× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5da72367078fdea770d0df1975f52432439bd760c8395f44ed31e9f4e65ea6dc
File name: Secure Message.doc
Detection ratio: 2 / 59
Analysis date: 2017-11-15 10:09:22 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Fortinet VBA/Agent.FCY!tr.dldr 20171115
Qihoo-360 virus.office.qexvmc.1085 20171115
Ad-Aware 20171115
AegisLab 20171115
AhnLab-V3 20171115
Alibaba 20170911
ALYac 20171115
Antiy-AVL 20171115
Arcabit 20171115
Avast 20171115
Avast-Mobile 20171115
AVG 20171115
Avira (no cloud) 20171115
AVware 20171115
Baidu 20171115
BitDefender 20171115
Bkav 20171114
CAT-QuickHeal 20171114
ClamAV 20171115
CMC 20171109
Comodo 20171115
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171115
Cyren 20171115
DrWeb 20171115
eGambit 20171115
Emsisoft 20171115
Endgame 20171024
ESET-NOD32 20171115
F-Prot 20171115
F-Secure 20171115
GData 20171115
Ikarus 20171114
Sophos ML 20170914
Jiangmin 20171115
K7AntiVirus 20171115
K7GW 20171115
Kaspersky 20171115
Kingsoft 20171115
Malwarebytes 20171115
MAX 20171115
McAfee 20171115
McAfee-GW-Edition 20171115
Microsoft 20171115
eScan 20171115
NANO-Antivirus 20171115
nProtect 20171115
Palo Alto Networks (Known Signatures) 20171115
Panda 20171114
Rising 20171115
SentinelOne (Static ML) 20171113
Sophos AV 20171115
SUPERAntiSpyware 20171115
Symantec 20171115
Symantec Mobile Insight 20171115
Tencent 20171115
TheHacker 20171112
TrendMicro 20171115
TrendMicro-HouseCall 20171115
Trustlook 20171115
VBA32 20171114
VIPRE 20171115
ViRobot 20171115
Webroot 20171115
WhiteArmor 20171104
Yandex 20171114
Zillya 20171115
ZoneAlarm by Check Point 20171115
Zoner 20171115
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-11-15 11:00:00
revision_number
8
author
Longer
page_count
1
last_saved
2017-11-15 11:09:00
edit_time
540
word_count
55
template
Normal.dotm
application_name
Microsoft Office Word
character_count
320
code_page
Latin I
Document summary
line_count
2
company
Grizli777
characters_with_spaces
374
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
33856
type_literal
stream
sid
57
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7050
type_literal
stream
sid
1
name
Data
size
15197
type_literal
stream
sid
33
name
Macros/Fiwdmj/\x01CompObj
size
97
type_literal
stream
sid
34
name
Macros/Fiwdmj/\x03VBFrame
size
287
type_literal
stream
sid
31
name
Macros/Fiwdmj/f
size
239
type_literal
stream
sid
32
name
Macros/Fiwdmj/o
size
224
type_literal
stream
sid
38
name
Macros/Irasnff/\x01CompObj
size
97
type_literal
stream
sid
39
name
Macros/Irasnff/\x03VBFrame
size
293
type_literal
stream
sid
36
name
Macros/Irasnff/f
size
327
type_literal
stream
sid
37
name
Macros/Irasnff/o
size
444
type_literal
stream
sid
56
name
Macros/PROJECT
size
1329
type_literal
stream
sid
55
name
Macros/PROJECTwm
size
500
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/Fiwdmj
size
1171
type_literal
stream
sid
24
type
macro
name
Macros/VBA/Irasnff
size
1579
type_literal
stream
sid
15
type
macro
name
Macros/VBA/L_chsaebrqk
size
885
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Lrbjjwixinw
size
874
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Nowedw1
size
863
type_literal
stream
sid
20
type
macro
name
Macros/VBA/Sgm
size
854
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1310
type_literal
stream
sid
27
type
macro
name
Macros/VBA/Yoy_jf
size
1496
type_literal
stream
sid
28
name
Macros/VBA/_VBA_PROJECT
size
6801
type_literal
stream
sid
9
type
macro
name
Macros/VBA/bsn9
size
895
type_literal
stream
sid
10
type
macro
name
Macros/VBA/bvhw
size
934
type_literal
stream
sid
11
type
macro
name
Macros/VBA/cqvwvsb_zry
size
1055
type_literal
stream
sid
29
name
Macros/VBA/dir
size
1604
type_literal
stream
sid
12
type
macro
name
Macros/VBA/dob
size
903
type_literal
stream
sid
13
type
macro
name
Macros/VBA/h_mzfvyg
size
1319
type_literal
stream
sid
14
type
macro
name
Macros/VBA/hhphfz
size
1541
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/isvqum
size
1170
type_literal
stream
sid
16
type
macro
name
Macros/VBA/lmodtdxzo
size
1601
type_literal
stream
sid
18
type
macro
name
Macros/VBA/mflmwv
size
1307
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/vhi
size
1168
type_literal
stream
sid
21
type
macro
name
Macros/VBA/wlanpft_bbo
size
1825
type_literal
stream
sid
22
type
macro
name
Macros/VBA/zlxpouzwg_bo
size
1028
type_literal
stream
sid
53
name
Macros/Yoy_jf/\x01CompObj
size
97
type_literal
stream
sid
54
name
Macros/Yoy_jf/\x03VBFrame
size
283
type_literal
stream
sid
51
name
Macros/Yoy_jf/f
size
334
type_literal
stream
sid
52
name
Macros/Yoy_jf/o
size
492
type_literal
stream
sid
43
name
Macros/isvqum/\x01CompObj
size
97
type_literal
stream
sid
44
name
Macros/isvqum/\x03VBFrame
size
288
type_literal
stream
sid
41
name
Macros/isvqum/f
size
182
type_literal
stream
sid
42
name
Macros/isvqum/o
size
260
type_literal
stream
sid
48
name
Macros/vhi/\x01CompObj
size
97
type_literal
stream
sid
49
name
Macros/vhi/\x03VBFrame
size
283
type_literal
stream
sid
46
name
Macros/vhi/f
size
283
type_literal
stream
sid
47
name
Macros/vhi/o
size
292
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 63 bytes
[+] bsn9.bas Macros/VBA/bsn9 72 bytes
[+] bvhw.bas Macros/VBA/bvhw 78 bytes
[+] cqvwvsb_zry.bas Macros/VBA/cqvwvsb_zry 111 bytes
[+] dob.bas Macros/VBA/dob 71 bytes
[+] h_mzfvyg.bas Macros/VBA/h_mzfvyg 254 bytes
[+] hhphfz.bas Macros/VBA/hhphfz 389 bytes
[+] L_chsaebrqk.bas Macros/VBA/L_chsaebrqk 51 bytes
[+] lmodtdxzo.bas Macros/VBA/lmodtdxzo 477 bytes
[+] Lrbjjwixinw.bas Macros/VBA/Lrbjjwixinw 58 bytes
[+] mflmwv.bas Macros/VBA/mflmwv 197 bytes
[+] Nowedw1.bas Macros/VBA/Nowedw1 58 bytes
[+] Sgm.bas Macros/VBA/Sgm 54 bytes
[+] wlanpft_bbo.bas Macros/VBA/wlanpft_bbo 559 bytes
[+] zlxpouzwg_bo.bas Macros/VBA/zlxpouzwg_bo 109 bytes
[+] Irasnff.frm Macros/VBA/Irasnff 181 bytes
[+] Yoy_jf.frm Macros/VBA/Yoy_jf 107 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
374

