× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3eba3687b76bdbd17f8f894f5901870d0b9509cc9484f9c1d358206f568bebcb
File name: 81829722.doc
Detection ratio: 1 / 57
Analysis date: 2015-04-02 12:00:20 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Fortinet WM/Agent!tr 20150402
Ad-Aware 20150402
AegisLab 20150402
Yandex 20150401
AhnLab-V3 20150402
Alibaba 20150402
ALYac 20150402
Antiy-AVL 20150402
Avast 20150402
AVG 20150402
Avira (no cloud) 20150405
AVware 20150402
Baidu-International 20150402
BitDefender 20150402
Bkav 20150402
ByteHero 20150402
CAT-QuickHeal 20150402
ClamAV 20150401
CMC 20150402
Comodo 20150402
Cyren 20150402
DrWeb 20150402
Emsisoft 20150402
ESET-NOD32 20150402
F-Prot 20150401
F-Secure 20150402
GData 20150402
Ikarus 20150402
Jiangmin 20150401
K7AntiVirus 20150402
K7GW 20150402
Kaspersky 20150402
Kingsoft 20150402
Malwarebytes 20150402
McAfee 20150402
McAfee-GW-Edition 20150401
Microsoft 20150402
eScan 20150402
NANO-Antivirus 20150402
Norman 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150402
Rising 20150402
Sophos AV 20150402
SUPERAntiSpyware 20150402
Symantec 20150402
Tencent 20150402
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150402
TrendMicro-HouseCall 20150402
VBA32 20150402
VIPRE 20150402
ViRobot 20150402
Zillya 20150402
Zoner 20150402
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
Summary
last_author
435435435
creation_datetime
2015-03-18 09:12:00
template
Normal.dot
author
1
page_count
1
last_saved
2015-03-18 11:01:00
edit_time
3180
word_count
491
revision_number
73
application_name
Microsoft Office Word
character_count
2804
code_page
Cyrillic
Document summary
line_count
23
company
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd
characters_with_spaces
3289
version
730895
paragraph_count
6
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14080
type_literal
stream
size
113
name
\x01CompObj
sid
22
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
6104
name
1Table
sid
2
type_literal
stream
size
4096
name
Data
sid
1
type_literal
stream
size
575
name
Macros/PROJECT
sid
20
type_literal
stream
size
122
name
Macros/PROJECTwm
sid
21
type_literal
stream
size
2004
type
macro
name
Macros/VBA/Module1
sid
9
type_literal
stream
size
1271
type
macro
name
Macros/VBA/ThisDocument
sid
18
type_literal
stream
size
3264
name
Macros/VBA/_VBA_PROJECT
sid
19
type_literal
stream
size
1498
name
Macros/VBA/__SRP_0
sid
10
type_literal
stream
size
118
name
Macros/VBA/__SRP_1
sid
11
type_literal
stream
size
264
name
Macros/VBA/__SRP_2
sid
12
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
13
type_literal
stream
size
136
name
Macros/VBA/__SRP_4
sid
14
type_literal
stream
size
103
name
Macros/VBA/__SRP_5
sid
15
type_literal
stream
size
1291
type
macro
name
Macros/VBA/dfsdfsdf
sid
16
type_literal
stream
size
649
name
Macros/VBA/dir
sid
8
type_literal
stream
size
2160
type
macro
name
Macros/VBA/sdfsdfggg
sid
17
type_literal
stream
size
10798
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 34 bytes
[+] dfsdfsdf.bas Macros/VBA/dfsdfsdf 231 bytes
environ
[+] sdfsdfggg.bas Macros/VBA/sdfsdfggg 845 bytes
create-ole environ handle-file open-file write-file
[+] Module1.bas Macros/VBA/Module1 760 bytes
ExifTool file metadata
SharedDoc
No

Author
1

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
435435435

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
3289

CreateDate
2015:03:18 08:12:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:03:18 10:01:00

Characters
2804

CodePage
Windows Cyrillic

RevisionNumber
73

MIMEType
application/msword

Words
491

FileType
DOC

Lines
23

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
53.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
6

File identification
MD5 64fa6501bd4d32b2958922598008ca96
SHA1 ed50ac2f6c58a59c26d3a9241156bb110dff44c0
SHA256 3eba3687b76bdbd17f8f894f5901870d0b9509cc9484f9c1d358206f568bebcb
ssdeep
384:wqFRb3nn5N8v5PQm7sQtDh5BMaQm9Lu9SwoAkZ0jSt3Xlf:XRbsv5PQmlh5BMW9LgoAQnf

File size 48.0 KB ( 49152 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 435435435, Revision Number: 73, Name of Creating Application: Microsoft Office Word, Total Editing Time: 53:00, Create Time/Date: Tue Mar 17 08:12:00 2015, Last Saved Time/Date: Tue Mar 17 10:01:00 2015, Number of Pages: 1, Number of Words: 491, Number of Characters: 2804, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
open-file handle-file doc macros environ write-file create-ole

VirusTotal metadata
First submission 2015-04-02 12:00:20 UTC ( 4 years, 1 month ago )
Last submission 2015-04-02 12:00:20 UTC ( 4 years, 1 month ago )
File names 81829722.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!