× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43769e6d4d82640ead9685d91231f7dcbbd1417915b2ffe720f0712a4da74fa5
Detection ratio: 8 / 57
Analysis date: 2018-03-28 18:14:45 UTC ( 11 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20180328
Baidu VBA.Trojan-Downloader.Agent.cpw 20180328
Fortinet VBA/Agent.HHV!tr 20180328
Microsoft Trojan:Script/Cloxer.A!cl 20180328
Sophos AV Troj/DocDl-NFS 20180328
Symantec Trojan.Gen.NPE.2 20180328
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180328
Zoner Probably W97Obfuscated 20180327
Ad-Aware 20180328
AegisLab 20180328
AhnLab-V3 20180328
Alibaba 20180328
ALYac 20180328
Antiy-AVL 20180328
Avast 20180328
Avast-Mobile 20180328
AVG 20180328
Avira (no cloud) 20180328
AVware 20180328
BitDefender 20180328
Bkav 20180328
CAT-QuickHeal 20180328
ClamAV 20180328
CMC 20180328
Comodo 20180328
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180328
Cyren 20180328
DrWeb 20180328
eGambit 20180328
Emsisoft 20180328
Endgame 20180316
ESET-NOD32 20180328
F-Prot 20180328
F-Secure 20180328
GData 20180328
Ikarus 20180328
Sophos ML 20180121
Jiangmin 20180328
K7AntiVirus 20180328
K7GW 20180328
Kaspersky 20180328
Kingsoft 20180328
Malwarebytes 20180328
MAX 20180328
McAfee 20180328
McAfee-GW-Edition 20180328
eScan 20180328
NANO-Antivirus 20180328
nProtect 20180328
Palo Alto Networks (Known Signatures) 20180328
Panda 20180328
Qihoo-360 20180328
Rising 20180328
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180328
Symantec Mobile Insight 20180311
Tencent 20180328
TheHacker 20180327
TrendMicro 20180328
TrendMicro-HouseCall 20180328
Trustlook 20180328
VBA32 20180328
VIPRE 20180328
ViRobot 20180328
WhiteArmor 20180324
Yandex 20180328
Zillya 20180328
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-03-28 18:02:00
author
Vudikeqy
title
Vudikeqy
page_count
1
last_saved
2018-03-28 18:02:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
template
Normal.dotm
code_page
Latin I
subject
Vudikeqy
Document summary
category
Vudikeqy
line_count
1
company
Vudikeqy
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7168
type_literal
stream
sid
21
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
336
type_literal
stream
sid
4
name
\x05SummaryInformation
size
428
type_literal
stream
sid
2
name
1Table
size
7474
type_literal
stream
sid
1
name
Data
size
94339
type_literal
stream
sid
19
name
Macros/PROJECT
size
573
type_literal
stream
sid
20
name
Macros/PROJECTwm
size
140
type_literal
stream
sid
15
type
macro (only attributes)
name
Macros/VBA/FwiilJzF
size
1106
type_literal
stream
sid
17
type
macro
name
Macros/VBA/MzqJYbKjjoM
size
11719
type_literal
stream
sid
16
type
macro
name
Macros/VBA/SaSNlYPF
size
37396
type_literal
stream
sid
10
type
macro
name
Macros/VBA/YOjzitz
size
1594
type_literal
stream
sid
18
name
Macros/VBA/_VBA_PROJECT
size
42505
type_literal
stream
sid
11
name
Macros/VBA/__SRP_0
size
1381
type_literal
stream
sid
12
name
Macros/VBA/__SRP_1
size
118
type_literal
stream
sid
13
name
Macros/VBA/__SRP_2
size
220
type_literal
stream
sid
14
name
Macros/VBA/__SRP_3
size
66
type_literal
stream
sid
9
type
macro
name
Macros/VBA/bSMrqOM
size
55169
type_literal
stream
sid
8
name
Macros/VBA/dir
size
711
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] bSMrqOM.bas Macros/VBA/bSMrqOM 32343 bytes
[+] SaSNlYPF.bas Macros/VBA/SaSNlYPF 21845 bytes
create-ole obfuscated run-file
[+] MzqJYbKjjoM.bas Macros/VBA/MzqJYbKjjoM 6465 bytes
obfuscated
[+] YOjzitz.bas Macros/VBA/YOjzitz 452 bytes
ExifTool file metadata
Category
Vudikeqy

SharedDoc
No

Author
Vudikeqy

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:03:28 17:02:00

Company
Vudikeqy

Title
Vudikeqy

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:03:28 17:02:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
Vudikeqy

File identification
MD5 d04c7326d3a9f7079bd931362624012b
SHA1 ec9e16a11b973d2df43b1feff54f69759a494f8f
SHA256 43769e6d4d82640ead9685d91231f7dcbbd1417915b2ffe720f0712a4da74fa5
ssdeep
6144:79IC/nqBw6QCnTlLMqFPTyaANLjsD3TFwfxTFdIL:pIC8w6RnNMqFOfNLju3TF+IL

File size 270.0 KB ( 276480 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Vudikeqy, Subject: Vudikeqy, Author: Vudikeqy, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Mar 27 17:02:00 2018, Last Saved Time/Date: Tue Mar 27 17:02:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc create-ole

VirusTotal metadata
First submission 2018-03-28 17:19:05 UTC ( 11 months ago )
Last submission 2018-08-09 00:23:09 UTC ( 6 months, 2 weeks ago )
File names INV-XOCT-6397940689.doc
ACH-FORM-KIUF-38295250173.doc
INV-UWN-930177147.doc
INV-RLC-9259215.doc
INVOICE-OPVG-15439086751859.doc
INV-AVM-925631798.doc
INV-SQ-93369273530240.doc
INVOICE-BWNH-290801355827674.doc
INVOICE-PZG-0398713.doc
INV-YXJ-6497895.doc
INVOICE-AB-8674162913523.doc
WIRE-FORM-GAYW-4169315293.doc
WIRE-FORM-DECF-58238361772.doc
INVOICE-YM-19543507862998.doc
INVOICE-AJH-354263544459.doc
INVOICE-ECC-19160612.doc
INV-UH-67333810521769.doc
INV-CU-939975443182006.doc
INVOICE-HX-33238259.doc
INVOICE-RAAD-85935507552087.doc
ACH-FORM-MEMX-7340733.doc
INVOICE-NNN-78807749581.doc
ACH-FORM-DQ-8612128.doc
WIRE-FORM-GBZJ-1037099.doc
output.113050636.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!