× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54c91de0caa693259c35439e720d00da9be17253a636b19eeba0ab0a80b7600e
File name: Doc1.doc
Detection ratio: 3 / 59
Analysis date: 2017-11-17 10:03:02 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20171117
Fortinet VBA/Dloader.CNJ!tr 20171117
Qihoo-360 virus.office.qexvmc.1095 20171117
Ad-Aware 20171117
AegisLab 20171117
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171117
Antiy-AVL 20171117
Arcabit 20171117
Avast 20171117
Avast-Mobile 20171116
AVG 20171117
Avira (no cloud) 20171117
AVware 20171117
Baidu 20171117
BitDefender 20171117
Bkav 20171116
CAT-QuickHeal 20171117
ClamAV 20171117
CMC 20171117
Comodo 20171117
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171117
Cyren 20171117
DrWeb 20171117
eGambit 20171117
Emsisoft 20171117
Endgame 20171024
ESET-NOD32 20171117
F-Prot 20171117
GData 20171117
Ikarus 20171116
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171117
Kaspersky 20171117
Kingsoft 20171117
Malwarebytes 20171117
MAX 20171117
McAfee 20171117
McAfee-GW-Edition 20171117
Microsoft 20171117
eScan 20171117
NANO-Antivirus 20171117
nProtect 20171117
Palo Alto Networks (Known Signatures) 20171117
Panda 20171116
Rising 20171117
SentinelOne (Static ML) 20171113
Sophos AV 20171117
SUPERAntiSpyware 20171117
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171117
TheHacker 20171112
TrendMicro 20171117
TrendMicro-HouseCall 20171117
Trustlook 20171117
VBA32 20171116
VIPRE 20171117
ViRobot 20171117
Webroot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171116
ZoneAlarm by Check Point 20171117
Zoner 20171117
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-11-17 10:48:00
template
Normal.dotm
author
Longer
page_count
1
last_saved
2017-11-17 11:02:00
edit_time
840
revision_number
18
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
company
Grizli777
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
33984
type_literal
stream
size
160
name
\x01CompObj
sid
57
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
6998
name
1Table
sid
2
type_literal
stream
size
80099
name
Data
sid
1
type_literal
stream
size
97
name
Macros/Jbhfbvbrhp/\x01CompObj
sid
38
type_literal
stream
size
295
name
Macros/Jbhfbvbrhp/\x03VBFrame
sid
39
type_literal
stream
size
334
name
Macros/Jbhfbvbrhp/f
sid
36
type_literal
stream
size
492
name
Macros/Jbhfbvbrhp/o
sid
37
type_literal
stream
size
97
name
Macros/Nm_kkaoj/\x01CompObj
sid
43
type_literal
stream
size
287
name
Macros/Nm_kkaoj/\x03VBFrame
sid
44
type_literal
stream
size
239
name
Macros/Nm_kkaoj/f
sid
41
type_literal
stream
size
224
name
Macros/Nm_kkaoj/o
sid
42
type_literal
stream
size
1417
name
Macros/PROJECT
sid
56
type_literal
stream
size
626
name
Macros/PROJECTwm
sid
55
type_literal
stream
size
915
type
macro
name
Macros/VBA/Bvwixocyq
sid
9
type_literal
stream
size
1611
type
macro
name
Macros/VBA/Fgnsd
sid
11
type_literal
stream
size
1495
type
macro
name
Macros/VBA/Jbhfbvbrhp
sid
24
type_literal
stream
size
1027
type
macro
name
Macros/VBA/Kbjlhkkjfdq3
sid
13
type_literal
stream
size
1173
type
macro (only attributes)
name
Macros/VBA/Nm_kkaoj
sid
25
type_literal
stream
size
1302
type
macro
name
Macros/VBA/Ohc_u_camfhq
sid
15
type_literal
stream
size
922
type
macro
name
Macros/VBA/Rmnqrqtpuz
sid
17
type_literal
stream
size
1280
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
924
type
macro
name
Macros/VBA/Trmneut
sid
20
type_literal
stream
size
1174
type
macro (only attributes)
name
Macros/VBA/Zhwxaicxd3
sid
27
type_literal
stream
size
1572
type
macro
name
Macros/VBA/Znxvlklz_y
sid
22
type_literal
stream
size
6966
name
Macros/VBA/_VBA_PROJECT
