× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c
File name: doc4502094035-02.doc
Detection ratio: 5 / 54
Analysis date: 2016-01-27 09:35:13 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AegisLab Macro.Gen!c 20160127
Avira (no cloud) HEUR/Macro.Downloader 20160127
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160127
Qihoo-360 heur.macro.download.cc 20160127
VIPRE Trojan-Downloader.W97M.Adnel.b (v) 20160127
Ad-Aware 20160127
Yandex 20160126
AhnLab-V3 20160127
Alibaba 20160127
ALYac 20160127
Antiy-AVL 20160127
Arcabit 20160127
Avast 20160127
AVG 20160127
Baidu-International 20160127
BitDefender 20160127
Bkav 20160126
ByteHero 20160127
CAT-QuickHeal 20160127
ClamAV 20160127
CMC 20160111
Comodo 20160127
Cyren 20160127
DrWeb 20160127
Emsisoft 20160127
ESET-NOD32 20160127
F-Prot 20160127
Fortinet 20160127
GData 20160127
Ikarus 20160127
Jiangmin 20160127
K7AntiVirus 20160127
K7GW 20160127
Kaspersky 20160127
Malwarebytes 20160127
McAfee 20160127
McAfee-GW-Edition 20160127
Microsoft 20160127
eScan 20160127
NANO-Antivirus 20160127
nProtect 20160126
Panda 20160126
Rising 20160127
Sophos AV 20160127
SUPERAntiSpyware 20160127
Symantec 20160126
Tencent 20160127
TheHacker 20160124
TrendMicro 20160127
TrendMicro-HouseCall 20160127
VBA32 20160126
ViRobot 20160127
Zillya 20160126
Zoner 20160127
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May copy a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Microsoft Office
creation_datetime
2016-01-25 09:09:00
template
Normal.dot
author
1
page_count
1
last_saved
2016-01-26 20:44:00
edit_time
840
word_count
1
revision_number
42
application_name
Microsoft Office Word
character_count
8
code_page
Cyrillic
Document summary
line_count
1
company
Home
characters_with_spaces
8
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7552
type_literal
stream
size
113
name
\x01CompObj
sid
23
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
538
name
Macros/PROJECT
sid
22
type_literal
stream
size
95
name
Macros/PROJECTwm
sid
21
type_literal
stream
size
97
name
Macros/UserForm1/\x01CompObj
sid
19
type_literal
stream
size
291
name
Macros/UserForm1/\x03VBFrame
sid
20
type_literal
stream
size
314
name
Macros/UserForm1/f
sid
17
type_literal
stream
size
364
name
Macros/UserForm1/o
sid
18
type_literal
stream
size
37291
type
macro
name
Macros/VBA/Module2
sid
10
type_literal
stream
size
1279
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
1159
type
macro (only attributes)
name
Macros/VBA/UserForm1
sid
11
type_literal
stream
size
5893
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1553
name
Macros/VBA/__SRP_0
sid
14
type_literal
stream
size
110
name
Macros/VBA/__SRP_1
sid
15
type_literal
stream
size
264
name
Macros/VBA/__SRP_2
sid
8
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
9
type_literal
stream
size
852
name
Macros/VBA/dir
sid
13
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 46 bytes
[+] Module2.bas Macros/VBA/Module2 20995 bytes
copy-file create-file create-ole obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
Microsoft Office

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
8

CreateDate
2016:01:25 08:09:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:01:26 19:44:00

Company
Home

HyperlinksChanged
No

Characters
8

ScaleCrop
No

RevisionNumber
42

MIMEType
application/msword

Words
1

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
14.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 408c40654a74751186497c35b2748716
SHA1 e6501eb75812bfeaaba62d4d749221eca83bb785
SHA256 6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c
ssdeep
768:ljdGPyj8ZI8n135PGMVr3iCSx0qv+MC5AeeKo1AfcCXSxfNp:xHm5/0/OW+MArJf76N

File size 71.5 KB ( 73216 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: Microsoft Office, Revision Number: 42, Name of Creating Application: Microsoft Office Word, Total Editing Time: 14:00, Create Time/Date: Sun Jan 24 08:09:00 2016, Last Saved Time/Date: Mon Jan 25 19:44:00 2016, Number of Pages: 1, Number of Words: 1, Number of Characters: 8, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file doc copy-file create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2016-01-27 09:07:17 UTC ( 1 year, 10 months ago )
Last submission 2016-03-08 17:16:34 UTC ( 1 year, 8 months ago )
File names 46f37f900821e8bc5f493e03bd2159d4
3a69ca0cbd8fa25eae25bbf72a23b2ae
0d48b09a4498be9fee9f3b8ce5b3d091
doc4502094035-02.doc
e03cf242edf574e80e6ae8f5230303a3
514ff7bae1392f0e397f752860540587
doc4502094035.doc
6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c.bin
c3bf4ab1de31a03e2319c96964f5eb5f
6d92f34a5dfd9e9b47696850e061d184
20a790a836fd4579c528c6d1b2e8bc11
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!