× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68523a9e3d6a06ee870a54ac2102950afb6a240d22febfd6504bb04c6a89765f
File name: denise.schubiger_INC000002244021.doc
Detection ratio: 33 / 54
Analysis date: 2017-01-10 16:15:44 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
ALYac W97M.Downloader.ENK 20170110
AVG W97M/Downloader 20170110
Ad-Aware W97M.Downloader.ENK 20170110
AegisLab Troj.Downloader.Msword.Agent!c 20170110
AhnLab-V3 W2KM/Downloader 20170110
Antiy-AVL Trojan[Downloader]/MSWord.Agent.art 20170110
Arcabit W97M.Downloader.ENK 20170110
Avast VBA:Downloader-DJR [Trj] 20170110
Avira (no cloud) W2000M/Agent.11130 20170110
Baidu VBA.Trojan-Downloader.Agent.avu 20170110
BitDefender W97M.Downloader.ENK 20170110
CAT-QuickHeal W97M.Downloader.OD 20170110
ClamAV Doc.Dropper.Agent-1764371 20170110
Cyren W97M/Downldr.gen 20170110
ESET-NOD32 VBA/TrojanDownloader.Agent.BVW 20170110
Emsisoft W97M.Downloader.ENK (B) 20170110
F-Prot W97M/Downldr.gen 20170110
F-Secure W97M.Downloader.ENK 20170110
Fortinet WM/Agent.BWB!tr 20170110
GData W97M.Downloader.ENK 20170110
Ikarus Trojan-Downloader.VBA.Agent 20170110
Kaspersky Trojan-Downloader.MSWord.Agent.art 20170110
McAfee W97M/Downloader.bnp 20170108
McAfee-GW-Edition W97M/Downloader.bnp 20170110
eScan W97M.Downloader.ENK 20170110
Microsoft TrojanDownloader:O97M/Donoff 20170110
NANO-Antivirus Trojan.Script.Agent.ehiybo 20170110
Qihoo-360 virus.office.gen.80 20170110
Rising Downloader.Donoff!8.36C (topis) 20170110
Sophos Troj/DocDl-EYN 20170110
Tencent Word.Trojan-downloader.Agent.Akph 20170110
TrendMicro W2KM_DLOADER.JF 20170110
TrendMicro-HouseCall W2KM_DLOADER.JF 20170110
AVware 20170110
Alibaba 20170110
Bkav 20170110
CMC 20170110
Comodo 20170110
CrowdStrike Falcon (ML) 20161024
DrWeb 20170110
Invincea 20161216
Jiangmin 20170110
K7AntiVirus 20170110
K7GW 20170110
Kingsoft 20170110
Malwarebytes 20170110
Panda 20170110
SUPERAntiSpyware 20170110
TheHacker 20170108
Trustlook 20170110
VBA32 20170110
VIPRE 20170110
ViRobot 20170110
WhiteArmor 20170109
Yandex 20170110
Zillya 20170109
Zoner 20170110
nProtect 20170110
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Summary
creation_datetime
2016-10-10 01:14:00
template
Normal.dotm
page_count
1
last_saved
2016-10-10 01:14:00
word_count
7
revision_number
1
application_name
Microsoft Office Word
character_count
40
security
8
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
46
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
11648
type_literal
stream
size
121
name
\x01CompObj
sid
22
type_literal
stream
size
280
name
\x05DocumentSummaryInformation
sid
10
type_literal
stream
size
404
name
\x05SummaryInformation
sid
9
type_literal
stream
size
10244
name
1Table
sid
8
type_literal
stream
size
4096
name
Data
sid
1
type_literal
stream
size
437
name
Macros/PROJECT
sid
21
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
20
type_literal
stream
size
18487
type
macro
name
Macros/VBA/ThisDocument
sid
13
type_literal
stream
size
4726
name
Macros/VBA/_VBA_PROJECT
sid
16
type_literal
stream
size
2569
name
Macros/VBA/__SRP_0
sid
18
type_literal
stream
size
410
name
Macros/VBA/__SRP_1
sid
19
type_literal
stream
size
3604
name
Macros/VBA/__SRP_2
sid
14
type_literal
stream
size
2315
name
Macros/VBA/__SRP_3
sid
15
type_literal
stream
size
839
name
Macros/VBA/dir
sid
17
type_literal
stream
size
26
name
ObjectPool/_1537531488/\x03OCXNAME
sid
6
type_literal
stream
size
6
name
ObjectPool/_1537531488/\x03ObjInfo
sid
5
type_literal
stream
size
94
name
ObjectPool/_1537531488/Contents
sid
7
type_literal
stream
size
4247
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 7373 bytes
create-ole open-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
46

CreateDate
2016:10:10 00:14:00

Security
Locked for annotations

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2016:10:10 00:14:00

Characters
40

Pages
1

RevisionNumber
1

MIMEType
application/msword

Words
7

FileType
DOC

Lines
1

AppVersion
12.0

CodePage
Windows Latin 1 (Western European)

Software
Microsoft Office Word

TotalEditTime
0

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 7c9505f2c041ba588bed854258344c43
SHA1 791491e2a0795f3f3c117852b862c475be149214
SHA256 68523a9e3d6a06ee870a54ac2102950afb6a240d22febfd6504bb04c6a89765f
ssdeep
768:yqAW+kD1aZFlcgjKNYEUWE3gIvI2gruh:uUYxjKmVWEQ

File size 59.0 KB ( 60416 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Oct 09 00:14:00 2016, Last Saved Time/Date: Sun Oct 09 00:14:00 2016, Number of Pages: 1, Number of Words: 7, Number of Characters: 40, Security: 8

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros open-file doc create-ole

VirusTotal metadata
First submission 2016-10-10 12:39:28 UTC ( 4 months, 2 weeks ago )
Last submission 2017-01-10 16:15:44 UTC ( 1 month, 2 weeks ago )
File names denise.schubiger_INC000002244021.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!