× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ae26d1113eb2cdb0f18cedb036179cfaf0ff74e0cb6a605e4cdf357e3109a8c
File name: bddca74a4da71137b8f780ff9c959a54_doc
Detection ratio: 5 / 61
Analysis date: 2017-10-11 07:55:34 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20171011
Baidu VBA.Trojan-Downloader.Agent.bml 20171011
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20171011
Qihoo-360 virus.office.qexvmc.1090 20171011
TrendMicro-HouseCall Suspicious_GEN.F47V1010 20171011
Ad-Aware 20171011
AegisLab 20171011
AhnLab-V3 20171011
Alibaba 20170911
ALYac 20171011
Antiy-AVL 20171011
Avast 20171011
Avast-Mobile 20171011
AVG 20171011
Avira (no cloud) 20171011
AVware 20171011
BitDefender 20171011
Bkav 20171009
CAT-QuickHeal 20171011
ClamAV 20171011
CMC 20171011
Comodo 20171010
CrowdStrike Falcon (ML) 20170804
Cylance 20171011
Cyren 20171011
DrWeb 20171011
Emsisoft 20171011
Endgame 20170821
ESET-NOD32 20171011
F-Prot 20171011
F-Secure 20171011
Fortinet 20171011
GData 20171011
Ikarus 20171010
Sophos ML 20170914
Jiangmin 20171011
K7AntiVirus 20171011
K7GW 20171011
Kaspersky 20171011
Kingsoft 20171011
Malwarebytes 20171011
MAX 20171011
McAfee 20171011
McAfee-GW-Edition 20171011
Microsoft 20171011
eScan 20171011
nProtect 20171011
Palo Alto Networks (Known Signatures) 20171011
Panda 20171010
Rising 20171011
SentinelOne (Static ML) 20171001
Sophos AV 20171011
SUPERAntiSpyware 20171011
Symantec 20171011
Symantec Mobile Insight 20171011
Tencent 20171011
TheHacker 20171007
TotalDefense 20171011
TrendMicro 20171011
Trustlook 20171011
VBA32 20171010
VIPRE 20171011
ViRobot 20171011
Webroot 20171011
WhiteArmor 20170927
Yandex 20171010
Zillya 20171011
ZoneAlarm by Check Point 20171011
Zoner 20171011
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 20708 bytes
obfuscated run-file
Content types
bin
rels
jpeg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
user1
cp:lastModifiedBy
adm
cp:revision
48
dcterms:created
2016-09-28T20:37:00Z
dcterms:modified
2017-10-01T20:33:00Z
Application document properties
Template
Normal.dotm
TotalTime
106
Pages
1
Words
0
Characters
3
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
vt:lpstr
Title
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
3
SharedDoc
false
HyperlinksChanged
false
AppVersion
15.0000
Document languages
Language
Prevalence
en-gb
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

TitlesOfParts
,

LinksUpToDate
No

LastModifiedBy
adm

HeadingPairs
, 1, Title, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2017:10:01 20:33:00Z

ZipCRC
0x7df6b578

Words
0

ScaleCrop
No

RevisionNumber
48

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:09:28 20:37:00Z

Lines
1

AppVersion
15.0

ZipUncompressedSize
1637

ZipCompressedSize
427

Characters
3

CharactersWithSpaces
3

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
1.8 hours

ZipCompression
Deflated

Pages
1

Creator
user1

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
18
Uncompressed size
168525
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
12
bin
1
Contained files by type
XML
15
unknown
1
Microsoft Office
1
JPG
1
File identification
MD5 bddca74a4da71137b8f780ff9c959a54
SHA1 7ed9abaa0df25929bb39580ceb62248b73d608e2
SHA256 4ae26d1113eb2cdb0f18cedb036179cfaf0ff74e0cb6a605e4cdf357e3109a8c
ssdeep
3072:8CrUq6uYz9QBpccKApuFs+fkptpLidJOU:r65CBpccNpe8HpLYz

File size 102.7 KB ( 105159 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated macros run-file docx

VirusTotal metadata
First submission 2017-10-10 23:07:26 UTC ( 1 year, 7 months ago )
Last submission 2017-10-16 12:28:40 UTC ( 1 year, 7 months ago )
File names Your account, statement.docm
bddca74a4da71137b8f780ff9c959a54_doc
SAMPLE_11_10_2017 (50)
bddca74a4da71137b8f780ff9c959a54.doc
532533bc574b28869bbdcdbfe684c941ed5a7fa0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!