× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4539573845f0d32d186671368bbd398c5686833151c93c0d923feb771f347589
File name: 4539573845f0d32d186671368bbd398c5686833151c93c0d923feb771f347589
Detection ratio: 38 / 60
Analysis date: 2018-12-17 07:18:50 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware W97M.Downloader.HRF 20181217
AhnLab-V3 MSOffice/Downloader 20181216
ALYac W97M.Downloader.HRF 20181217
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.lrx 20181217
Arcabit HEUR.VBA.Trojan.e 20181217
Avira (no cloud) VBA/Dldr.Agent.oqpvl 20181216
BitDefender W97M.Downloader.HRF 20181217
CAT-QuickHeal W97M.Emotet.Heur 20181216
ClamAV Doc.Malware.Dldk-6779240-0 20181217
Comodo TrojWare.VBS.TrojanDownloader.Agent.LRE@7za8m9 20181217
Cyren W97M/Downldr.E.gen!Eldorado 20181217
DrWeb Exploit.Siggen.16961 20181217
Emsisoft Trojan-Downloader.Macro.Generic.L (A) 20181217
Endgame malicious (high confidence) 20181108
ESET-NOD32 VBA/TrojanDownloader.Agent.LRX 20181217
F-Secure W97M.Downloader.HRF 20181217
Fortinet VBA/Agent.LTL!tr.dldr 20181217
GData Macro.Trojan-Downloader.Shallow.S 20181217
Ikarus Trojan.VBA.Agent 20181216
Kaspersky HEUR:Exploit.MSOffice.Generic 20181217
MAX malware (ai score=100) 20181217
McAfee W97M/Downloader.gg 20181217
McAfee-GW-Edition BehavesLike.Downloader.cg 20181217
Microsoft Trojan:O97M/Obfuse.BZ 20181216
eScan W97M.Downloader.HRF 20181217
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181217
Qihoo-360 virus.office.qexvmc.1085 20181217
Rising Trojan.Obfuse!8.10126 (TOPIS:kHNkIftHMcU) 20181216
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/DocDl-QZX 20181216
Symantec W97M.Downloader 20181216
TACHYON Suspicious/W97M.Obfus.Gen.6 20181214
Tencent Heur.Macro.Generic.Gen.h 20181217
TrendMicro Trojan.W97M.POWLOAD.TIHAOHAU 20181216
TrendMicro-HouseCall Trojan.W97M.POWLOAD.TIHAOHAU 20181217
ViRobot DOC.Z.Agent.143232.O 20181217
ZoneAlarm by Check Point HEUR:Exploit.MSOffice.Generic 20181217
Zoner Probably W97Obfuscated 20181217
AegisLab 20181214
Alibaba 20180921
Avast 20181216
Avast-Mobile 20181216
AVG 20181217
Babable 20180918
Baidu 20181207
Bkav 20181214
CMC 20181216
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181217
eGambit 20181217
F-Prot 20181217
Sophos ML 20181128
Jiangmin 20181217
K7AntiVirus 20181217
K7GW 20181217
Kingsoft 20181217
Malwarebytes 20181216
Palo Alto Networks (Known Signatures) 20181217
Panda 20181216
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TheHacker 20181216
TotalDefense 20181216
Trapmine 20181205
Trustlook 20181217
VBA32 20181214
VIPRE 20181216
Webroot 20181217
Yandex 20181214
Zillya 20181215
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
creation_datetime
2018-12-10 12:51:00
template
Normal.dotm
page_count
1
last_saved
2018-12-10 12:51:00
word_count
2
revision_number
1
application_name
Microsoft Office Word
character_count
15
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
16
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4480
type_literal
stream
size
114
name
\x01CompObj
sid
18
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
9490
name
1Table
sid
2
type_literal
stream
size
81766
name
Data
sid
1
type_literal
stream
size
431
name
Macros/PROJECT
sid
17
type_literal
stream
size
74
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
1270
type
macro
name
Macros/VBA/JNEhcMNqmcpki
sid
8
type_literal
stream
size
7211
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1254
name
Macros/VBA/__SRP_0
sid
14
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
15
type_literal
stream
size
292
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
580
name
Macros/VBA/dir
sid
13
type_literal
stream
size
8015
type
macro
name
Macros/VBA/kNqjGNFrv
sid
11
type_literal
stream
size
4815
name
WordDocument
sid
3
Macros and VBA code streams
[+] JNEhcMNqmcpki.cls Macros/VBA/JNEhcMNqmcpki 28 bytes
[+] kNqjGNFrv.bas Macros/VBA/kNqjGNFrv 4700 bytes
run-file
ExifTool file metadata
SharedDoc
No

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
16

CreateDate
2018:12:10 11:51:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:12:10 11:51:00

ScaleCrop
No

Characters
15

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 e1d3ea95ffebeba6a3d0201b60822263
SHA1 1a961f5ca0ae6d15e60f8f8b5840e4c6da40a63c
SHA256 4539573845f0d32d186671368bbd398c5686833151c93c0d923feb771f347589
ssdeep
1536:8Aq81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9ORaXbx:M8GhDS0o9zTGOZD6EbzCdLbx

File size 139.9 KB ( 143232 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Dec 09 11:51:00 2018, Last Saved Time/Date: Sun Dec 09 11:51:00 2018, Number of Pages: 1, Number of Words: 2, Number of Characters: 15, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros run-file doc

VirusTotal metadata
First submission 2018-12-10 15:10:11 UTC ( 4 months, 1 week ago )
Last submission 2018-12-10 15:10:11 UTC ( 4 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!