× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6467d648a638c7f36f0248f6c15f425a14bdcc7bd791f3ba0f0bfaa3b048843b
File name: 32f3710a1e46404a559586ed2e82626ce81e9924
Detection ratio: 10 / 61
Analysis date: 2017-10-18 11:51:13 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20171017
Avira (no cloud) X97M/Agent.10814635 20171018
Baidu VBA.Trojan-Downloader.Agent.cat 20171018
Cyren PP97M/Agent 20171018
F-Prot New or modified PP97M/Agent 20171018
Fortinet VBA/Agent.CONA!tr 20171018
Ikarus Trojan-Downloader.VBA.Agent 20171018
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20171018
Qihoo-360 virus.office.qexvmc.1095 20171018
Tencent Macro.Trojan.Dropperd.Auto 20171018
Ad-Aware 20171018
AegisLab 20171018
AhnLab-V3 20171018
Alibaba 20170911
ALYac 20171018
Antiy-AVL 20171018
Avast 20171018
Avast-Mobile 20171018
AVG 20171018
AVware 20171018
BitDefender 20171018
Bkav 20171018
CAT-QuickHeal 20171018
ClamAV 20171018
CMC 20171018
Comodo 20171017
CrowdStrike Falcon (ML) 20170804
Cylance 20171018
eGambit 20171018
Emsisoft 20171018
Endgame 20171016
ESET-NOD32 20171018
F-Secure 20171018
GData 20171018
Sophos ML 20170914
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kaspersky 20171018
Kingsoft 20171018
Malwarebytes 20171018
MAX 20171018
McAfee 20171018
McAfee-GW-Edition 20171018
Microsoft 20171018
eScan 20171018
nProtect 20171018
Palo Alto Networks (Known Signatures) 20171018
Panda 20171017
Rising 20171018
SentinelOne (Static ML) 20171001
Sophos AV 20171018
SUPERAntiSpyware 20171018
Symantec 20171018
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171018
TrendMicro 20171018
TrendMicro-HouseCall 20171018
Trustlook 20171018
VBA32 20171018
VIPRE 20171018
ViRobot 20171018
Webroot 20171018
WhiteArmor 20171016
Yandex 20171017
Zillya 20171018
ZoneAlarm by Check Point 20171018
Zoner 20171018
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May create OLE objects.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 1924 bytes
[+] nQKeXdkxkJj.bas word/vbaProject.bin VBA/nQKeXdkxkJj 13441 bytes
create-ole run-file
Content types
bin
rels
jpg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
user
cp:lastModifiedBy
user
cp:revision
1
dcterms:created
2017-10-18T05:35:00Z
dcterms:modified
2017-10-18T05:35:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
1
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
1
SharedDoc
false
HyperlinksChanged
false
AppVersion
15.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
user

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2017:10:18 05:35:00Z

ZipCRC
0x2d551a4d

Words
0

ScaleCrop
No

RevisionNumber
1

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2017:10:18 05:35:00Z

Lines
1

AppVersion
15.0

ZipUncompressedSize
1504

ZipCompressedSize
400

Characters
1

CharactersWithSpaces
1

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Creator
user

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
140135
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
jpg
1
Contained files by type
XML
13
Microsoft Office
1
JPG
1
Compressed bundles
File identification
MD5 ab291fb892b4196f377839aef347196d
SHA1 32f3710a1e46404a559586ed2e82626ce81e9924
SHA256 6467d648a638c7f36f0248f6c15f425a14bdcc7bd791f3ba0f0bfaa3b048843b
ssdeep
1536:inceIs9cRHRlLeGGe7rJVwid0nkn2jpjDMIv13c3oCQ:2Is9YUGGQrJei0nrjgIv13c3e

File size 79.9 KB ( 81809 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
macros run-file create-ole docx attachment

VirusTotal metadata
First submission 2017-10-18 11:51:13 UTC ( 1 year, 4 months ago )
Last submission 2017-10-20 06:20:14 UTC ( 1 year, 4 months ago )
File names Park_safari_Invoice.doc
Park_Safari_Invoice.doc
32f3710a1e46404a559586ed2e82626ce81e9924
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!