× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51fc6482d1ab80010ebfe25d5b2a81c556235f4f541631589be49b3d9ac366af
File name: PaymentAdvice.doc
Detection ratio: 4 / 57
Analysis date: 2017-07-26 11:54:04 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20170726
Ikarus Win32.Outbreak 20170726
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170726
Qihoo-360 heur.macro.gen.aa 20170726
Ad-Aware 20170726
AegisLab 20170726
AhnLab-V3 20170726
Alibaba 20170726
ALYac 20170726
Antiy-AVL 20170726
Avast 20170726
AVG 20170726
Avira (no cloud) 20170726
AVware 20170721
Baidu 20170726
BitDefender 20170726
Bkav 20170726
CAT-QuickHeal 20170726
ClamAV 20170726
CMC 20170726
Comodo 20170726
CrowdStrike Falcon (ML) 20170710
Cylance 20170726
Cyren 20170726
DrWeb 20170726
Emsisoft 20170726
Endgame 20170721
ESET-NOD32 20170726
F-Prot 20170726
F-Secure 20170726
Fortinet 20170726
GData 20170726
Sophos ML 20170607
Jiangmin 20170726
K7AntiVirus 20170726
K7GW 20170726
Kaspersky 20170726
Kingsoft 20170726
Malwarebytes 20170726
MAX 20170726
McAfee 20170726
McAfee-GW-Edition 20170725
Microsoft 20170726
eScan 20170726
nProtect 20170726
Palo Alto Networks (Known Signatures) 20170726
Panda 20170725
Rising 20170726
SentinelOne (Static ML) 20170718
Sophos AV 20170726
SUPERAntiSpyware 20170726
Symantec 20170726
Symantec Mobile Insight 20170726
Tencent 20170726
TheHacker 20170724
TrendMicro 20170726
TrendMicro-HouseCall 20170726
Trustlook 20170726
VBA32 20170725
VIPRE 20170726
ViRobot 20170726
Webroot 20170726
Yandex 20170725
Zillya 20170725
ZoneAlarm by Check Point 20170726
Zoner 20170726
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
support
creation_datetime
2017-07-22 06:10:00
revision_number
15
author
System Administrator
page_count
1
last_saved
2017-07-22 06:17:00
edit_time
360
word_count
40
template
Normal.dotm
application_name
Microsoft Office Word
character_count
233
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
272
version
917504
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
6464
type_literal
stream
sid
18
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7455
type_literal
stream
sid
1
name
Data
size
20591
type_literal
stream
sid
17
name
Macros/PROJECT
size
465
type_literal
stream
sid
16
name
Macros/PROJECTwm
size
56
type_literal
stream
sid
9
type
macro
name
Macros/VBA/BugM
size
32752
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
924
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
11064
type_literal
stream
sid
14
name
Macros/VBA/__SRP_0
size
2235
type_literal
stream
sid
15
name
Macros/VBA/__SRP_1
size
487
type_literal
stream
sid
10
name
Macros/VBA/__SRP_2
size
318
type_literal
stream
sid
11
name
Macros/VBA/__SRP_3
size
1128
type_literal
stream
sid
13
name
Macros/VBA/dir
size
566
type_literal
stream
sid
3
name
WordDocument
size
4142
Macros and VBA code streams
[+] BugM.bas Macros/VBA/BugM 21117 bytes
environ obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
System Administrator

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
support

HeadingPairs
Title, 1

Hyperlinks
https://products.office.com/en-us/word, https://products.office.com/en-us/word

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
272

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:07:22 05:17:00

Characters
233

CodePage
Windows Latin 1 (Western European)

RevisionNumber
15

MIMEType
application/msword

Words
40

CreateDate
2017:07:22 05:10:00

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
6.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 97c1761ddc936188a392e05c09d59b0c
SHA1 8dd2bac04a65807d878a285f7ff0c77738b07729
SHA256 51fc6482d1ab80010ebfe25d5b2a81c556235f4f541631589be49b3d9ac366af
ssdeep
1536:oOlLslHOq18qo+Ixq0h/rf4sM8Pjk1hF8iJVf:oOqSqrR0hb4sJg1hF8Uf

File size 94.5 KB ( 96768 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: System Administrator, Template: Normal.dotm, Last Saved By: support, Revision Number: 15, Name of Creating Application: Microsoft Office Word, Total Editing Time: 06:00, Create Time/Date: Fri Jul 21 05:10:00 2017, Last Saved Time/Date: Fri Jul 21 05:17:00 2017, Number of Pages: 1, Number of Words: 40, Number of Characters: 233, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file doc macros environ attachment

VirusTotal metadata
First submission 2017-07-26 10:43:21 UTC ( 1 year, 7 months ago )
Last submission 2018-04-27 17:30:09 UTC ( 10 months ago )
File names PaymentAdvice.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!