× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c69a55d1ef7a5ee84906ff18ae7e92d197a78164ec9d70f0a39dad90c6b485f
File name: Inquiry.doc
Detection ratio: 35 / 61
Analysis date: 2018-05-05 13:31:59 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.Agent.CYKC 20180505
AegisLab Vba.O.Elbp!c 20180505
ALYac VB:Trojan.Agent.CYKC 20180505
Arcabit HEUR.VBA.Trojan.e 20180505
Avast Other:Malware-gen [Trj] 20180505
AVG Other:Malware-gen [Trj] 20180505
AVware LooksLike.Macro.Malware.k (v) 20180428
Baidu VBA.Trojan-Downloader.Agent.ctv 20180503
BitDefender VB:Trojan.Agent.CYKC 20180505
ClamAV Doc.Dropper.Agent-6517675-0 20180505
Comodo UnclassifiedMalware 20180505
Cyren Trojan.ZRPS-6 20180505
DrWeb W97M.DownLoader.2676 20180505
Emsisoft VB:Trojan.Agent.CYKC (B) 20180505
ESET-NOD32 VBA/TrojanDownloader.Agent.HXF 20180505
F-Prot New or modified W97M/Agent 20180505
F-Secure VB:Trojan.Agent.CYKC 20180505
Fortinet VBA/Agent.HXF!tr.dldr 20180505
GData VB:Trojan.Agent.CYKC 20180505
Ikarus Trojan-Downloader.VBA.Agent 20180505
Kaspersky HEUR:Trojan.Script.Agent.gen 20180505
MAX malware (ai score=94) 20180505
McAfee W97M/Downloader.con 20180505
McAfee-GW-Edition BehavesLike.Downloader.cl 20180505
eScan VB:Trojan.Agent.CYKC 20180505
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180505
nProtect Suspicious/W97M.Obfus.Gen 20180505
Qihoo-360 virus.office.qexvmc.1095 20180505
Sophos AV Troj/DocDl-NNJ 20180505
Symantec Trojan.Gen.2 20180505
Tencent Win32.Trojan-downloader.Agent.Pijt 20180505
TrendMicro-HouseCall TROJ_FRS.VSN19D18 20180505
VIPRE LooksLike.Macro.Malware.k (v) 20180505
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20180505
Zoner Probably W97Shell 20180504
AhnLab-V3 20180505
Alibaba 20180503
Antiy-AVL 20180505
Avast-Mobile 20180505
Avira (no cloud) 20180505
Babable 20180406
Bkav 20180504
CAT-QuickHeal 20180504
CMC 20180505
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180505
eGambit 20180505
Endgame 20180504
Sophos ML 20180503
Jiangmin 20180505
K7AntiVirus 20180505
K7GW 20180505
Kingsoft 20180505
Malwarebytes 20180505
Microsoft 20180505
Palo Alto Networks (Known Signatures) 20180505
Panda 20180505
Rising 20180505
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180505
Symantec Mobile Insight 20180505
TheHacker 20180504
TotalDefense 20180505
TrendMicro 20180505
Trustlook 20180505
VBA32 20180504
ViRobot 20180505
Webroot 20180505
Yandex 20180504
Zillya 20180504
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-04-24 21:31:00
author
Jyjolavifoshae
title
Jyjolavifo
page_count
1
last_saved
2018-04-24 21:31:00
word_count
2
revision_number
1
application_name
Microsoft Office Word
character_count
12
template
Normal.dotm
code_page
Latin I
subject
Jyjolavifo
Document summary
category
Jyjolavifo
line_count
1
company
Jyjolavi
characters_with_spaces
13
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5312
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
336
type_literal
stream
sid
4
name
\x05SummaryInformation
size
432
type_literal
stream
sid
2
name
1Table
size
7764
type_literal
stream
sid
1
name
Data
size
14215
type_literal
stream
sid
18
name
Macros/PROJECT
size
514
type_literal
stream
sid
19
name
Macros/PROJECTwm
size
107
type_literal
stream
sid
9
type
macro
name
Macros/VBA/DAAzQHu
size
31789
type_literal
stream
sid
11
type
macro
name
Macros/VBA/YGGFEvR
size
14877
type_literal
stream
sid
17
name
Macros/VBA/_VBA_PROJECT
size
24015
type_literal
stream
sid
12
name
Macros/VBA/__SRP_0
size
1487
type_literal
stream
sid
13
name
Macros/VBA/__SRP_1
size
195
type_literal
stream
sid
14
name
Macros/VBA/__SRP_2
size
736
type_literal
stream
sid
15
name
Macros/VBA/__SRP_3
size
379
type_literal
stream
sid
8
name
Macros/VBA/dir
size
651
type_literal
stream
sid
16
type
macro
name
Macros/VBA/iIhbMGSuKA
size
5651
type_literal
stream
sid
10
type
macro
name
Macros/VBA/skHTnUc
size
9539
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] iIhbMGSuKA.cls Macros/VBA/iIhbMGSuKA 2122 bytes
obfuscated
[+] YGGFEvR.bas Macros/VBA/YGGFEvR 8326 bytes
obfuscated
[+] DAAzQHu.bas Macros/VBA/DAAzQHu 18519 bytes
obfuscated run-file
[+] skHTnUc.bas Macros/VBA/skHTnUc 5186 bytes
obfuscated
ExifTool file metadata
Category
Jyjolavifo

SharedDoc
No

Author
Jyjolavifoshae

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
13

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:04:24 20:31:00

Company
Jyjolavi

Title
Jyjolavifo

Characters
12

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
2

CreateDate
2018:04:24 20:31:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Subject
Jyjolavifo

File identification
MD5 bf6557c7aeb6937049ed3dbbb91babde
SHA1 e108d3afbc0678b56dd1ba1e11a670c39f9dbc7b
SHA256 5c69a55d1ef7a5ee84906ff18ae7e92d197a78164ec9d70f0a39dad90c6b485f
ssdeep
1536:wOEk4Qeh21F+ahOTJXt6zhMDEgTdTHm1BaL0y0uB+dUNJPPhJcuWctmiyG6F5kif:cQejT5Xj5fNDHtZtqPGGs+XW5YZ

File size 130.0 KB ( 133120 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Jyjolavifo, Subject: Jyjolavifo, Author: Jyjolavifoshae, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Apr 23 20:31:00 2018, Last Saved Time/Date: Mon Apr 23 20:31:00 2018, Number of Pages: 1, Number of Words: 2, Number of Characters: 12, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-04-25 15:57:41 UTC ( 10 months, 4 weeks ago )
Last submission 2018-05-05 13:31:59 UTC ( 10 months, 2 weeks ago )
File names Inquiry.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!