6975d8f751095e54bce7511
SHA1 a40731073bfa54b9e89b41ba00fca06112baf619
SHA256 39f98e51bcd3696766ee8f0e7c7f7b5d87d75ed730a19ef63cbf88b74cf8f0cd
ssdeep
1536:af81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvad+GryvprTUk7bce+a9:af8GhDS0o9zTGOZD6EbzCdxO1TRc

File size 141.9 KB ( 145280 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 18 13:24:00 2018, Last Saved Time/Date: Tue Dec 18 13:24:00 2018, Number of Pages: 1, Number of Words: 2, Number of Characters: 18, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-12-19 14:16:06 UTC ( 5 months ago )
Last submission 2018-12-21 20:09:23 UTC ( 4 months, 4 weeks ago )
File names US31784861824107006.doc
EIN_ACH_3282700438101555663.doc
Payment_Status_0498983.doc
0.doc
0.doc
emotet_e2_39f98e51bcd3696766ee8f0e7c7f7b5d87d75ed730a19ef63cbf88b74cf8f0cd_2018-12-19__14:20:02.doc
PAYROLL_90892XDTMALH_12_19_18.doc
BIZ_2925AJKEQX.doc
BIZ_9476CQQAVK.doc
ATT922050997.doc
AT&T_Account_12_19_18.doc
ATTBusiness_12_19_18.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!