| SHA256: | 70cd8b8c9df2a3919e6275f982bb8065fa61ea6e57d2352ef5b957b799eccd41 |
| File name: | |
| Detection ratio: | 16 / 60 |
| Analysis date: | 2018-08-21 04:45:14 UTC ( 6 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AVware | LooksLike.Macro.Malware.k (v) | 20180821 |
| CAT-QuickHeal | W97M.Downloader.30507 | 20180820 |
| Emsisoft | Trojan-Downloader.Macro.Generic.H (A) | 20180821 |
| Endgame | malicious (high confidence) | 20180730 |
| ESET-NOD32 | VBA/TrojanDownloader.Agent.KAI | 20180821 |
| Fortinet | VBA/Agent.JZV!tr.dldr | 20180821 |
| Ikarus | Trojan-Downloader.VBA.Agent | 20180820 |
| Microsoft | TrojanDownloader:O97M/Donoff | 20180821 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20180821 |
| Qihoo-360 | virus.office.qexvmc.1075 | 20180821 |
| Sophos AV | Troj/DocDl-PEY | 20180821 |
| TACHYON | Suspicious/W97M.Obfus.Gen | 20180821 |
| Tencent | Heur.Macro.Generic.Gen.f | 20180821 |
| TrendMicro | HEUR_VBA.O.ELBP | 20180821 |
| VIPRE | LooksLike.Macro.Malware.k (v) | 20180821 |
| Zoner | Probably W97Obfuscated | 20180820 |
| Ad-Aware | 20180821 | |
| AegisLab | 20180821 | |
| AhnLab-V3 | 20180821 | |
| Alibaba | 20180713 | |
| ALYac | 20180821 | |
| Antiy-AVL | 20180821 | |
| Arcabit | 20180821 | |
| Avast | 20180821 | |
| Avast-Mobile | 20180820 | |
| AVG | 20180821 | |
| Avira (no cloud) | 20180821 | |
| Babable | 20180725 | |
| Baidu | 20180820 | |
| BitDefender | 20180821 | |
| Bkav | 20180820 | |
| ClamAV | 20180821 | |
| CMC | 20180817 | |
| Comodo | 20180821 | |
| CrowdStrike Falcon (ML) | 20180723 | |
| Cybereason | 20180225 | |
| Cylance | 20180821 | |
| Cyren | 20180821 | |
| DrWeb | 20180821 | |
| eGambit | 20180821 | |
| F-Prot | 20180821 | |
| F-Secure | 20180821 | |
| GData | 20180821 | |
| Sophos ML | 20180717 | |
| Jiangmin | 20180821 | |
| K7AntiVirus | 20180820 | |
| K7GW | 20180820 | |
| Kaspersky | 20180821 | |
| Kingsoft | 20180821 | |
| Malwarebytes | 20180821 | |
| MAX | 20180821 | |
| McAfee | 20180821 | |
| McAfee-GW-Edition | 20180821 | |
| eScan | 20180821 | |
| Palo Alto Networks (Known Signatures) | 20180821 | |
| Panda | 20180820 | |
| Rising | 20180821 | |
| SentinelOne (Static ML) | 20180701 | |
| SUPERAntiSpyware | 20180821 | |
| Symantec | 20180821 | |
| Symantec Mobile Insight | 20180814 | |
| TheHacker | 20180821 | |
| TotalDefense | 20180820 | |
| TrendMicro-HouseCall | 20180821 | |
| Trustlook | 20180821 | |
| VBA32 | 20180820 | |
| ViRobot | 20180820 | |
| Webroot | 20180821 | |
| Yandex | 20180820 | |
| Zillya | 20180820 | |
| ZoneAlarm by Check Point | 20180821 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-08-21 00:15:00
template
Normal.dotm
author
Ytoc-PC
page_count
1
last_saved
2018-08-21 00:15:00
word_count
6
revision_number
1
application_name
Microsoft Office Word
character_count
38
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
43
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
Macros and VBA code streams
ExifTool file metadata
SharedDoc
No
Author
Ytoc-PC
CodePage
Windows Latin 1 (Western European)
System
Windows
LinksUpToDate
No
HeadingPairs
Title, 1
Identification
Word 8.0
Template
Normal.dotm
CharCountWithSpaces
43
CreateDate
2018:08:20 23:15:00
Word97
No
LanguageCode
English (US)
CompObjUserType
Microsoft Word 97-2003 Document
ModifyDate
2018:08:20 23:15:00
Characters
38
HyperlinksChanged
No
RevisionNumber
1
MIMEType
application/msword
Words
6
FileType
DOC
Lines
1
AppVersion
16.0
Security
None
Software
Microsoft Office Word
TotalEditTime
0
Pages
1
ScaleCrop
No
CompObjUserTypeLen
32
FileTypeExtension
doc
Paragraphs
1
DocFlags
Has picture, 1Table, ExtChar
File identification
MD5 28cf22a3e8b805c17552f28bacf4b9bb
SHA1 85cf1dabda15d81d8a06488115a27065b7b5acd8
SHA256 70cd8b8c9df2a3919e6275f982bb8065fa61ea6e57d2352ef5b957b799eccd41
ssdeep
1536:vptJlmrJpmxlRw99NBc+a8WkpCFClg6EK1E:hte2dw99f+kpCUlgte
File size
81.3 KB ( 83200 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Ytoc-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Aug 19 23:15:00 2018, Last Saved Time/Date: Sun Aug 19 23:15:00 2018, Number of Pages: 1, Number of Words: 6, Number of Characters: 38, Security: 0
| TrID |
Microsoft Word document (54.2%) Microsoft Word document (old ver.) (32.2%) Generic OLE2 / Multistream Compound File (13.5%) |
Tags
obfuscated
macros
run-file
doc
VirusTotal metadata
First submission
2018-08-21 04:45:14 UTC ( 6 months ago )
Last submission
2018-08-21 04:45:14 UTC ( 6 months ago )
| File names |
|
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!