× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 421dd4156a7fa04da8c8eb9f3322b653d70cdb63bd1acb90b064202a2af2b5f2
File name: New Doc 115.doc
Detection ratio: 32 / 54
Analysis date: 2016-02-14 12:15:02 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware X97M.Downloader.BF 20160214
AegisLab W2Km.Dridex.Byx!c 20160214
AhnLab-V3 W97M/Downloader 20160213
ALYac X97M.Downloader.BF 20160214
Arcabit HEUR.VBA.Trojan.d 20160214
Avast VBA:Downloader-AOS [Trj] 20160214
Avira (no cloud) WM/Dridex.C.3 20160214
BitDefender X97M.Downloader.BF 20160214
CAT-QuickHeal W97M.Dropper.UE 20160213
Cyren W97M/DridLdr 20160214
DrWeb W97M.DownLoader.877 20160214
Emsisoft X97M.Downloader.BF (B) 20160214
ESET-NOD32 VBA/TrojanDownloader.Agent.ARX 20160214
F-Prot New or modified W97M/DridLdr 20160214
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160213
Fortinet WM/Agent!tr 20160214
GData X97M.Downloader.BF 20160214
Ikarus Trojan-Downloader.VBA.Agent 20160214
Kaspersky Trojan-Downloader.VBS.Agent.bet 20160214
McAfee W97M/Downloader!98803ECA69D9 20160214
McAfee-GW-Edition W97M/Downloader!98803ECA69D9 20160214
Microsoft TrojanDownloader:O97M/Adnel 20160214
eScan X97M.Downloader.BF 20160214
NANO-Antivirus Trojan.Script.Agent.eafuhi 20160214
nProtect X97M.Downloader.BF 20160212
Panda O97M/Downloader 20160214
Qihoo-360 heur.macro.download.1i 20160214
Sophos AV Troj/DocDl-BAX 20160214
Symantec W97M.Downloader 20160213
TrendMicro W2KM_DRIDEX.BYX 20160214
TrendMicro-HouseCall W2KM_DRIDEX.BYX 20160214
VIPRE LooksLike.Macro.Malware.k (v) 20160214
Yandex 20160213
Alibaba 20160214
Antiy-AVL 20160214
AVG 20160214
Baidu-International 20160214
Bkav 20160204
ByteHero 20160214
ClamAV 20160214
CMC 20160214
Comodo 20160214
Jiangmin 20160214
K7AntiVirus 20160214
K7GW 20160214
Malwarebytes 20160214
Rising 20160214
SUPERAntiSpyware 20160213
Tencent 20160214
TheHacker 20160213
VBA32 20160212
ViRobot 20160214
Zillya 20160213
Zoner 20160214
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2016-02-10 09:02:00
template
Normal
author
1
page_count
1
last_saved
2016-02-10 09:02:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5696
type_literal
stream
size
114
name
\x01CompObj
sid
21
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
6688
name
1Table
sid
1
type_literal
stream
size
620
name
Macros/PROJECT
sid
19
type_literal
stream
size
134
name
Macros/PROJECTwm
sid
20
type_literal
stream
size
97
name
Macros/SamboF/\x01CompObj
sid
17
type_literal
stream
size
288
name
Macros/SamboF/\x03VBFrame
sid
18
type_literal
stream
size
402
name
Macros/SamboF/f
sid
15
type_literal
stream
size
480
name
Macros/SamboF/o
sid
16
type_literal
stream
size
9906
type
macro
name
Macros/VBA/Module1
sid
9
type_literal
stream
size
12971
type
macro
name
Macros/VBA/Module2
sid
10
type_literal
stream
size
8824
type
macro
name
Macros/VBA/Module3
sid
11
type_literal
stream
size
1156
type
macro (only attributes)
name
Macros/VBA/SamboF
sid
8
type_literal
stream
size
1121
type
macro
name
Macros/VBA/ThisDocument
sid
12
type_literal
stream
size
5875
name
Macros/VBA/_VBA_PROJECT
sid
13
type_literal
stream
size
903
name
Macros/VBA/dir
sid
7
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 47 bytes
[+] Module3.bas Macros/VBA/Module3 4101 bytes
create-ole
[+] Module2.bas Macros/VBA/Module2 6361 bytes
create-file create-ole handle-file obfuscated open-file write-file
[+] Module1.bas Macros/VBA/Module1 5395 bytes
open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2016:02:10 08:02:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2016:02:10 08:02:00

Company
Home

Characters
0

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

File identification
MD5 98803eca69d946c5060316959f5d6eec
SHA1 41772ad8a7e7aec1b72286bf0b02c67a1a1baeb2
SHA256 421dd4156a7fa04da8c8eb9f3322b653d70cdb63bd1acb90b064202a2af2b5f2
ssdeep
768:R+JgS0XWjihv3bPy9U+vQDCqR3ALj7CRFqSk007MCD6/27Hl59nYdp+:7Pd+qRXRB/639nYdo

File size 68.0 KB ( 69632 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Feb 09 08:02:00 2016, Last Saved Time/Date: Tue Feb 09 08:02:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file handle-file doc create-file macros write-file create-ole

VirusTotal metadata
First submission 2016-02-10 11:29:21 UTC ( 3 years, 1 month ago )
Last submission 2016-02-15 01:31:28 UTC ( 3 years, 1 month ago )
File names NewXDocX115.doc
New Doc 115.doc
New Doc 115.doc
0003_.b64.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!