sid
28
type_literal
stream
size
1736
name
Macros/VBA/dir
sid
29
type_literal
stream
size
1585
type
macro
name
Macros/VBA/drvozcwjpj
sid
23
type_literal
stream
size
1261
type
macro
name
Macros/VBA/eaaqlfvpsus4
sid
10
type_literal
stream
size
1572
type
macro
name
Macros/VBA/jwdlmpzgnkw6
sid
12
type_literal
stream
size
906
type
macro
name
Macros/VBA/kgvnxfkcfoa
sid
14
type_literal
stream
size
1053
type
macro
name
Macros/VBA/qqaflocczo
sid
16
type_literal
stream
size
862
type
macro
name
Macros/VBA/rvzw4
sid
18
type_literal
stream
size
862
type
macro
name
Macros/VBA/rxm
sid
19
type_literal
stream
size
1178
type
macro (only attributes)
name
Macros/VBA/tntx_nzyxrc6
sid
26
type_literal
stream
size
858
type
macro
name
Macros/VBA/ysonuobu
sid
21
type_literal
stream
size
97
name
Macros/Zhwxaicxd3/\x01CompObj
sid
53
type_literal
stream
size
289
name
Macros/Zhwxaicxd3/\x03VBFrame
sid
54
type_literal
stream
size
182
name
Macros/Zhwxaicxd3/f
sid
51
type_literal
stream
size
260
name
Macros/Zhwxaicxd3/o
sid
52
type_literal
stream
size
97
name
Macros/drvozcwjpj/\x01CompObj
sid
33
type_literal
stream
size
291
name
Macros/drvozcwjpj/\x03VBFrame
sid
34
type_literal
stream
size
327
name
Macros/drvozcwjpj/f
sid
31
type_literal
stream
size
444
name
Macros/drvozcwjpj/o
sid
32
type_literal
stream
size
97
name
Macros/tntx_nzyxrc6/\x01CompObj
sid
48
type_literal
stream
size
296
name
Macros/tntx_nzyxrc6/\x03VBFrame
sid
49
type_literal
stream
size
283
name
Macros/tntx_nzyxrc6/f
sid
46
type_literal
stream
size
292
name
Macros/tntx_nzyxrc6/o
sid
47
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 52 bytes
[+] Bvwixocyq.bas Macros/VBA/Bvwixocyq 61 bytes
[+] eaaqlfvpsus4.bas Macros/VBA/eaaqlfvpsus4 214 bytes
[+] Fgnsd.bas Macros/VBA/Fgnsd 398 bytes
[+] jwdlmpzgnkw6.bas Macros/VBA/jwdlmpzgnkw6 579 bytes
[+] Kbjlhkkjfdq3.bas Macros/VBA/Kbjlhkkjfdq3 105 bytes
[+] kgvnxfkcfoa.bas Macros/VBA/kgvnxfkcfoa 77 bytes
[+] Ohc_u_camfhq.bas Macros/VBA/Ohc_u_camfhq 221 bytes
[+] qqaflocczo.bas Macros/VBA/qqaflocczo 137 bytes
[+] Rmnqrqtpuz.bas Macros/VBA/Rmnqrqtpuz 81 bytes
[+] rvzw4.bas Macros/VBA/rvzw4 57 bytes
[+] rxm.bas Macros/VBA/rxm 59 bytes
[+] Trmneut.bas Macros/VBA/Trmneut 69 bytes
[+] ysonuobu.bas Macros/VBA/ysonuobu 48 bytes
[+] Znxvlklz_y.bas Macros/VBA/Znxvlklz_y 447 bytes
[+] drvozcwjpj.frm Macros/VBA/drvozcwjpj 195 bytes
[+] Jbhfbvbrhp.frm Macros/VBA/Jbhfbvbrhp 105 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

CodePage
Unicode (UTF-8)

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:11:17 09:48:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:11:17 10:02:00

ScaleCrop
No

Company
Grizli777

Characters
1

HyperlinksChanged
No

RevisionNumber
18

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
14.0 minutes

Pages
1

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 8bf142cead150ddfd488b0f348a60746
SHA1 bb770b443c75423ae853325083e775d4345202e0
SHA256 54c91de0caa693259c35439e720d00da9be17253a636b19eeba0ab0a80b7600e
ssdeep
3072:EEk0aFUaGMWiEvq4bXj+zaLSSOre6bJwL22B:EN0TaHWDvq8qu+SInwL22B

File size 150.0 KB ( 153600 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 18, Name of Creating Application: Microsoft Office Word, Total Editing Time: 14:00, Create Time/Date: Thu Nov 16 09:48:00 2017, Last Saved Time/Date: Thu Nov 16 10:02:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-11-17 10:03:02 UTC ( 1 year, 3 months ago )
Last submission 2017-11-26 08:24:51 UTC ( 1 year, 2 months ago )
File names lloydsbank1942380124_2526.doc
Doc1.doc
05ed7496f3a2d53ae7481cd53e90e0e9133a4e08
Zebra 02.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!