| SHA256: | 4cefb793010150a0c217ca7eb3410a70221e11c6ba7cb094c8d0bf743bc3bb79 |
| File name: | MX62EDO 08.12.2016.docm |
| Detection ratio: | 10 / 54 |
| Analysis date: | 2016-12-08 10:29:19 UTC ( 2 years, 4 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AhnLab-V3 | VBA/Malma | 20161208 |
| Arcabit | HEUR.VBA.Trojan.e | 20161208 |
| Avira (no cloud) | HEUR/Macro.Downloader | 20161208 |
| F-Secure | Trojan:W97M/MaliciousMacro.GEN | 20161208 |
| Kaspersky | HEUR:Trojan-Downloader.Script.Generic | 20161208 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20161208 |
| Panda | Generic Malware | 20161207 |
| Qihoo-360 | virus.office.obfuscated.1 | 20161208 |
| Tencent | Macro.Trojan.Dropperd.Auto | 20161208 |
| TrendMicro | HEUR_VBA.O2 | 20161208 |
| Ad-Aware | 20161208 | |
| AegisLab | 20161208 | |
| Alibaba | 20161208 | |
| ALYac | 20161208 | |
| Antiy-AVL | 20161208 | |
| Avast | 20161208 | |
| AVG | 20161208 | |
| AVware | 20161208 | |
| Baidu | 20161207 | |
| BitDefender | 20161208 | |
| Bkav | 20161207 | |
| CAT-QuickHeal | 20161208 | |
| ClamAV | 20161208 | |
| CMC | 20161208 | |
| Comodo | 20161208 | |
| CrowdStrike Falcon (ML) | 20161024 | |
| Cyren | 20161208 | |
| DrWeb | 20161208 | |
| Emsisoft | 20161208 | |
| ESET-NOD32 | 20161208 | |
| F-Prot | 20161208 | |
| Fortinet | 20161208 | |
| GData | 20161208 | |
| Ikarus | 20161208 | |
| Sophos ML | 20161202 | |
| Jiangmin | 20161208 | |
| K7AntiVirus | 20161208 | |
| K7GW | 20161208 | |
| Kingsoft | 20161208 | |
| Malwarebytes | 20161208 | |
| McAfee | 20161205 | |
| McAfee-GW-Edition | 20161208 | |
| Microsoft | 20161208 | |
| eScan | 20161208 | |
| nProtect | 20161208 | |
| Rising | 20161208 | |
| Sophos AV | 20161208 | |
| SUPERAntiSpyware | 20161208 | |
| Symantec | 20161208 | |
| TheHacker | 20161130 | |
| TrendMicro-HouseCall | 20161208 | |
| Trustlook | 20161208 | |
| VBA32 | 20161207 | |
| VIPRE | 20161208 | |
| ViRobot | 20161208 | |
| WhiteArmor | 20161207 | |
| Yandex | 20161208 | |
| Zillya | 20161207 | |
| Zoner | 20161208 |
The file being studied follows the Open XML file format!
More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2016-12-08T09:44:00Z
dcterms:modified
2016-12-08T09:44:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No
HyperlinksChanged
No
LinksUpToDate
No
LastModifiedBy
1
Application
Microsoft Office Word
ZipFileName
[Content_Types].xml
Template
Normal.dotm
ZipRequiredVersion
20
ModifyDate
2016:12:08 09:44:00Z
ZipCRC
0x7aec387e
Words
0
ScaleCrop
No
RevisionNumber
2
MIMEType
application/vnd.ms-word.document.macroEnabled
ZipBitFlag
0x0006
CreateDate
2016:12:08 09:44:00Z
Lines
0
AppVersion
16.0
ZipUncompressedSize
1453
ZipCompressedSize
391
Characters
0
CharactersWithSpaces
0
DocSecurity
None
ZipModifyDate
1980:01:01 00:00:00
FileType
DOCM
Creator
1
TotalEditTime
0
ZipCompression
Deflated
Pages
1
FileTypeExtension
docm
Paragraphs
0
The file being studied is a compressed stream!
Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
75257
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
File identification
MD5 feeebb768ed50c3004ad08cc1de05e11
SHA1 4bd5a141b2f3de2ec9f21ec74ed81789fce65ad3
SHA256 4cefb793010150a0c217ca7eb3410a70221e11c6ba7cb094c8d0bf743bc3bb79
ssdeep
384:/imtQt3KnwVvsr45Zju3RKpeGju0yVHc2IZnXASdf6gE7kN4EwLfxl1M8HXBJJIa:/LyvsrAduhRExyhc2IZnXPfvqkN4rLfx
File size
23.8 KB ( 24405 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract
| TrID |
Word Microsoft Office Open XML Format document (with Macro) (53.0%) Word Microsoft Office Open XML Format document (23.9%) Open Packaging Conventions container (17.8%) ZIP compressed archive (4.0%) PrintFox/Pagefox bitmap (var. P) (1.0%) |
Tags
obfuscated
open-file
enum-windows
exe-pattern
handle-file
run-file
macros
docx
attachment
write-file
create-ole
VirusTotal metadata
First submission
2016-12-08 10:04:51 UTC ( 2 years, 4 months ago )
Last submission
2016-12-21 16:45:40 UTC ( 2 years, 4 months ago )
| File names |
9a38c27aabc0eeb38c49ed4e544b3496 fc85fffd9fb25adbee74c703153a7c8c 8c2a97966867237954cd20a9fcaf8349 608035a88b88a5a22369c27d06199715 143ae3ab42b32df47abb5cd202b74d14 20161208110451.198792-DMX62EDO 08.12.2016.docm_infected 30ab10399e257ae5f1f665298d104763 4771a9fe795dec75ca18fcc80b2a2d60 MX62EDO 08.12.2016.docm |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!