× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66ba9807f532505a7a6a4efe9a1e2ea630e51ec51dddfa581ee1b2ee04933b88
File name: bank_statement_088452.docxxx
Detection ratio: 32 / 62
Analysis date: 2018-09-26 17:11:04 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4879124 20180926
AegisLab Trojan.MSWord.Generic.4!c 20180926
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.byv 20180926
Arcabit Trojan.Generic.D4A7314 20180926
Avast VBA:Downloader-DJR [Trj] 20180926
AVG VBA:Downloader-DJR [Trj] 20180926
Baidu VBA.Trojan-Downloader.Agent.avu 20180926
BitDefender Trojan.GenericKD.4879124 20180926
CAT-QuickHeal O97M.Downloader.AMA 20180926
ClamAV Doc.Dropper.Agent-1777593 20180926
Cyren PP97M/Agent.gen 20180926
Emsisoft Trojan.GenericKD.4879124 (B) 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.BYV 20180926
F-Prot PP97M/Agent.gen 20180926
F-Secure Trojan.GenericKD.4879124 20180926
Fortinet WM/Agent.BWB!tr 20180926
GData Trojan.GenericKD.4879124 20180926
Ikarus Trojan-Downloader.VBA.Agent 20180926
Kaspersky HEUR:Trojan.Script.Agent.gen 20180926
MAX malware (ai score=96) 20180926
McAfee-GW-Edition Artemis!Trojan 20180926
Microsoft Trojan:Win32/Occamy.C 20180926
eScan Trojan.GenericKD.4879124 20180926
NANO-Antivirus Trojan.Script.Agent.eidwkt 20180926
Qihoo-360 virus.office.qexvmc.1080 20180926
Rising Downloader.Agent!8.B23 (TOPIS:WvH6xktYpEQ) 20180926
SentinelOne (Static ML) static engine - malicious 20180926
Symantec W97M.Downloader 20180926
Tencent Heur.Macro.Generic.Gen.j 20180926
TrendMicro HEUR_VBA.O2 20180926
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180925
AhnLab-V3 20180926
Alibaba 20180921
ALYac 20180926
Avast-Mobile 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Bkav 20180925
CMC 20180926
Comodo 20180926
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180926
DrWeb 20180926
eGambit 20180926
Sophos ML 20180717
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kingsoft 20180926
Malwarebytes 20180926
McAfee 20180926
Palo Alto Networks (Known Signatures) 20180926
Panda 20180926
Sophos AV 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180926
VIPRE 20180926
ViRobot 20180926
Webroot 20180926
Yandex 20180926
Zillya 20180926
Zoner 20180926
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
May open a file.
May create OLE objects.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 8462 bytes
create-ole open-file
Content types
bin
rels
wmf
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
cp:revision
1
dcterms:created
2016-09-18T21:41:00Z
dcterms:modified
2016-10-04T09:29:00Z
Application document properties
TotalTime
0
Pages
1
Words
11
Characters
66
Application
Microsoft Office Word
DocSecurity
8
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
Title
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
76
SharedDoc
false
HyperlinksChanged
false
AppVersion
15.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
Title, 1

ZipFileName
[Content_Types].xml

ZipRequiredVersion
20

ModifyDate
2016:10:04 09:29:00Z

ZipCRC
0x775cb3ed

ZipBitFlag
0x0006

Words
11

ScaleCrop
No

RevisionNumber
1

MIMEType
application/vnd.ms-word.template.macroEnabledTemplate

Characters
66

CreateDate
2016:09:18 21:41:00Z

Lines
1

AppVersion
15.0

ZipUncompressedSize
1893

ZipCompressedSize
465

CharactersWithSpaces
76

DocSecurity
Locked for annotations

ZipModifyDate
1980:01:01 00:00:00

FileType
DOTM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
dotm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
22
Uncompressed size
151788
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
13
bin
2
wmf
1
png
1
Contained files by type
XML
17
unknown
2
Microsoft Office
2
PNG
1
File identification
MD5 c2dbf24a0dc7276a71dd0824647535c9
SHA1 dbdc54a15d2514e9b8ff31b3666642d2b19ba2bd
SHA256 66ba9807f532505a7a6a4efe9a1e2ea630e51ec51dddfa581ee1b2ee04933b88
ssdeep
1536:rkZq5kjKyM3S/1GShyllVdTaR+z/+sXFs5J:rk5u/YUZ4R+z2ys5J

File size 50.7 KB ( 51903 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
macros open-file docx create-ole

VirusTotal metadata
First submission 2016-10-10 10:18:52 UTC ( 2 years, 2 months ago )
Last submission 2018-09-26 12:21:21 UTC ( 2 months, 2 weeks ago )
File names 1_bank_statement_088452.doc
bank_statement_088452.doc
bank_statement_088452.docxxx
66ba9807f532505a7a6a4efe9a1e2ea630e51ec51dddfa581ee1b2ee04933b88.docx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!