× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c8ce2af5e2e8ed17cc0656db46b1c82fad8acfab766a1ff7f15a25d778e37ff
File name: paypalInvoice_000092419298377.doc
Detection ratio: 6 / 54
Analysis date: 2016-11-30 07:21:50 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast VBA:Downloader-DSH [Trj] 20161130
AVware LooksLike.Macro.Malware.k (v) 20161130
Fortinet WM/Agent.CBW!tr 20161130
Qihoo-360 virus.office.gen.85 20161130
Symantec W97M.Downloader 20161130
VIPRE LooksLike.Macro.Malware.k (v) 20161130
Ad-Aware 20161130
AegisLab 20161130
AhnLab-V3 20161129
Alibaba 20161130
ALYac 20161130
Antiy-AVL 20161130
Arcabit 20161130
AVG 20161130
Avira (no cloud) 20161130
Baidu 20161130
BitDefender 20161130
Bkav 20161129
CAT-QuickHeal 20161130
ClamAV 20161130
CMC 20161129
Comodo 20161130
CrowdStrike Falcon (ML) 20161024
Cyren 20161130
DrWeb 20161130
Emsisoft 20161130
ESET-NOD32 20161130
F-Prot 20161130
F-Secure 20161130
GData 20161130
Ikarus 20161129
Invincea 20161128
Jiangmin 20161130
K7AntiVirus 20161130
K7GW 20161130
Kaspersky 20161130
Kingsoft 20161130
Malwarebytes 20161130
McAfee 20161130
McAfee-GW-Edition 20161130
Microsoft 20161130
eScan 20161130
NANO-Antivirus 20161130
nProtect 20161130
Panda 20161129
Rising 20161130
Sophos 20161130
SUPERAntiSpyware 20161130
Tencent 20161130
TheHacker 20161130
TrendMicro 20161130
TrendMicro-HouseCall 20161130
Trustlook 20161130
VBA32 20161129
ViRobot 20161130
WhiteArmor 20161125
Yandex 20161128
Zillya 20161129
Zoner 20161130
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May try to download additional files from the Internet.
Summary
last_author
MX
creation_datetime
2016-11-09 19:56:00
template
Normal.dotm
author
MX
page_count
1
last_saved
2016-11-28 18:24:00
edit_time
16680
revision_number
39
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
I
characters_with_spaces
1
version
917504
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
17024
type_literal
stream
size
114
name
\x01CompObj
sid
29
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
7119
name
1Table
sid
1
type_literal
stream
size
658
name
Macros/PROJECT
sid
22
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
23
type_literal
stream
size
1968
type
macro
name
Macros/VBA/ThisDocument
sid
15
type_literal
stream
size
4638
name
Macros/VBA/_VBA_PROJECT
sid
16
type_literal
stream
size
2998
name
Macros/VBA/__SRP_0
sid
10
type_literal
stream
size
210
name
Macros/VBA/__SRP_1
sid
11
type_literal
stream
size
920
name
Macros/VBA/__SRP_6
sid
12
type_literal
stream
size
66
name
Macros/VBA/__SRP_7
sid
13
type_literal
stream
size
897
name
Macros/VBA/dir
sid
7
type_literal
stream
size
3363
type
macro
name
Macros/VBA/fdsdfg
sid
8
type_literal
stream
size
1666
type
macro (only attributes)
name
Macros/VBA/gfhjjh
sid
9
type_literal
stream
size
1434
type
macro (only attributes)
name
Macros/VBA/rtvhfgghj
sid
14
type_literal
stream
size
97
name
Macros/gfhjjh/\x01CompObj
sid
20
type_literal
stream
size
288
name
Macros/gfhjjh/\x03VBFrame
sid
21
type_literal
stream
size
306
name
Macros/gfhjjh/f
sid
18
type_literal
stream
size
364
name
Macros/gfhjjh/o
sid
19
type_literal
stream
size
97
name
Macros/rtvhfgghj/\x01CompObj
sid
27
type_literal
stream
size
290
name
Macros/rtvhfgghj/\x03VBFrame
sid
28
type_literal
stream
size
210
name
Macros/rtvhfgghj/f
sid
25
type_literal
stream
size
276
name
Macros/rtvhfgghj/o
sid
26
type_literal
stream
size
41994
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 71 bytes
[+] fdsdfg.bas Macros/VBA/fdsdfg 513 bytes
exe-pattern download run-file
ExifTool file metadata
SharedDoc
No

Author
MX

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
MX

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2016:11:09 18:56:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2016:11:28 17:24:00

Company
I

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
39

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
4.6 hours

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 9e9b5383ae88bf51f2a3446c576d32d0
SHA1 7eb9ea867d320b3707b9f83c781a09afb35cb0bf
SHA256 4c8ce2af5e2e8ed17cc0656db46b1c82fad8acfab766a1ff7f15a25d778e37ff
ssdeep
1536:DZJc5C7U9KCP6pBQGsHHSXfSLHbxCR2p9:lJc51syUQdHyXAbxCop9

File size 85.5 KB ( 87552 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: MX, Template: Normal.dotm, Last Saved By: MX, Revision Number: 39, Name of Creating Application: Microsoft Office Word, Total Editing Time: 04:38:00, Create Time/Date: Tue Nov 08 18:56:00 2016, Last Saved Time/Date: Sun Nov 27 17:24:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
download macros run-file exe-pattern doc

VirusTotal metadata
First submission 2016-11-29 16:52:41 UTC ( 6 months, 3 weeks ago )
Last submission 2016-12-02 03:05:49 UTC ( 6 months, 3 weeks ago )
File names PaypalInvoice.doc
upwork00973.doc
paypalInvoice_000092419298377.doc
PaypalInvoice.doc.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!