× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d7c6a2e9e5b963470cae32ce12f47a608c9477ec7d4b07861f639d15ff35a38
File name: VirusShare_38368ef451cbe4120f427e4b79405c6c
Detection ratio: 44 / 56
Analysis date: 2017-03-28 04:55:57 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Exploit.JPEV 20170328
AegisLab Troj.Downloader.MSWord.Agent.dq!c 20170328
AhnLab-V3 W97M/Drixed 20170328
ALYac Exploit.JPEV 20170328
Antiy-AVL Trojan[Downloader]/MSWord.Agent.dq 20170328
Arcabit Exploit.JPEV 20170328
Avast MO97:Downloader-IQ [Trj] 20170328
AVG W97M/Generic 20170328
Avira (no cloud) W97M/Downloader.sdc 20170327
AVware LooksLike.Macro.Downloader.b (v) 20170328
BitDefender Exploit.JPEV 20170328
CAT-QuickHeal W97M.Dropper.AX 20170327
ClamAV Doc.Downloader.Macr-1 20170328
Comodo UnclassifiedMalware 20170328
Cyren W97M/Downloader.AW 20170328
DrWeb W97M.DownLoader.160 20170327
Emsisoft Exploit.JPEV (B) 20170328
ESET-NOD32 W97M/TrojanDownloader.Agent.NDC 20170328
F-Prot W97M/Downloader.AW 20170328
F-Secure Trojan-Downloader:W97M/Dridex.R 20170328
Fortinet W97M/Agent.NDC!tr.dldr 20170328
GData Exploit.JPEV 20170328
Ikarus Trojan-Downloader.VBA.Agent 20170327
Jiangmin WM/Downloader.Agent.dq 20170328
K7AntiVirus Trojan ( 0001140e1 ) 20170327
K7GW Trojan ( 0001140e1 ) 20170328
Kaspersky Trojan-Downloader.MSWord.Agent.dq 20170327
McAfee W97M/Downloader.abl 20170328
McAfee-GW-Edition W97M/Downloader.abl 20170328
Microsoft TrojanDownloader:W97M/Bartallex.B 20170327
eScan Exploit.JPEV 20170328
NANO-Antivirus Trojan.Script.DridLdr.dnxnan 20170328
nProtect Exploit/W32.MSWord.B 20170328
Panda W97M/Downloader 20170327
Qihoo-360 virus.office.obfuscated.1 20170328
Sophos Troj/DocDl-DD 20170328
Symantec W97M.Downloader 20170327
Tencent Win32.Trojan-downloader.Agent.Ljak 20170328
TotalDefense Tnega.XAXH!suspicious 20170328
TrendMicro W97M_DLOADR.JE 20170328
VIPRE LooksLike.Macro.Downloader.b (v) 20170328
ViRobot W97M.Downloader.F[h] 20170328
Yandex Trojan.MacroDown.Gen.TK 20170327
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.dq 20170328
Alibaba 20170328
Baidu 20170328
Bkav 20170328
CMC 20170327
CrowdStrike Falcon (ML) 20170130
Endgame 20170317
Invincea 20170203
Kingsoft 20170328
Malwarebytes 20170328
Palo Alto Networks (Known Signatures) 20170328
Rising None
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170328
Symantec Mobile Insight 20170326
TheHacker 20170327
Trustlook 20170328
VBA32 20170327
Webroot 20170328
WhiteArmor 20170327
Zillya 20170327
Zoner 20170328
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2014-12-08 21:39:00
template
Normal.dot
author
1
page_count
1
last_saved
2014-12-08 21:45:00
edit_time
300
revision_number
7
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4672
type_literal
stream
size
113
name
\x01CompObj
sid
12
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
444
name
Macros/PROJECT
sid
11
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
10
type_literal
stream
size
12604
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
3413
name
Macros/VBA/_VBA_PROJECT
sid
8
type_literal
stream
size
514
name
Macros/VBA/dir
sid
9
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 5253 bytes
auto-open create-ole download environ obfuscated open-file run-dll
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2014:12:08 20:39:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2014:12:08 20:45:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
7

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
5.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 38368ef451cbe4120f427e4b79405c6c
SHA1 78794c541247404e1348218b3a5bc8e867a9bc0d
SHA256 4d7c6a2e9e5b963470cae32ce12f47a608c9477ec7d4b07861f639d15ff35a38
ssdeep
192:69W/4rXDSYNW1AoNm3MLQ9GDPDs63flioI7kZ0j82222stqUlclAat:68sXDST1AoNpllilgZ0j8oxtqaclf

File size 37.5 KB ( 38400 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 7, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Sun Dec 07 20:39:00 2014, Last Saved Time/Date: Sun Dec 07 20:45:00 2014, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (45.7%)
Microsoft Excel sheet (42.8%)
Generic OLE2 / Multistream Compound File (11.4%)
Tags
obfuscated open-file auto-open doc macros run-dll environ attachment download create-ole

VirusTotal metadata
First submission 2014-12-24 08:18:13 UTC ( 2 years, 5 months ago )
Last submission 2016-07-21 10:21:51 UTC ( 10 months, 1 week ago )
File names Signature Invoice.doc
64bcfe3980f8d94055dd406c3f45c139
Signature Invoice.doc.dat
996d1df3f43c6e16722be0a63d9c443c
VirusShare_38368ef451cbe4120f427e4b79405c6c
7f45af2f090ab6de1eb96af5647192e5
556ecacb572a569e2c8c9fb17259fcf2
5c3d2dae84cf51235367ee14d768da82
4d7c6a2e9e5b963470cae32ce12f47a608c9477ec7d4b07861f639d15ff35a38 (1).bin
a802e30c8b8155fef844488992b1b589
119704472605-5-0_attach.1.Signature Invoice.doc
565b1718e5812e908b840879cce57393
5b88b3c5fd6f0a87fe337ef2e9d3dd5e
4d7c6a2e9e5b963470cae32ce12f47a608c9477ec7d4b07861f639d15ff35a38.bin
38368ef451cbe4120f427e4b79405c6c.malware
image001.doc
b00b6aa20be0bd3a9719fbe930fd0fea
Signature Invoice.doc
Signature Invoice.doc
Signature_Invoice.doc
Signature Invoice.vdoc
d9445941f02349107730cba48fe455aa
Signature Invoice.doc
c1d64ce12e92c178d72510d0c2ff8e22
05621184f73d8616429262d106075c21
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!