× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d2b03c840ed108f97e6e5cd9dddfb6d635d49e63066800d212e150b5d2a5cda
File name: output.112031255.txt
Detection ratio: 43 / 61
Analysis date: 2018-09-14 19:52:55 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6017825 20180913
AegisLab Trojan.Script.Generic.a!c 20180914
ALYac Trojan.GenericKD.6017825 20180914
Antiy-AVL Trojan[Downloader]/Script.AGeneric 20180914
Arcabit Trojan.Generic.D5BD321 20180914
Avast VBA:Downloader-DNU [Trj] 20180914
AVG VBA:Downloader-DNU [Trj] 20180914
Avira (no cloud) HEUR/Macro.Downloader 20180914
AVware LooksLike.Macro.Malware.k (v) 20180914
Baidu VBA.Trojan-Downloader.Agent.ays 20180914
BitDefender Trojan.GenericKD.6017825 20180914
CAT-QuickHeal W97M.Downloader.RI 20180912
ClamAV Doc.Dropper.Agent-1844886 20180914
Cyren W97M/Downldr.F.gen 20180914
Emsisoft Trojan.GenericKD.6017825 (B) 20180914
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.CDX 20180914
F-Prot W97M/Downldr.F.gen 20180914
F-Secure Trojan:W97M/MaliciousMacro.GEN 20180914
Fortinet XM/Agent.AZH!tr.dldr 20180914
GData Trojan.GenericKD.6017825 20180914
Ikarus Trojan-Downloader.VBA.Agent 20180914
Jiangmin MSWord/Downloader.s 20180914
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20180914
MAX malware (ai score=98) 20180914
McAfee RDN/Generic Downloader.x 20180914
McAfee-GW-Edition BehavesLike.Downloader.hb 20180914
Microsoft TrojanDownloader:O97M/Bancarobe.A 20180914
eScan Trojan.GenericKD.6017825 20180914
NANO-Antivirus Trojan.Script.DridLdr.dnxnan 20180914
Qihoo-360 virus.office.qexvmc.1095 20180914
Rising Heur.Macro.Downloader.a (CLASSIC) 20180914
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/DocDl-KHO 20180914
Symantec W97M.Downloader 20180914
TACHYON Suspicious/W97M.Obfus.Gen.3 20180914
Tencent Heur.Macro.Generic.Gen.f 20180914
TrendMicro W2KM_DLOADR.YYTBR 20180914
TrendMicro-HouseCall W2KM_DLOADR.YYTBR 20180914
VBA32 Trojan-Downloader.O97M.Bancarobe.A 20180914
VIPRE LooksLike.Macro.Malware.k (v) 20180914
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180914
Zoner Probably W97Obfuscated 20180914
AhnLab-V3 20180914
Alibaba 20180713
Avast-Mobile 20180914
Babable 20180907
Bkav 20180914
CMC 20180914
Comodo 20180914
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180914
DrWeb 20180914
eGambit 20180914
Sophos ML 20180717
K7AntiVirus 20180914
K7GW 20180914
Kingsoft 20180914
Malwarebytes 20180914
Palo Alto Networks (Known Signatures) 20180914
Panda 20180914
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TheHacker 20180914
TotalDefense 20180914
Trustlook 20180914
ViRobot 20180914
Webroot 20180914
Yandex 20180914
Zillya 20180914
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
Usuario de Windows
creation_datetime
2014-10-15 14:15:00
template
Normal.dotm
author
clein
page_count
7
last_saved
2016-11-22 10:59:00
edit_time
142200
word_count
254
revision_number
1083
application_name
Microsoft Office Word
character_count
1401
code_page
Latin I
Document summary
line_count
11
company
characters_with_spaces
1652
version
786432
paragraph_count
3
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1152
type_literal
stream
size
125
name
\x01CompObj
sid
13
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
12900
name
1Table
sid
2
type_literal
stream
size
457032
name
Data
sid
1
type_literal
stream
size
371
name
Macros/PROJECT
sid
12
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
11
type_literal
stream
size
13154
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
10425
name
Macros/VBA/_VBA_PROJECT
sid
9
type_literal
stream
size
514
name
Macros/VBA/dir
sid
10
type_literal
stream
size
35244
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1497 bytes
exe-pattern auto-open download environ obfuscated open-file run-dll
ExifTool file metadata
SharedDoc
No

Author
clein

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Usuario de Windows

HeadingPairs
T tulo, 1

Hyperlinks
http://i.imgur.com/sR3jaZE.png

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1652

Word97
No

LanguageCode
English (US)

CompObjUserType
Documento de Microsoft Office Word 97-2003

ModifyDate
2016:11:22 09:59:00

ScaleCrop
No

Characters
1401

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1083

MIMEType
application/msword

Words
254

CreateDate
2014:10:15 12:15:00

Lines
11

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
1.6 days

Pages
7

CompObjUserTypeLen
43

FileTypeExtension
doc

Paragraphs
3

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 aad18684d9d8ea8ce38f91db01896094
SHA1 55efb13a296f6484cd02fe88d3103ff69e254bbc
SHA256 5d2b03c840ed108f97e6e5cd9dddfb6d635d49e63066800d212e150b5d2a5cda
ssdeep
12288:80K4hfaxWL9KmArzX4gqPIaeTs6r8zt3x9KmArzXFk9jy:80LhSxW38XLs/nt3V8XF9

File size 534.5 KB ( 547328 bytes )
File type MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: clein, Template: Normal.dotm, Last Saved By: Usuario de Windows, Revision Number: 1083, Name of Creating Application: Microsoft Office Word, Total Editing Time: 1d+15:30:00, Create Time/Date: Tue Oct 14 13:15:00 2014, Last Saved Time/Date: Mon Nov 21 09:59:00 2016, Number of Pages: 7, Number of Words: 254, Number of Characters: 1401, Security: 0

TrID Microsoft Excel sheet (35.5%)
Microsoft Word document (34.9%)
Microsoft Word document (old ver.) (20.7%)
Generic OLE2 / Multistream Compound File (8.7%)
Tags
obfuscated open-file auto-open exe-pattern macros run-dll environ download xls

VirusTotal metadata
First submission 2016-11-22 16:10:58 UTC ( 2 years, 5 months ago )
Last submission 2017-09-06 18:44:54 UTC ( 1 year, 8 months ago )
File names 7036ba7d7a10de5ef2b4c924bf4ebfd45d81f09b
output.112031255.txt
SubastaSAT.doc
VirusShare_aad18684d9d8ea8ce38f91db01896094
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!