× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43769e6d4d82640ead9685d91231f7dcbbd1417915b2ffe720f0712a4da74fa5
File name: INVOICE-RGWW-5157995950.doc
Detection ratio: 8 / 58
Analysis date: 2018-03-28 17:50:55 UTC ( 1 year ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20180328
Baidu VBA.Trojan-Downloader.Agent.cpw 20180328
Fortinet VBA/Agent.HHV!tr 20180328
Microsoft Trojan:Script/Cloxer.A!cl 20180328
Sophos AV Troj/DocDl-NFS 20180328
Symantec Trojan.Gen.NPE.2 20180328
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180328
Zoner Probably W97Obfuscated 20180327
Ad-Aware 20180328
AegisLab 20180328
AhnLab-V3 20180328
Alibaba 20180328
ALYac 20180328
Antiy-AVL 20180328
Avast 20180328
Avast-Mobile 20180328
AVG 20180328
Avira (no cloud) 20180328
AVware 20180328
BitDefender 20180328
Bkav 20180328
CAT-QuickHeal 20180328
ClamAV 20180328
CMC 20180328
Comodo 20180328
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180328
Cyren 20180328
DrWeb 20180328
eGambit 20180328
Emsisoft 20180328
Endgame 20180316
ESET-NOD32 20180328
F-Prot 20180328
F-Secure 20180328
GData 20180328
Ikarus 20180328
Sophos ML 20180121
Jiangmin 20180328
K7AntiVirus 20180328
K7GW 20180328
Kaspersky 20180328
Kingsoft 20180328
Malwarebytes 20180328
MAX 20180328
McAfee 20180328
McAfee-GW-Edition 20180328
eScan 20180328
NANO-Antivirus 20180328
nProtect 20180328
Palo Alto Networks (Known Signatures) 20180328
Panda 20180328
Qihoo-360 20180328
Rising 20180328
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180328
Symantec Mobile Insight 20180311
Tencent 20180328
TheHacker 20180327
TrendMicro 20180328
TrendMicro-HouseCall 20180328
Trustlook 20180328
VBA32 20180328
VIPRE 20180328
ViRobot 20180328
WhiteArmor 20180324
Yandex 20180328
Zillya 20180328
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-03-28 19:02:00
author
Vudikeqy
title
Vudikeqy
page_count
1
last_saved
2018-03-28 19:02:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
subject
Vudikeqy
code_page
Latin I
template
Normal.dotm
Document summary
category
Vudikeqy
line_count
1
company
Vudikeqy
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7168
type_literal
stream
size
114
name
\x01CompObj
sid
21
type_literal
stream
size
336
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
428
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7474
name
1Table
sid
2
type_literal
stream
size
94339
name
Data
sid
1
type_literal
stream
size
573
name
Macros/PROJECT
sid
19
type_literal
stream
size
140
name
Macros/PROJECTwm
sid
20
type_literal
stream
size
1106
type
macro (only attributes)
name
Macros/VBA/FwiilJzF
sid
15
type_literal
stream
size
11719
type
macro
name
Macros/VBA/MzqJYbKjjoM
sid
17
type_literal
stream
size
37396
type
macro
name
Macros/VBA/SaSNlYPF
sid
16
type_literal
stream
size
1594
type
macro
name
Macros/VBA/YOjzitz
sid
10
type_literal
stream
size
42505
name
Macros/VBA/_VBA_PROJECT
sid
18
type_literal
stream
size
1381
name
Macros/VBA/__SRP_0
sid
11
type_literal
stream
size
118
name
Macros/VBA/__SRP_1
sid
12
type_literal
stream
size
220
name
Macros/VBA/__SRP_2
sid
13
type_literal
stream
size
66
name
Macros/VBA/__SRP_3
sid
14
type_literal
stream
size
55169
type
macro
name
Macros/VBA/bSMrqOM
sid
9
type_literal
stream
size
711
name
Macros/VBA/dir
sid
8
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] bSMrqOM.bas Macros/VBA/bSMrqOM 32343 bytes
[+] SaSNlYPF.bas Macros/VBA/SaSNlYPF 21845 bytes
create-ole obfuscated run-file
[+] MzqJYbKjjoM.bas Macros/VBA/MzqJYbKjjoM 6465 bytes
obfuscated
[+] YOjzitz.bas Macros/VBA/YOjzitz 452 bytes
ExifTool file metadata
Category
Vudikeqy

SharedDoc
No

Author
Vudikeqy

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:03:28 17:02:00

ScaleCrop
No

Company
Vudikeqy

Title
Vudikeqy

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:03:28 17:02:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
Vudikeqy

File identification
MD5 d04c7326d3a9f7079bd931362624012b
SHA1 ec9e16a11b973d2df43b1feff54f69759a494f8f
SHA256 43769e6d4d82640ead9685d91231f7dcbbd1417915b2ffe720f0712a4da74fa5
ssdeep
6144:79IC/nqBw6QCnTlLMqFPTyaANLjsD3TFwfxTFdIL:pIC8w6RnNMqFOfNLju3TF+IL

File size 270.0 KB ( 276480 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Vudikeqy, Subject: Vudikeqy, Author: Vudikeqy, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Mar 27 18:02:00 2018, Last Saved Time/Date: Tue Mar 27 18:02:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc create-ole

VirusTotal metadata
First submission 2018-03-28 17:19:05 UTC ( 1 year ago )
Last submission 2018-08-09 00:23:09 UTC ( 8 months, 2 weeks ago )
File names INV-XOCT-6397940689.doc
ACH-FORM-KIUF-38295250173.doc
INV-UWN-930177147.doc
INV-RLC-9259215.doc
INVOICE-OPVG-15439086751859.doc
INV-AVM-925631798.doc
INV-SQ-93369273530240.doc
INVOICE-BWNH-290801355827674.doc
INVOICE-PZG-0398713.doc
INV-YXJ-6497895.doc
INVOICE-AB-8674162913523.doc
WIRE-FORM-GAYW-4169315293.doc
WIRE-FORM-DECF-58238361772.doc
INVOICE-YM-19543507862998.doc
INVOICE-AJH-354263544459.doc
INVOICE-ECC-19160612.doc
INV-UH-67333810521769.doc
INV-CU-939975443182006.doc
INVOICE-HX-33238259.doc
INVOICE-RAAD-85935507552087.doc
ACH-FORM-MEMX-7340733.doc
INVOICE-NNN-78807749581.doc
ACH-FORM-DQ-8612128.doc
WIRE-FORM-GBZJ-1037099.doc
output.113050636.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!