× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf
File name: vti-rescan
Detection ratio: 34 / 56
Analysis date: 2016-04-01 09:26:04 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.VBS.Downloader.LR 20160401
AegisLab W2Km.Crypwall.Gen!c 20160401
AhnLab-V3 W97M/Powershell 20160330
ALYac Trojan.Downloader.doc.powershell 20160401
Arcabit Trojan.VBS.Downloader.LR 20160401
Avast MO97:Downloader-WT [Trj] 20160401
AVG Generic14_c.CEKM 20160401
Avira (no cloud) W2000M/Dldr.Agent.sfh 20160401
BitDefender Trojan.VBS.Downloader.LR 20160401
CAT-QuickHeal O97M.Downloader.H 20160401
Cyren PP97M/Downldr.Q.gen 20160401
DrWeb W97M.DownLoader.965 20160401
Emsisoft Trojan.VBS.Downloader.LR (B) 20160401
ESET-NOD32 PowerShell/Filecoder.F 20160401
F-Prot PP97M/Downldr.Q.gen 20160401
F-Secure Trojan.VBS.Downloader.LR 20160401
Fortinet WM/Agent!tr 20160401
GData Trojan.VBS.Downloader.LR 20160401
Ikarus Trojan-Downloader.O97M.Donoff 20160331
K7AntiVirus Trojan ( 0001140e1 ) 20160331
K7GW Trojan ( 0001140e1 ) 20160401
Kaspersky Trojan-Downloader.MSWord.Agent.acx 20160401
McAfee Downloader-FBCL!C10E4257E891 20160401
McAfee-GW-Edition Downloader-FBCL!C10E4257E891 20160331
Microsoft TrojanDownloader:O97M/Donoff.J 20160401
eScan Trojan.VBS.Downloader.LR 20160401
nProtect Trojan.VBS.Downloader.LR 20160331
Qihoo-360 Trojan.Generic 20160401
Rising DOC:Trojan.DL-Agent/Macro!1.A495 [F] 20160401
Sophos AV Troj/DocDl-AYQ 20160401
Symantec W97M.Downloader 20160331
TrendMicro W2KM_CRYPWALL.IO 20160401
TrendMicro-HouseCall W2KM_CRYPWALL.IO 20160401
ViRobot JS.S.Downloader.114029[h] 20160401
Alibaba 20160401
Antiy-AVL 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
Bkav 20160401
ClamAV 20160401
CMC 20160322
Comodo 20160401
Jiangmin 20160401
Kingsoft 20160401
Malwarebytes 20160401
NANO-Antivirus 20160401
Panda 20160331
SUPERAntiSpyware 20160401
Tencent 20160401
TheHacker 20160330
VBA32 20160331
VIPRE 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May try to download additional files from the Internet.
Macros and VBA code streams
[+] DFHJHRDCHJHFFF.cls word/vbaProject.bin VBA/DFHJHRDCHJHFFF 447 bytes
exe-pattern url-pattern download powershell run-file
Content types
bin
rels
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
TEST
cp:lastModifiedBy
mil0x
cp:revision
99
dcterms:created
2015-01-22T17:33:00Z
dcterms:modified
2016-03-13T17:10:00Z
Application document properties
Template
Normal.dotm
TotalTime
304
Pages
1
Words
0
Characters
3
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
Title
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
3
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
en-us
3
pl-pl
1
ar-sa
1
en-ca
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
mil0x

HeadingPairs
Title, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:03:13 17:10:00Z

ZipCRC
0x7a53048b

Words
0

ScaleCrop
No

RevisionNumber
99

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2015:01:22 17:33:00Z

Lines
1

AppVersion
12.0

ZipUncompressedSize
2800

ZipCompressedSize
545

Characters
3

CharactersWithSpaces
3

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
5.1 hours

ZipCompression
Deflated

Pages
1

Creator
TEST

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
27
Uncompressed size
156923
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
21
bin
1
png
1
Contained files by type
XML
24
unknown
1
Microsoft Office
1
PNG
1
Compressed bundles
File identification
MD5 063394a08bb3eec2680a30939e906343
SHA1 9abeef3ed793f28a24562c3e5c3104eee99daa1c
SHA256 69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf
ssdeep
3072:pPpAZR3J5jvx5mRCNbUjfADPbyyvWL9OzpC/fk:p6hTQjfAjGyqOzp7

File size 111.4 KB ( 114029 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
run-file exe-pattern url-pattern docx macros attachment download powershell

VirusTotal metadata
First submission 2016-03-13 17:39:02 UTC ( 3 years ago )
Last submission 2019-01-28 14:12:43 UTC ( 1 month, 3 weeks ago )
File names 9abeef3ed793f28a24562c3e5c3104eee99daa1c.doc
69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf.bin
Invoice.doc
PowerWare.doc.bin
Invoice 2016-M#72838.doc
Invoice_2016-M#72838.doc
Faktura 2016-M
Invoice 2016-M
crap.doc
69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!