× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e0369e217e01371007b14a4b89de3db688abf1e424219146a924059b373844
File name: index.html.6
Detection ratio: 38 / 58
Analysis date: 2018-03-28 13:53:19 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.1126 20180328
AhnLab-V3 W97M/Downloader 20180328
ALYac Trojan.Downloader.VBA.gen 20180328
Arcabit VB:Trojan.Valyria.D466 20180328
Avast Other:Malware-gen [Trj] 20180328
AVG Other:Malware-gen [Trj] 20180328
Avira (no cloud) W97M/Agent.4023031 20180328
AVware Trojan.OLE.Generic.a (v) 20180328
Baidu VBA.Trojan-Downloader.Agent.cjw 20180328
BitDefender VB:Trojan.Valyria.1126 20180328
ClamAV Doc.Macro.Obfuscation-6398752-1 20180328
Cyren Trojan.ZXZY- 20180328
DrWeb W97M.DownLoader.2340 20180328
Emsisoft VB:Trojan.Valyria.1126 (B) 20180328
ESET-NOD32 VBA/TrojanDownloader.Agent.FWD 20180328
F-Prot New or modified W97M/Valyria 20180328
F-Secure VB:Trojan.Valyria.1126 20180328
Fortinet VBA/Agent.FTD!tr 20180328
GData VB:Trojan.Valyria.1126 20180328
Ikarus Trojan-Downloader.VBA.Agent 20180328
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20180328
MAX malware (ai score=99) 20180328
McAfee W97M/Downloader.cke 20180328
McAfee-GW-Edition W97M/Downloader.cke 20180328
Microsoft TrojanDownloader:O97M/Donoff 20180328
eScan VB:Trojan.Valyria.1126 20180328
NANO-Antivirus Trojan.Script.ExpKit.ewdptp 20180328
Panda O97M/Downloader 20180328
Qihoo-360 virus.office.qexvmc.1085 20180328
Rising Downloader.Donoff!8.36C (TOPIS:Tbp0DafOiLT) 20180328
Symantec W97M.Downloader 20180328
Tencent Win32.Trojan-downloader.Agent.Isw 20180328
TrendMicro W2KM_POWLOAD.AUJWH 20180328
TrendMicro-HouseCall W2KM_POWLOAD.SMJSA 20180328
VIPRE Trojan.OLE.Generic.a (v) 20180328
ViRobot W97M.S.Downloader.216064.A 20180328
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180328
Zoner Probably W97Obfuscated 20180327
AegisLab 20180328
Alibaba 20180328
Avast-Mobile 20180328
Bkav 20180328
CAT-QuickHeal 20180328
CMC 20180328
Comodo 20180328
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180328
eGambit 20180328
Endgame 20180316
Sophos ML 20180121
Jiangmin 20180328
K7AntiVirus 20180328
K7GW 20180328
Kingsoft 20180328
Malwarebytes 20180328
nProtect 20180328
Palo Alto Networks (Known Signatures) 20180328
SentinelOne (Static ML) 20180225
Sophos AV 20180328
SUPERAntiSpyware 20180328
Symantec Mobile Insight 20180311
TheHacker 20180327
TotalDefense 20180328
Trustlook 20180328
VBA32 20180328
WhiteArmor 20180324
Yandex 20180328
Zillya 20180328
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2017-12-13 21:39:00
revision_number
1
author
twrsjJFf
page_count
1
last_saved
2017-12-13 21:39:00
word_count
1
template
Normal.dotm
application_name
Microsoft Office Word
character_count
11
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
11
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3072
type_literal
stream
sid
16
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
412
type_literal
stream
sid
2
name
1Table
size
6987
type_literal
stream
sid
1
name
Data
size
8968
type_literal
stream
sid
15
name
Macros/PROJECT
size
528
type_literal
stream
sid
14
name
Macros/PROJECTwm
size
158
type_literal
stream
sid
11
type
macro
name
Macros/VBA/QJrbvrzSUqNXR
size
78307
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
924
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
12159
type_literal
stream
sid
13
name
Macros/VBA/dir
size
706
type_literal
stream
sid
10
type
macro
name
Macros/VBA/jpkIXOKJZhJ
size
53828
type_literal
stream
sid
9
type
macro
name
Macros/VBA/qcWWCncUbUDm
size
33652
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] qcWWCncUbUDm.bas Macros/VBA/qcWWCncUbUDm 16824 bytes
url-pattern obfuscated run-file
[+] jpkIXOKJZhJ.bas Macros/VBA/jpkIXOKJZhJ 26645 bytes
[+] QJrbvrzSUqNXR.bas Macros/VBA/QJrbvrzSUqNXR 38962 bytes
ExifTool file metadata
SharedDoc
No

Author
twrsjJFf

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
11

CreateDate
2017:12:13 20:39:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:12:13 20:39:00

Characters
11

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
1

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 0bca0cda3bdab716ee8012d4adb9f5b1
SHA1 8e745725c47ae8f6d7da6f590b90b13c473d3e91
SHA256 60e0369e217e01371007b14a4b89de3db688abf1e424219146a924059b373844
ssdeep
3072:c6W+rMDAjZYAQKQvGWR+WWXr+eRJ7FaDRE4Ir3iQMZS3l7OwG:prY5GWR+WK+GJ7FuREL+Vt

File size 211.0 KB ( 216064 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: twrsjJFf, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 12 20:39:00 2017, Last Saved Time/Date: Tue Dec 12 20:39:00 2017, Number of Pages: 1, Number of Words: 1, Number of Characters: 11, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc url-pattern

VirusTotal metadata
First submission 2017-12-13 21:00:06 UTC ( 1 year, 2 months ago )
Last submission 2018-06-22 15:38:31 UTC ( 8 months ago )
File names Outstanding Invoices.doc
Invoice# 1283904.doc
index.html.6
0bca0cda3bdab716ee8012d4adb9f5b12989a600_Trojan-Downloader.Script.Generic
Outstanding INVOICE JRM-884758-067.doc
Invoice_ 63908476.doc
Paypal #ATEVD727NFO4ZZI7.doc
Paypal #EPJS6HVBXQYNC2IEA.doc
Dokumente vom Notar #485163247.doc
INCORRECT INVOICE.doc
Invoice Number 45732.doc
Paypal #YEAHIG5I9L6WV2I1.doc
Order Confirmation.doc
Invoices Overdue.doc
index.html.98
Invoice.doc
Paypal
index.html.93
Invoice Number 492643.doc
DTBFL4-4057162472.doc
Final Account.doc
Untitled1.doc
Invoice# 06744589.doc
1023-8e745725c47ae8f6d7da6f590b90b13c473d3e91
Paypal #TF7UT6YJX670IP7.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!