| SHA256: | 4c4580f7b858d06afd0eb9505cca1d5a5ae9600682ac485a267335797deb8a6b |
| File name: | N5OSUHX.docm |
| Detection ratio: | 13 / 59 |
| Analysis date: | 2017-05-12 04:09:04 UTC ( 1 year, 7 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Avira (no cloud) | W2000M/Agent.0446414 | 20170511 |
| Baidu | VBA.Trojan-Downloader.Agent.bae | 20170503 |
| CAT-QuickHeal | O97M.Downloader.AJK | 20170511 |
| F-Secure | Trojan-Downloader:W97M/Dridex.Z | 20170512 |
| Ikarus | Trojan-Downloader.VBA.Agent | 20170511 |
| Microsoft | TrojanDownloader:O97M/Donoff | 20170512 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20170512 |
| Qihoo-360 | virus.office.obfuscated.1 | 20170512 |
| Rising | Heur.Macro.Downloader.d (classic) | 20170512 |
| Symantec | W97M.Downloader | 20170511 |
| TrendMicro | W2KM_LO.B3C9E4B5 | 20170512 |
| TrendMicro-HouseCall | W2KM_LO.B3C9E4B5 | 20170512 |
| ZoneAlarm by Check Point | HEUR:Trojan-Downloader.Script.Generic | 20170512 |
| Ad-Aware | 20170512 | |
| AegisLab | 20170512 | |
| AhnLab-V3 | 20170512 | |
| Alibaba | 20170512 | |
| ALYac | 20170512 | |
| Antiy-AVL | 20170512 | |
| Arcabit | 20170512 | |
| Avast | 20170512 | |
| AVG | 20170512 | |
| AVware | 20170512 | |
| BitDefender | 20170512 | |
| Bkav | 20170511 | |
| ClamAV | 20170511 | |
| CMC | 20170511 | |
| Comodo | 20170512 | |
| CrowdStrike Falcon (ML) | 20170130 | |
| Cyren | 20170512 | |
| DrWeb | 20170512 | |
| Emsisoft | 20170512 | |
| Endgame | 20170503 | |
| ESET-NOD32 | 20170512 | |
| F-Prot | 20170512 | |
| Fortinet | 20170512 | |
| GData | 20170512 | |
| Sophos ML | 20170413 | |
| Jiangmin | 20170510 | |
| K7AntiVirus | 20170511 | |
| K7GW | 20170512 | |
| Kaspersky | 20170512 | |
| Kingsoft | 20170512 | |
| Malwarebytes | 20170512 | |
| McAfee | 20170512 | |
| McAfee-GW-Edition | 20170511 | |
| eScan | 20170512 | |
| nProtect | 20170512 | |
| Palo Alto Networks (Known Signatures) | 20170512 | |
| Panda | 20170511 | |
| SentinelOne (Static ML) | 20170330 | |
| Sophos AV | 20170512 | |
| SUPERAntiSpyware | 20170511 | |
| Symantec Mobile Insight | 20170511 | |
| Tencent | 20170512 | |
| TheHacker | 20170508 | |
| TotalDefense | 20170511 | |
| Trustlook | 20170512 | |
| VBA32 | 20170511 | |
| VIPRE | 20170512 | |
| ViRobot | 20170512 | |
| Webroot | 20170512 | |
| WhiteArmor | 20170502 | |
| Yandex | 20170510 | |
| Zillya | 20170511 | |
| Zoner | 20170512 |
The file being studied follows the Open XML file format!
More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
Content types
bin
rels
jpg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
2
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2017-05-11T20:49:00Z
dcterms:modified
2017-05-11T20:49:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
2
Words
1
Characters
6
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
6
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
3
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No
HyperlinksChanged
No
LinksUpToDate
No
LastModifiedBy
1
HeadingPairs
, 1
ZipFileName
[Content_Types].xml
Template
Normal.dotm
ZipRequiredVersion
20
ModifyDate
2017:05:11 20:49:00Z
ZipCRC
0x2d551a4d
Words
1
ScaleCrop
No
RevisionNumber
2
MIMEType
application/vnd.ms-word.document.macroEnabled
ZipBitFlag
0x0006
CreateDate
2017:05:11 20:49:00Z
Lines
1
AppVersion
16.0
ZipUncompressedSize
1504
ZipCompressedSize
400
Characters
6
CharactersWithSpaces
6
DocSecurity
None
ZipModifyDate
1980:01:01 00:00:00
FileType
DOCM
Application
Microsoft Office Word
TotalEditTime
0
ZipCompression
Deflated
Pages
2
Creator
2
FileTypeExtension
docm
Paragraphs
1
The file being studied is a compressed stream!
Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
142972
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
jpg
1
Contained files by type
XML
13
Microsoft Office
1
JPG
1
File identification
MD5 9af80fcfc8e2c0c78cdfab84584eafe4
SHA1 5c222168eba4e7567b0399caa9653a90f25c7e5a
SHA256 4c4580f7b858d06afd0eb9505cca1d5a5ae9600682ac485a267335797deb8a6b
ssdeep
1536:i4yqYR100hGSjoemr/3lypPpHSNZetooifW09lZbR73v:cFR10m7Hmj3lypVSNZetookW0P7
File size
73.2 KB ( 74972 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract
| TrID |
Word Microsoft Office Open XML Format document (with Macro) (53.0%) Word Microsoft Office Open XML Format document (23.9%) Open Packaging Conventions container (17.8%) ZIP compressed archive (4.0%) PrintFox/Pagefox bitmap (var. P) (1.0%) |
Tags
obfuscated
open-file
enum-windows
exe-pattern
handle-file
docx
macros
write-file
create-ole
VirusTotal metadata
First submission
2017-05-12 04:09:04 UTC ( 1 year, 7 months ago )
Last submission
2017-05-12 04:09:04 UTC ( 1 year, 7 months ago )
| File names |
N5OSUHX.docm |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!