× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a0ce507d8cc017065e3b10fbe920f1e27cd291dd147876eabf815ddddef09d8
File name: emotet_e1_4a0ce507d8cc017065e3b10fbe920f1e27cd291dd147876eabf815d...
Detection ratio: 24 / 56
Analysis date: 2019-02-27 02:51:47 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.Agent.DQIG 20190227
ALYac VB:Trojan.Agent.DQIG 20190227
Arcabit VB:Trojan.Agent.DQIG 20190227
BitDefender VB:Trojan.Agent.DQIG 20190227
ClamAV Doc.Downloader.Emotet-6868706-0 20190226
Cyren W97M/Downldr.BR.gen!Eldorado 20190227
Emsisoft VB:Trojan.Agent.DQIG (B) 20190227
ESET-NOD32 VBA/TrojanDownloader.Agent.MWK 20190227
Fortinet VBA/Agent.4D84!tr 20190227
GData XML.Trojan.Agent.WEEAE2 20190227
Ikarus Trojan-Downloader.VBA.Agent 20190226
K7AntiVirus Trojan ( 005464381 ) 20190226
K7GW Trojan ( 005464381 ) 20190227
Kaspersky HEUR:Trojan-Downloader.MSOffice.Agent.gen 20190226
MAX malware (ai score=80) 20190227
McAfee W97M/Downloader.gw 20190226
McAfee-GW-Edition W97M/Downloader.gw 20190226
Microsoft TrojanDownloader:O97M/Xdoc.YB 20190227
eScan VB:Trojan.Agent.DQIG 20190227
Sophos AV Troj/DocDl-SGU 20190226
Symantec Trojan.Gen.2 20190226
TACHYON Suspicious/XML.Obfus.Gen.6 20190227
ZoneAlarm by Check Point HEUR:Trojan-Downloader.MSOffice.Agent.gen 20190227
Zoner Probably MacroXML 20190227
Acronis 20190222
AegisLab 20190227
AhnLab-V3 20190226
Alibaba 20180921
Antiy-AVL 20190227
Avast 20190227
Avast-Mobile 20190226
AVG 20190227
Avira (no cloud) 20190226
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190225
CMC 20190226
Comodo 20190227
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
DrWeb 20190227
eGambit 20190227
Endgame 20190215
F-Prot 20190227
F-Secure 20190227
Sophos ML 20181128
Jiangmin 20190227
Kingsoft 20190227
Malwarebytes 20190227
NANO-Antivirus 20190227
Palo Alto Networks (Known Signatures) 20190227
Panda 20190226
Qihoo-360 20190227
Rising 20190227
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
Tencent 20190227
TheHacker 20190225
TotalDefense 20190226
Trapmine 20190123
TrendMicro-HouseCall 20190226
VBA32 20190226
VIPRE 20190226
ViRobot 20190226
Webroot 20190227
Yandex 20190226
Zillya 20190226
File identification
MD5 c6e032bcfc549fa636b986f7c8a9235a
SHA1 9d867d19296d27509f4cff460dacc395398dcdd6
SHA256 4a0ce507d8cc017065e3b10fbe920f1e27cd291dd147876eabf815ddddef09d8
ssdeep
3072:ceyDAyByw9DTvycVKOCH3orrkN8/KiG1mM0OrfFwMT29:+3Byw9vv8OCSB/3M0Sf6

File size 187.0 KB ( 191537 bytes )
File type XML
Magic literal
XML document text

TrID file seems to be plain text/ASCII (0.0%)
Tags
xml attachment

VirusTotal metadata
First submission 2019-02-26 09:39:08 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-27 02:51:47 UTC ( 2 months, 3 weeks ago )
File names Rech_26022019_77HCM1287135.doc
emotet_e1_4a0ce507d8cc017065e3b10fbe920f1e27cd291dd147876eabf815ddddef09d8_2019-02-26__091506.doc
ExifTool file metadata
WordDocumentFontsFontPitchVal
variable

WordDocumentBodySectPRPictShapeType
#_x0000_t75

WordDocumentBodySectPRPictShapeStyle
width:468pt;height:207pt;visibility:visible;mso-wrap-style:square

