× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56170cc962e92fc75cb859819b098f3dfcbfbf562b3827a939f55d0119f90f80
File name: rechn_49914-auftrgb
Detection ratio: 30 / 57
Analysis date: 2016-03-25 21:04:34 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware W97M.Downloader.BDP 20160325
AegisLab Troj.Rtf.Agent!c 20160325
AhnLab-V3 W97M/Downloader 20160325
ALYac W97M.Downloader.BDP 20160325
Arcabit HEUR.VBA.Trojan.d 20160325
Avast Other:Malware-gen [Trj] 20160325
AVG Downloader.Generic_c.ALET 20160325
Avira (no cloud) W2000M/Dldr.Agent.344 20160325
BitDefender W97M.Downloader.BDP 20160325
Cyren W97M/Downloader.ER 20160325
DrWeb W97M.DownLoader.954 20160325
Emsisoft W97M.Downloader.BDP (B) 20160325
ESET-NOD32 VBA/TrojanDownloader.Agent.AWA 20160325
F-Prot W97M/Downloader.ER 20160325
F-Secure W97M.Downloader.BDP 20160325
Fortinet WM/Agent!tr 20160325
GData W97M.Downloader.BDP 20160325
Ikarus Trojan-Downloader.VBA.Agent 20160325
Kaspersky Trojan.RTF.Agent.f 20160325
McAfee Downloader-FBDC!FBA6818BB8A0 20160325
McAfee-GW-Edition Downloader-FBDC!FBA6818BB8A0 20160325
Microsoft TrojanDownloader:O97M/Adnel 20160325
eScan W97M.Downloader.BDP 20160325
nProtect W97M.Downloader.BDP 20160325
Qihoo-360 virus.office.obfuscated.1 20160325
Sophos AV Troj/DocDl-BRL 20160325
Symantec W97M.Downloader 20160325
Tencent Macro.Trojan.Dropper.Auto 20160325
TrendMicro W2KM_DRIDEX.EA 20160325
TrendMicro-HouseCall W2KM_DRIDEX.EA 20160325
Yandex 20160316
Alibaba 20160323
Antiy-AVL 20160325
AVware 20160325
Baidu 20160325
Baidu-International 20160325
Bkav 20160325
ByteHero 20160325
CAT-QuickHeal 20160325
ClamAV 20160325
CMC 20160322
Comodo 20160325
Jiangmin 20160325
K7AntiVirus 20160325
K7GW 20160323
Kingsoft 20160325
Malwarebytes 20160325
NANO-Antivirus 20160325
Panda 20160325
Rising 20160325
SUPERAntiSpyware 20160325
TheHacker 20160325
VBA32 20160325
VIPRE 20160325
ViRobot 20160325
Zillya 20160325
Zoner 20160325
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
Summary
creation_datetime
2016-03-23 00:40:00
template
Normal.dot
title
page_count
1
last_saved
2016-03-23 00:47:00
edit_time
180
word_count
1
revision_number
7
application_name
Microsoft Office Word
character_count
11
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
11
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
9344
type_literal
stream
size
113
name
\x01CompObj
sid
21
type_literal
stream
size
276
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
380
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
97
name
Macros/HGFDSASASD/\x01CompObj
sid
17
type_literal
stream
size
292
name
Macros/HGFDSASASD/\x03VBFrame
sid
18
type_literal
stream
size
178
name
Macros/HGFDSASASD/f
sid
15
type_literal
stream
size
1440
name
Macros/HGFDSASASD/o
sid
16
type_literal
stream
size
714
name
Macros/PROJECT
sid
20
type_literal
stream
size
203
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
1010
type
macro (only attributes)
name
Macros/VBA/CFy0WiQk89HZS
sid
10
type_literal
stream
size
1160
type
macro (only attributes)
name
Macros/VBA/HGFDSASASD
sid
8
type_literal
stream
size
4285
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1006
name
Macros/VBA/dir
sid
13
type_literal
stream
size
1012
type
macro (only attributes)
name
Macros/VBA/wjhnPcvfLfIOs1A
sid
11
type_literal
stream
size
1011
type
macro (only attributes)
name
Macros/VBA/y8v80FMRdhA4tX
sid
9
type_literal
stream
size
7253
type
macro
name
Macros/VBA/zxczxcsasd
sid
7
type_literal
stream
size
4146
name
WordDocument
sid
2
Macros and VBA code streams
[+] zxczxcsasd.cls Macros/VBA/zxczxcsasd 2928 bytes
create-ole environ handle-file open-file write-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
11

CreateDate
2016:03:22 23:40:00

Security
None

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:03:22 23:47:00

Characters
11

Pages
1

RevisionNumber
7

MIMEType
application/msword

Words
1

FileType
DOC

Lines
1

AppVersion
11.9999

CodePage
Windows Cyrillic

Software
Microsoft Office Word

TotalEditTime
3.0 minutes

ScaleCrop
No

CompObjUserTypeLen
31

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 fba6818bb8a02617479c79717d2b4966
SHA1 5fedbfe0cacf536c8aca1133ced5e3bca12a415c
SHA256 56170cc962e92fc75cb859819b098f3dfcbfbf562b3827a939f55d0119f90f80
ssdeep
384:CmNHlS/EVlkl31bjoJTWpPlft+Elz0jvTa2NZ0jVc604p7D:pLV+pKlWHYEVuLXWcip7D

File size 42.5 KB ( 43520 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Template: Normal.dot, Revision Number: 7, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Mon Mar 21 23:40:00 2016, Last Saved Time/Date: Mon Mar 21 23:47:00 2016, Number of Pages: 1, Number of Words: 1, Number of Characters: 11, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
open-file handle-file doc macros environ attachment write-file create-ole

VirusTotal metadata
First submission 2016-03-23 12:32:43 UTC ( 1 year, 8 months ago )
Last submission 2016-04-09 11:53:38 UTC ( 1 year, 8 months ago )
File names rechn_77343-auftrgb nr053435.rtf
rechn_09866-auftrgb nr49.rtf
rechn_49591-auftrgb nr87.xxxx.rtf
rechn_77529-auftrgb.rtf
rechn_48088-auftrgb nr292.rtf
application-richtext-attachment
rechn_1494-auftrgb nr02619.rtf
rechn_70948-auftrgb nr025750.rtf
rechn_40809-auftrgb nr726898.rtf
rechn_49914-auftrgb
rechn_14903-auftrgb nr88.rtf
rechn_50252-auftrgb nr918147.rtf
rechn_0579-auftrgb
rechn_63732-auftrgb
rechn_23649-auftrgb
rechn_3740-auftrgb
rechn_74060-auftrgb nr231579.rtf
rechn_29503-auftrgb nr829.rtf
rechn_9389-auftrgb nr51241.rtf
rechn_97626-auftrgb
rechn_9125-auftrgb nr52019.rtf
rechn_59555-auftrgb
rechn_95782-auftrgb nr21.rtf
rechn_8488-auftrgb nr5491.rtf
rechn_7740-auftrgb nr514.rtf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!