× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a
File name: 96413.DOC
Detection ratio: 39 / 56
Analysis date: 2016-08-14 16:44:30 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Doc.Downloader.JB 20160814
AegisLab W2000M.Rogue.Aipaqcc!c 20160814
AhnLab-V3 W97M/Downloader 20160814
ALYac Trojan.Downloader.DOC.gen 20160814
Arcabit HEUR.VBA.Trojan.d 20160814
Avast VBA:Downloader-AKB [Trj] 20160814
AVG Generic14_c.BLUW 20160814
Avira (no cloud) W97M/Dldr.Agent.78655 20160814
AVware Trojan.OLE.Generic.a (v) 20160814
Baidu VBA.Trojan-Downloader.Agent.vt 20160813
BitDefender Trojan.Doc.Downloader.JB 20160814
CAT-QuickHeal W97M.Dropper.SZ 20160813
ClamAV Doc.Dropper.Agent-1509470 20160814
Comodo UnclassifiedMalware 20160814
Cyren W97M/Downloader.EB 20160814
DrWeb W97M.DownLoader.884 20160814
Emsisoft Trojan-Downloader.VBA.Agent (A) 20160814
ESET-NOD32 VBA/TrojanDownloader.Agent.AQF 20160814
F-Prot W97M/Downloader.EB 20160814
F-Secure Trojan-Downloader:W97M/Locky.A 20160814
Fortinet WM/Agent!tr 20160814
GData Trojan.Doc.Downloader.JB 20160814
Ikarus Trojan-Downloader.MSWord.Agent 20160814
Kaspersky Trojan-Downloader.VBS.Agent.bgv 20160814
McAfee W97M/Downloader.awe 20160814
McAfee-GW-Edition W97M/Downloader.awe 20160814
Microsoft TrojanDownloader:O97M/Donoff 20160814
eScan Trojan.Doc.Downloader.JB 20160814
NANO-Antivirus Trojan.Ole2.Agent.eeglbu 20160814
nProtect Trojan-Downloader/W97M.Abare 20160812
Panda O97M/Downloader 20160814
Qihoo-360 virus.office.obfuscated.1 20160814
Rising Macro.Download.es 20160814
Sophos Troj/DocDl-AYI 20160814
Symantec W97M.Downloader 20160814
Tencent Win32.Trojan-downloader.Agent.Wtdv 20160814
TrendMicro-HouseCall W2KM_DRIDEX.SMX3 20160814
VIPRE Trojan.OLE.Generic.a (v) 20160814
ViRobot W97M.S.Downloader.54784.C[h] 20160814
Alibaba 20160812
Antiy-AVL 20160815
Bkav 20160813
CMC 20160811
Jiangmin 20160814
K7AntiVirus 20160814
K7GW 20160814
Kingsoft 20160814
Malwarebytes 20160814
SUPERAntiSpyware 20160814
TheHacker 20160814
TotalDefense 20160814
TrendMicro 20160814
VBA32 20160812
Yandex 20160813
Zillya 20160814
Zoner 20160814
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
User
creation_datetime
2016-01-27 22:54:00
template
Normal.dot
author
Administrator
page_count
2
last_saved
2016-01-28 10:19:00
edit_time
840
word_count
29
revision_number
23
application_name
Microsoft Office Word
character_count
610
code_page
Cyrillic
Document summary
byte_count
44544
company
characters_with_spaces
627
line_count
17
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
13056
type_literal
stream
size
113
name
\x01CompObj
sid
26
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
575
name
Macros/PROJECT
sid
25
type_literal
stream
size
119
name
Macros/PROJECTwm
sid
24
type_literal
stream
size
4319
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
6501
name
Macros/VBA/_VBA_PROJECT
sid
15
type_literal
stream
size
4060
name
Macros/VBA/__SRP_0
sid
17
type_literal
stream
size
318
name
Macros/VBA/__SRP_1
sid
18
type_literal
stream
size
66
name
Macros/VBA/__SRP_6
sid
14
type_literal
stream
size
448
name
Macros/VBA/__SRP_7
sid
13
type_literal
stream
size
510
name
Macros/VBA/__SRP_8
sid
9
type_literal
stream
size
140
name
Macros/VBA/__SRP_9
sid
10
type_literal
stream
size
3293
type
macro
name
Macros/VBA/balinese
sid
8
type_literal
stream
size
1401
type
macro (only attributes)
name
Macros/VBA/chile
sid
12
type_literal
stream
size
915
name
Macros/VBA/dir
sid
16
type_literal
stream
size
5640
type
macro
name
Macros/VBA/undeformed
sid
11
type_literal
stream
size
97
name
Macros/chile/\x01CompObj
sid
22
type_literal
stream
size
282
name
Macros/chile/\x03VBFrame
sid
23
type_literal
stream
size
142
name
Macros/chile/f
sid
20
type_literal
stream
size
164
name
Macros/chile/o
sid
21
type_literal
stream
size
5678
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1387 bytes
exe-pattern create-ole obfuscated
[+] balinese.bas Macros/VBA/balinese 721 bytes
obfuscated
[+] undeformed.bas Macros/VBA/undeformed 2423 bytes
create-ole obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
Administrator

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
User

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
627

CreateDate
2016:01:27 21:54:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:01:28 09:19:00

HyperlinksChanged
No

Characters
610

ScaleCrop
No

RevisionNumber
23

MIMEType
application/msword

Words
29

Bytes
44544

FileType
DOC

Lines
17

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
14.0 minutes

Pages
2

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 df3f35df7d529b38e524275bee0672cb
SHA1 eb96024e33fe45557b5ba905ec7aff13bc4cca65
SHA256 45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a
ssdeep
768:l/lZVEO335ADgYXYqA4zCFl4hLxVUX6ehCWm5wpH:l/7FHuDgas4WFKhLU5iw

File size 53.5 KB ( 54784 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Administrator, Template: Normal.dot, Last Saved By: User, Revision Number: 23, Name of Creating Application: Microsoft Office Word, Total Editing Time: 14:00, Create Time/Date: Tue Jan 26 21:54:00 2016, Last Saved Time/Date: Wed Jan 27 09:19:00 2016, Number of Pages: 2, Number of Words: 29, Number of Characters: 610, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file exe-pattern doc macros attachment create-ole

VirusTotal metadata
First submission 2016-01-28 11:16:25 UTC ( 1 year, 1 month ago )
Last submission 2016-07-07 10:34:58 UTC ( 8 months, 2 weeks ago )
File names 25c8747b942356684583fa578a3ec735
980750fc954f9bb558431b5aaa2a259b
96413.doc
96413.DOC
3ddeeb2b4e7b023f958bc1b7eae6cb43
622b17ccb1a1e1100dca4546c6f6d6b8
a8b3254530af3a83cb03b2f308907df5
Purchase_Order_Number__2001800526.doc
24acc2a9ed5fb9490f88ef30019fff94
96413.DOC
96413.DOC
96413.DOC
PAYMENT VOUCHER.DOC
62a30ef6426b863305a46e26bb7b7ffd
5484d5723c8540f34cc0e1a5b1b1476e
96413.DOC-2016-01-28.22-00-01.txt
virus-96413.DOC
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV.DOC
1288ac6616c81ea68ce79eadd279148f
96413.DOC
e4e4ea7b91ac3a277a3432cb5eb5bb7b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!