× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c8ce2af5e2e8ed17cc0656db46b1c82fad8acfab766a1ff7f15a25d778e37ff
File name: paypalInvoice_000092419298377.doc
Detection ratio: 6 / 54
Analysis date: 2016-11-30 07:21:50 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.k (v) 20161130
Avast VBA:Downloader-DSH [Trj] 20161130
Fortinet WM/Agent.CBW!tr 20161130
Qihoo-360 virus.office.gen.85 20161130
Symantec W97M.Downloader 20161130
VIPRE LooksLike.Macro.Malware.k (v) 20161130
ALYac 20161130
AVG 20161130
Ad-Aware 20161130
AegisLab 20161130
AhnLab-V3 20161129
Alibaba 20161130
Antiy-AVL 20161130
Arcabit 20161130
Avira (no cloud) 20161130
Baidu 20161130
BitDefender 20161130
Bkav 20161129
CAT-QuickHeal 20161130
CMC 20161129
ClamAV 20161130
Comodo 20161130
CrowdStrike Falcon (ML) 20161024
Cyren 20161130
DrWeb 20161130
ESET-NOD32 20161130
Emsisoft 20161130
F-Prot 20161130
F-Secure 20161130
GData 20161130
Ikarus 20161129
Invincea 20161128
Jiangmin 20161130
K7AntiVirus 20161130
K7GW 20161130
Kaspersky 20161130
Kingsoft 20161130
Malwarebytes 20161130
McAfee 20161130
McAfee-GW-Edition 20161130
eScan 20161130
Microsoft 20161130
NANO-Antivirus 20161130
Panda 20161129
Rising 20161130
SUPERAntiSpyware 20161130
Sophos 20161130
Tencent 20161130
TheHacker 20161130
TrendMicro 20161130
TrendMicro-HouseCall 20161130
Trustlook 20161130
VBA32 20161129
ViRobot 20161130
WhiteArmor 20161125
Yandex 20161128
Zillya 20161129
Zoner 20161130
nProtect 20161130
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May try to download additional files from the Internet.
Summary
last_author
MX
creation_datetime
2016-11-09 19:56:00
template
Normal.dotm
author
MX
page_count
1
last_saved
2016-11-28 18:24:00
edit_time
16680
revision_number
39
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
I
characters_with_spaces
1
version
917504
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
17024
type_literal
stream
size
114
name
\x01CompObj
sid
29
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
7119
name
1Table
sid
1
type_literal
stream
size
658
name
Macros/PROJECT
sid
22
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
23
type_literal
stream
size
1968
type
macro
name
Macros/VBA/ThisDocument
sid
15
type_literal
stream
size
4638
name
Macros/VBA/_VBA_PROJECT
sid
16
type_literal
stream
size
2998
name
Macros/VBA/__SRP_0
sid
10
type_literal
stream
size
210
name
Macros/VBA/__SRP_1
sid
11
type_literal
stream
size
920
name
Macros/VBA/__SRP_6
sid
12
type_literal
stream
size
66
name
Macros/VBA/__SRP_7
sid
13
type_literal
stream
size
897
name
Macros/VBA/dir
sid
7
type_literal
stream
size
3363
type
macro
name
Macros/VBA/fdsdfg
sid
8
type_literal
stream
size
1666
type
macro (only attributes)
name
Macros/VBA/gfhjjh
sid
9
type_literal
stream
size
1434
type
macro (only attributes)
name
Macros/VBA/rtvhfgghj
sid
14
type_literal
stream
size
97
name
Macros/gfhjjh/\x01CompObj
sid
20
type_literal
stream
size
288
name
Macros/gfhjjh/\x03VBFrame
sid
21
type_literal
stream
size
306
name
Macros/gfhjjh/f
sid
18
type_literal
stream
size
364
name
Macros/gfhjjh/o
sid
19
type_literal
stream
size
97
name
Macros/rtvhfgghj/\x01CompObj
sid
27
type_literal
stream
size
290
name
Macros/rtvhfgghj/\x03VBFrame
sid
28
type_literal
stream
size
210
name
Macros/rtvhfgghj/f
sid
25
type_literal
stream
size
276
name
Macros/rtvhfgghj/o
sid
26
type_literal
stream
size
41994
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 71 bytes
[+] fdsdfg.bas Macros/VBA/fdsdfg 513 bytes
exe-pattern download run-file
ExifTool file metadata
SharedDoc
No

Author
MX

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
MX

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2016:11:09 18:56:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2016:11:28 17:24:00

Company
I

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
39

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
4.6 hours

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 9e9b5383ae88bf51f2a3446c576d32d0
SHA1 7eb9ea867d320b3707b9f83c781a09afb35cb0bf
SHA256 4c8ce2af5e2e8ed17cc0656db46b1c82fad8acfab766a1ff7f15a25d778e37ff
ssdeep
1536:DZJc5C7U9KCP6pBQGsHHSXfSLHbxCR2p9:lJc51syUQdHyXAbxCop9

File size 85.5 KB ( 87552 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: MX, Template: Normal.dotm, Last Saved By: MX, Revision Number: 39, Name of Creating Application: Microsoft Office Word, Total Editing Time: 04:38:00, Create Time/Date: Tue Nov 08 18:56:00 2016, Last Saved Time/Date: Sun Nov 27 17:24:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
download macros run-file exe-pattern doc

VirusTotal metadata
First submission 2016-11-29 16:52:41 UTC ( 2 months, 3 weeks ago )
Last submission 2016-12-02 03:05:49 UTC ( 2 months, 2 weeks ago )
File names PaypalInvoice.doc
upwork00973.doc
paypalInvoice_000092419298377.doc
PaypalInvoice.doc.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!