× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 430f35ac1fc92a1935766677eb3cd8e983de606744ce1b638b9cd826434f6cd2
File name: ELLE013006.DOC
Detection ratio: 4 / 55
Analysis date: 2015-07-06 08:13:32 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20150706
AVware LooksLike.Macro.Malware.g (v) 20150706
CAT-QuickHeal W97M.Dropper.DZ 20150704
VIPRE LooksLike.Macro.Malware.g (v) 20150706
Ad-Aware 20150706
AegisLab 20150706
Yandex 20150630
AhnLab-V3 20150706
Alibaba 20150630
ALYac 20150706
Antiy-AVL 20150706
Avast 20150706
AVG 20150706
Avira (no cloud) 20150706
Baidu-International 20150706
BitDefender 20150706
Bkav 20150704
ByteHero 20150706
ClamAV 20150706
Comodo 20150706
Cyren 20150706
DrWeb 20150706
Emsisoft 20150706
ESET-NOD32 20150706
F-Prot 20150706
F-Secure 20150706
Fortinet 20150706
GData 20150702
Ikarus 20150706
Jiangmin 20150703
K7AntiVirus 20150706
K7GW 20150706
Kaspersky 20150706
Kingsoft 20150706
Malwarebytes 20150706
McAfee 20150706
McAfee-GW-Edition 20150705
Microsoft 20150706
eScan 20150706
NANO-Antivirus 20150706
nProtect 20150703
Panda 20150705
Qihoo-360 20150706
Rising 20150705
Sophos AV 20150706
SUPERAntiSpyware 20150706
Symantec 20150706
Tencent 20150706
TheHacker 20150706
TrendMicro 20150706
TrendMicro-HouseCall 20150706
VBA32 20150703
ViRobot 20150706
Zillya 20150706
Zoner 20150706
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-07-06 07:16:00
template
Normal
author
1
page_count
1
last_saved
2015-07-06 07:16:00
edit_time
60
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7040
type_literal
stream
size
113
name
\x01CompObj
sid
14
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
462
name
Macros/PROJECT
sid
13
type_literal
stream
size
89
name
Macros/PROJECTwm
sid
12
type_literal
stream
size
5704
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
6285
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
1571
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
3989
name
Macros/VBA/_VBA_PROJECT
sid
10
type_literal
stream
size
596
name
Macros/VBA/dir
sid
11
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 105 bytes
[+] Module1.bas Macros/VBA/Module1 2628 bytes
exe-pattern create-file create-ole obfuscated open-file write-file
[+] Module2.bas Macros/VBA/Module2 2940 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:07:06 06:16:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:07:06 06:16:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
1.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 1a468423fc391c90a6e4d6c0dbbc085f
SHA1 7ad3345497cda56c6b3c1e7c028113f1c82faa3f
SHA256 430f35ac1fc92a1935766677eb3cd8e983de606744ce1b638b9cd826434f6cd2
ssdeep
384:zUvv+JsXtCHR4EVTH60j5hlYiBu+8IrtLB9y5:oOWXwHR4uas4IuOB9y5

File size 39.5 KB ( 40448 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Sun Jul 05 06:16:00 2015, Last Saved Time/Date: Sun Jul 05 06:16:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (33.3%)
Microsoft PowerPoint document (32.8%)
Microsoft Excel sheet (alternate) (25.5%)
Generic OLE2 / Multistream Compound File (8.3%)
Tags
obfuscated open-file exe-pattern doc create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2015-07-06 07:14:08 UTC ( 2 years, 3 months ago )
Last submission 2016-02-24 13:43:43 UTC ( 1 year, 7 months ago )
File names ELLE013006.DOC
1a468423fc391c90a6e4d6c0dbbc085f.DOC
22051501.DOC
c69ce5fe5817caa60cc5631fd3598f5e
2f2fc621abb67244493cd88285dac3f3
86d9ba367ebf2e2e8a1cd18305044485
ffa595c8a1356846c68945f84bc8e1ba
ea9d79a1bc61b9fa4d76488600f76202
7AD3345497CDA56C6B3C1E7C028113F1C82FAA3F
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!