× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cefb793010150a0c217ca7eb3410a70221e11c6ba7cb094c8d0bf743bc3bb79
File name: MX62EDO 08.12.2016.docm
Detection ratio: 10 / 54
Analysis date: 2016-12-08 10:29:19 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 VBA/Malma 20161208
Arcabit HEUR.VBA.Trojan.e 20161208
Avira (no cloud) HEUR/Macro.Downloader 20161208
F-Secure Trojan:W97M/MaliciousMacro.GEN 20161208
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20161208
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20161208
Panda Generic Malware 20161207
Qihoo-360 virus.office.obfuscated.1 20161208
Tencent Macro.Trojan.Dropperd.Auto 20161208
TrendMicro HEUR_VBA.O2 20161208
Ad-Aware 20161208
AegisLab 20161208
Alibaba 20161208
ALYac 20161208
Antiy-AVL 20161208
Avast 20161208
AVG 20161208
AVware 20161208
Baidu 20161207
BitDefender 20161208
Bkav 20161207
CAT-QuickHeal 20161208
ClamAV 20161208
CMC 20161208
Comodo 20161208
CrowdStrike Falcon (ML) 20161024
Cyren 20161208
DrWeb 20161208
Emsisoft 20161208
ESET-NOD32 20161208
F-Prot 20161208
Fortinet 20161208
GData 20161208
Ikarus 20161208
Sophos ML 20161202
Jiangmin 20161208
K7AntiVirus 20161208
K7GW 20161208
Kingsoft 20161208
Malwarebytes 20161208
McAfee 20161205
McAfee-GW-Edition 20161208
Microsoft 20161208
eScan 20161208
nProtect 20161208
Rising 20161208
Sophos AV 20161208
SUPERAntiSpyware 20161208
Symantec 20161208
TheHacker 20161130
TrendMicro-HouseCall 20161208
Trustlook 20161208
VBA32 20161207
VIPRE 20161208
ViRobot 20161208
WhiteArmor 20161207
Yandex 20161208
Zillya 20161207
Zoner 20161208
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 778 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 5478 bytes
exe-pattern create-ole enum-windows handle-file obfuscated open-file run-file write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2016-12-08T09:44:00Z
dcterms:modified
2016-12-08T09:44:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:12:08 09:44:00Z

ZipCRC
0x7aec387e

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:12:08 09:44:00Z

Lines
0

AppVersion
16.0

ZipUncompressedSize
1453

ZipCompressedSize
391

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Creator
1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
75257
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
File identification
MD5 feeebb768ed50c3004ad08cc1de05e11
SHA1 4bd5a141b2f3de2ec9f21ec74ed81789fce65ad3
SHA256 4cefb793010150a0c217ca7eb3410a70221e11c6ba7cb094c8d0bf743bc3bb79
ssdeep
384:/imtQt3KnwVvsr45Zju3RKpeGju0yVHc2IZnXASdf6gE7kN4EwLfxl1M8HXBJJIa:/LyvsrAduhRExyhc2IZnXPfvqkN4rLfx

File size 23.8 KB ( 24405 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file enum-windows exe-pattern handle-file run-file macros docx attachment write-file create-ole

VirusTotal metadata
First submission 2016-12-08 10:04:51 UTC ( 2 years, 2 months ago )
Last submission 2016-12-21 16:45:40 UTC ( 2 years, 1 month ago )
File names 9a38c27aabc0eeb38c49ed4e544b3496
fc85fffd9fb25adbee74c703153a7c8c
8c2a97966867237954cd20a9fcaf8349
608035a88b88a5a22369c27d06199715
143ae3ab42b32df47abb5cd202b74d14
20161208110451.198792-DMX62EDO 08.12.2016.docm_infected
30ab10399e257ae5f1f665298d104763
4771a9fe795dec75ca18fcc80b2a2d60
MX62EDO 08.12.2016.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!