× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4554fd639d5fe714dd65894af6fe5f96805f5da26bd0a8437ddb7d8e5c93df7b
File name: Cleaning022958-01.doc
Detection ratio: 5 / 55
Analysis date: 2015-10-23 10:24:50 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151023
AVware LooksLike.Macro.Malware.gen!d1 (v) 20151023
Panda W97M/Downloader 20151022
Sophos AV Troj/DocDl-ACU 20151023
VIPRE LooksLike.Macro.Malware.gen!d1 (v) 20151023
Ad-Aware 20151023
AegisLab 20151023
Yandex 20151023
AhnLab-V3 20151023
Alibaba 20151023
ALYac 20151023
Antiy-AVL 20151023
Avast 20151023
AVG 20151023
Avira (no cloud) 20151023
Baidu-International 20151022
BitDefender 20151023
Bkav 20151022
ByteHero 20151023
CAT-QuickHeal 20151023
ClamAV 20151023
CMC 20151021
Comodo 20151023
Cyren 20151023
DrWeb 20151023
Emsisoft 20151023
ESET-NOD32 20151023
F-Prot 20151023
F-Secure 20151023
Fortinet 20151023
GData 20151023
Ikarus 20151023
Jiangmin 20151023
K7AntiVirus 20151023
K7GW 20151023
Kaspersky 20151023
Malwarebytes 20151023
McAfee 20151023
McAfee-GW-Edition 20151023
Microsoft 20151023
eScan 20151023
NANO-Antivirus 20151023
nProtect 20151023
Qihoo-360 20151023
Rising 20151022
SUPERAntiSpyware 20151023
Symantec 20151022
Tencent 20151023
TheHacker 20151020
TrendMicro 20151023
TrendMicro-HouseCall 20151023
VBA32 20151022
ViRobot 20151023
Zillya 20151022
Zoner 20151023
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-23 08:04:00
revision_number
3
author
1
page_count
1
last_saved
2015-10-23 08:04:00
template
Normal
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3392
type_literal
stream
sid
15
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
9960
type_literal
stream
sid
14
name
Macros/PROJECT
size
517
type_literal
stream
sid
13
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
15458
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module2
size
11903
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module3
size
9977
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1902
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
9468
type_literal
stream
sid
12
name
Macros/VBA/dir
size
617
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 170 bytes
[+] Module1.bas Macros/VBA/Module1 8672 bytes
exe-pattern create-file create-ole download obfuscated open-file run-file
[+] Module2.bas Macros/VBA/Module2 6905 bytes
open-file write-file
[+] Module3.bas Macros/VBA/Module3 5283 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:23 07:04:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:23 07:04:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 c08519230b49ad87bc6aa12933aa0cec
SHA1 95ba7964c1804668b6716600cadf675c441b0585
SHA256 4554fd639d5fe714dd65894af6fe5f96805f5da26bd0a8437ddb7d8e5c93df7b
ssdeep
768:+9JgkHv/2dpmm3aamSApr2yMduhlEDoJcIZfVfvfdfE7bNemif0fINw6Wa+PVkur:Hammm3YSo23uhlEMfCnsm0E/Sur

File size 76.5 KB ( 78336 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Oct 22 07:04:00 2015, Last Saved Time/Date: Thu Oct 22 07:04:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file exe-pattern doc create-file run-file macros attachment download write-file create-ole

VirusTotal metadata
First submission 2015-10-23 08:23:34 UTC ( 3 years, 7 months ago )
Last submission 2017-11-08 22:28:34 UTC ( 1 year, 6 months ago )
File names Cleaning022958-01.doc
e376e45c7a865dfad33b713a6d6b6531
0eac28f773b1be6b0955b5df914783dd
Cleaning022958(1).doc
22102015160213-0001_doc
bfc2dc730c4eaf1f456117ab258fcf2e
Cleaning022958.doc
38e2d31d1a9d3a161aec0d322eee0d33
e245960bfba456ef59be5593da512ce1
84fae9e9c9f310a0cf3f43b6ff218bff
309e83126e366b3d9ae3812cb4bc47b9
b4d56c9bf9872909d0d72d1852defe11
16fbbcd60a3c0a221a8a33267c073051
8631342db602746703c4b76b9ebe26dc
22102015160213-0001.doc
76b9e51e553483a30ea1dee55409a4d8
f0561583ec7a2397df6a1e2d2ecf48d8
b63cb5c8952e05f8890bb5c03d36a17a
01ecdf44240fa4b0b827d4776ef335e6
c2b058518bd7d570bc071fca1269180f
075c8aeed4842b47de7fd400a5258e8f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!