WordDocumentDocumentPropertiesCharacters
7

WordDocumentBodySectSectPrPgMarBottom
1440

WordDocumentStylesStyleNameVal
Normal

WordDocumentStylesStyleRPrLangBidi
AR-SA

WordDocumentBodySectPRPictShapetypeId
_x0000_t75

MIMEType
application/xml

WordDocumentStylesStyleTblPrTblCellMarTopType
dxa

WordDocumentBodySectPRPictShapeSpid
_x0000_i1025

WordDocumentStylesStyleRsidVal
005A24B1

WordDocumentBodySectPRPictShapetypePathConnecttype
rect

WordDocumentBodySectSectPrPgMarRight
1440

WordDocumentShapeDefaultsShapelayoutIdmapExt
edit

WordDocumentBodySectPRPictShapetypePathExtrusionok
f

WordDocumentShapeDefaultsShapedefaultsExt
edit

WordDocumentBodySectPRPictShapeId
H__73__8

WordDocumentStylesStyleTblPrTblCellMarRightType
dxa

WordDocumentFontsFontName
Times New Roman

WordDocumentBodySectPRPictShapetypeFormulasFEqn
if lineDrawn pixelLineWidth 0

WordDocumentStylesStyleTblPrTblCellMarTopW
0

WordDocumentFontsDefaultFontsCs
Times New Roman

WordDocumentBodySectPRPictShapetypeLockAspectratio
t

WordDocumentStylesStylePPrSpacingLine
259

WordDocumentDocSuppDataBinDataName
Y_47_485

WordDocumentDocPrZoomPercent
100

WordDocumentBodySectSectPrPgSzH
15840

WordDocumentFontsDefaultFontsAscii
Calibri

WordDocumentStylesStyleStyleId
Normal

WordDocumentBodySectSectPrPgSzW
12240

WordDocumentBodySectPRPictShapetypePreferrelative
t

WordDocumentStylesStylePPrSpacingAfter
160

WordDocumentOcxPresent
no

WordDocumentStylesStyleTblPrTblIndType
dxa

WordDocumentDocPrRsidsRsidRootVal
005E6EE1

WordDocumentDocumentPropertiesLastSaved
2019:02:26 07:31:00Z

WordDocumentBodySectPRPictShapetypeLockExt
edit

WordDocumentBodySectSectPrPgMarLeft
1440

WordDocumentBodySectSectPrColsSpace
720

FileType
XML

WordDocumentDocumentPropertiesPages
1

WordDocumentStylesLatentStylesLsdExceptionName
Normal

WordDocumentStylesStyleTblPrTblCellMarRightW
108

WordDocumentDocPrDefaultTabStopVal
720

WordDocumentDocumentPropertiesRevision
1

WordDocumentBodySectSectPrPgMarFooter
720

WordDocumentDocumentPropertiesTotalTime
0

WordDocumentBodySectSectPrPgMarTop
1440

WordDocumentStylesStyleUiNameVal
Table Normal

WordDocumentBodySectSectPrPgMarHeader
720

WordDocumentDocumentPropertiesParagraphs
1

WordDocumentBodySectPRRsidRPr
00BA21AC

WordDocumentBodySectPRsidR
00971F19

WordDocumentBodySectPRPictShapetypeStroked
f

WordDocumentBodySectPRPictShapetypeCoordsize
21600,21600

WordDocumentDocPrCharacterSpacingControlVal
DontCompress

WordDocumentEmbeddedObjPresent
no

WordDocumentStylesStyleRPrRFontsAscii
Tahoma

WordDocumentStylesVersionOfBuiltInStylenamesVal
7

WordDocumentIgnoreSubtreeVal
http://schemas.microsoft.com/office/word/2003/wordml/sp2

WordDocumentBodySectPRPictBinData
(Binary data 91076 bytes, use -b option to extract)

WordDocumentStylesStyleTblPrTblCellMarBottomType
dxa

WordDocumentFontsFontCharsetVal
00

WordDocumentDocumentPropertiesLines
1

WordDocumentStylesStyleTblPrTblCellMarBottomW
0

WordDocumentStylesLatentStylesDefLockedState
off

WordDocumentDocPrRsidsRsidVal
005A24B1

WordDocumentBodySectPRPictShapetypeFilled
f

WordDocumentBodySectPRPictShapeImagedataSrc
wordml://b7_043_9.U_477587.a4__658_

WordDocumentBodySectPRPictShapetypeStrokeJoinstyle
miter

WordDocumentDocumentPropertiesCharactersWithSpaces
7

WordDocumentStylesStyleLinkVal
BalloonTextChar

WordDocumentStylesLatentStylesLatentStyleCount
375

WordDocumentDocPrAlwaysShowPlaceholderTextVal
off

WordDocumentBodySectPRPictShapetypePath
m@4@5l@4@11@9@11@9@5xe

WordDocumentDocumentPropertiesCreated
2019:02:26 07:31:00Z

WordDocumentStylesStyleRPrRFontsCs
Tahoma

WordDocumentBodySectSectPrPgMarGutter
0

WordDocumentDocPrViewVal
print

WordDocumentBodySectPRsidRDefault
00971F19

WordDocumentDocSuppDataBinData
(Binary data 73296 bytes, use -b option to extract)

WordDocumentStylesStyleTblPrTblCellMarLeftW
108

WordDocumentMacrosPresent
yes

WordDocumentFontsFontFamilyVal
Roman

WordDocumentStylesStyleRPrLangVal
EN-US

WordDocumentDocumentPropertiesWords
1

WordDocumentStylesStyleTblPrTblIndW
0

WordDocumentFontsDefaultFontsFareast
Calibri

WordDocumentStylesStyleRPrSzVal
22

FileTypeExtension
xml

WordDocumentShapeDefaultsShapelayoutExt
edit

WordDocumentBodySectPRPictShapetypePathGradientshapeok
t

WordDocumentStylesStyleRPrLangFareast
EN-US

WordDocumentShapeDefaultsShapedefaultsSpidmax
1026

WordDocumentStylesStyleBasedOnVal
Normal

WordDocumentBodySectPRPictBinDataName
wordml://b7_043_9.U_477587.a4__658_

WordDocumentBodySectSectPrRsidR
005E6EE1

WordDocumentDocPrPixelsPerInchVal
120

WordDocumentDocPrIgnoreMixedContentVal
off

WordDocumentBodySectPRPictShapetypeSpt
75

WordDocumentStylesStyleRPrFontVal
Calibri

WordDocumentStylesStyleTblPrTblCellMarLeftType
dxa

WordDocumentDocPrSaveInvalidXMLVal
off

WordDocumentDocumentPropertiesVersion
16

WordDocumentStylesStyleDefault
on

WordDocumentShapeDefaultsShapelayoutIdmapData
1

WordDocumentStylesStyleType
paragraph

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!