× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387
File name: a6cd72162f2d89e33b4d1eaf4ab9d79a
Detection ratio: 18 / 55
Analysis date: 2016-11-09 07:01:12 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.VBS.Downloader.ZJ 20161109
ALYac Trojan.Downloader.W97M.Gen 20161109
Arcabit Trojan.VBS.Downloader.ZJ 20161109
BitDefender Trojan.VBS.Downloader.ZJ 20161108
Cyren Trojan.QGUY-0 20161109
Emsisoft Trojan.VBS.Downloader.ZJ (B) 20161109
F-Prot W97M/Downldr.gen 20161109
F-Secure Trojan:W97M/Nastjencro.A 20161109
Fortinet WM/Agent.14F0!tr 20161109
GData Trojan.VBS.Downloader.ZJ 20161109
Ikarus Trojan-Downloader.VBA.Agent 20161108
eScan Trojan.VBS.Downloader.ZJ 20161108
Qihoo-360 virus.office.gen.90 20161109
Sophos AV Troj/DocDl-FIE 20161109
Symantec W97M.Downloader 20161109
TrendMicro W2KM_DLOADR.YYSUQ 20161109
TrendMicro-HouseCall W2KM_DLOADR.YYSUQ 20161109
ViRobot W97M.S.Downloader.80384.D[h] 20161109
AegisLab 20161109
AhnLab-V3 20161108
Alibaba 20161109
Antiy-AVL 20161109
Avast 20161109
AVG 20161109
Avira (no cloud) 20161108
AVware 20161109
Baidu 20161107
Bkav 20161108
CAT-QuickHeal 20161108
ClamAV 20161109
CMC 20161109
Comodo 20161109
CrowdStrike Falcon (ML) 20161024
DrWeb 20161109
ESET-NOD32 20161109
Sophos ML 20161018
Jiangmin 20161109
K7AntiVirus 20161108
K7GW 20161109
Kaspersky 20161109
Kingsoft 20161109
Malwarebytes 20161109
McAfee 20161109
McAfee-GW-Edition 20161109
Microsoft 20161109
NANO-Antivirus 20161108
nProtect 20161109
Panda 20161108
Rising 20161109
SUPERAntiSpyware 20161109
Tencent 20161109
TheHacker 20161106
TotalDefense 20161108
VBA32 20161108
VIPRE 20161109
Yandex 20161108
Zillya 20161108
Zoner 20161109
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
IEUser
creation_datetime
2016-09-08 17:56:00
revision_number
583
author
User
page_count
1
last_saved
2016-11-08 09:37:00
edit_time
37260
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4736
type_literal
stream
sid
13
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
9587
type_literal
stream
sid
1
name
Data
size
38552
type_literal
stream
sid
11
name
Macros/PROJECT
size
440
type_literal
stream
sid
12
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
9
type
macro
name
Macros/VBA/ThisDocument
size
10189
type_literal
stream
sid
10
name
Macros/VBA/_VBA_PROJECT
size
3418
type_literal
stream
sid
8
name
Macros/VBA/dir
size
514
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4812 bytes
create-ole obfuscated
ExifTool file metadata
SharedDoc
No

Author
User

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
IEUser

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2016:09:08 16:56:00

Word97
No

LanguageCode
English (US)

ModifyDate
2016:11:08 08:37:00

Characters
1

CodePage
Unicode (UTF-8)

RevisionNumber
583

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
10.4 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 ea97455784c8036d1eb45dace2af14f0
SHA1 fd9dc1d6f0a14a278742f6f80d5d8bd7a93af9e2
SHA256 4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387
ssdeep
1536:syJc5C7U9KCP6pBQGsHHSXfSLHbxC/Izzsebe3GD:HJc51syUQdHyXAbxC/mh

File size 78.5 KB ( 80384 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: User, Template: Normal.dotm, Last Saved By: IEUser, Revision Number: 583, Name of Creating Application: Microsoft Office Word, Total Editing Time: 10:21:00, Create Time/Date: Wed Sep 07 16:56:00 2016, Last Saved Time/Date: Mon Nov 07 08:37:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros create-ole attachment doc

VirusTotal metadata
First submission 2016-11-08 09:13:27 UTC ( 2 years, 5 months ago )
Last submission 2019-01-01 12:48:07 UTC ( 3 months, 2 weeks ago )
File names e06bff2b7670ff54a8169972e4eec08c
e33fe25d906c6048415aa2399dd17ebc
FedEx.doc
402c214f707a2d32f08c9b78c6c0ba55
FedEx.doc_
ac16b40fd48477746f856a43e7c29a19
FedEx.doc
ac0d2584ca8ef22ead73d0e8245d85b0
30766bd3fa6eb0af2aa9db43ef628717
ac844116d7cb3a1abc798aa436f19b3b
f6d8be72963aa50cfa8240a39b1e2a24
3e748a01c18c74ab50bc8b15c6fdff94
42e90c5d6ad8dc166d0432b4fb657652
df519424ef3ae53cb1023f82ad7b36a0
a6cd72162f2d89e33b4d1eaf4ab9d79a
d7f776a2cb000d6a7711e732f46c0627
7635453bcbdd742ca28aa0927f448284
8a7daa9d54b3932699659970d4fd935c
4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387.dat
4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387.doc
87ec271c996320a6c43ca5f2943c7e07
f5b743c57dd29ac8cff78bc1e746f6a5
ea97455784c8036d1eb45dace2af14f0.virobj
adf59e21f23719c19255d6675c4f7a5e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!