CreateDate
2017:11:15 10:00:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:11:15 10:09:00

Company
Grizli777

Characters
320

CodePage
Unicode (UTF-8)

RevisionNumber
8

MIMEType
application/msword

Words
55

FileType
DOC

Lines
2

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
9.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 d08693b5eed4b2b95d659d949f0c11dc
SHA1 0f77f3e859ffb747f5fcc30a7c9a034286765c8c
SHA256 5da72367078fdea770d0df1975f52432439bd760c8395f44ed31e9f4e65ea6dc
ssdeep
768:h3FAi9JRR2d4QAgqxn0eejOy8NRnreZjqITbcxQayWK2NPjx944e7T3z0vjzpqp5:4bNI50eeK3NtzGr0vngA4L

File size 86.0 KB ( 88064 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 8, Name of Creating Application: Microsoft Office Word, Total Editing Time: 09:00, Create Time/Date: Tue Nov 14 10:00:00 2017, Last Saved Time/Date: Tue Nov 14 10:09:00 2017, Number of Pages: 1, Number of Words: 55, Number of Characters: 320, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-11-15 10:09:22 UTC ( 1 year, 6 months ago )
Last submission 2018-05-15 00:06:12 UTC ( 1 year ago )
File names 1024-0f77f3e859ffb747f5fcc30a7c9a034286765c8c
Secure Message.doc
8d6ba737-775e8bdc-f95f16f3-1b460259.doc
5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!