× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73d0d60b84393ffbc09a94230384772ec688ff2c39a2a4de58ff705b2aa55e50
File name: IGM135809.doc
Detection ratio: 0 / 57
Analysis date: 2015-02-26 10:57:29 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150226
AegisLab 20150226
Yandex 20150225
AhnLab-V3 20150225
Alibaba 20150225
ALYac 20150226
Antiy-AVL 20150226
Avast 20150226
AVG 20150226
Avira (no cloud) 20150226
AVware 20150226
Baidu-International 20150226
BitDefender 20150226
Bkav 20150225
ByteHero 20150226
CAT-QuickHeal 20150226
ClamAV 20150226
CMC 20150226
Comodo 20150226
Cyren 20150226
DrWeb 20150226
Emsisoft 20150226
ESET-NOD32 20150226
F-Prot 20150226
F-Secure 20150226
Fortinet 20150226
GData 20150226
Ikarus 20150226
Jiangmin 20150225
K7AntiVirus 20150226
K7GW 20150226
Kaspersky 20150226
Kingsoft 20150226
Malwarebytes 20150226
McAfee 20150226
McAfee-GW-Edition 20150226
Microsoft 20150226
eScan 20150226
NANO-Antivirus 20150226
Norman 20150226
nProtect 20150226
Panda 20150226
Qihoo-360 20150226
Rising 20150226
Sophos AV 20150226
SUPERAntiSpyware 20150226
Symantec 20150226
Tencent 20150226
TheHacker 20150225
TotalDefense 20150226
TrendMicro 20150226
TrendMicro-HouseCall 20150226
VBA32 20150226
VIPRE 20150226
ViRobot 20150226
Zillya 20150226
Zoner 20150223
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
1
creation_datetime
2015-01-22 11:18:00
revision_number
6
author
1
page_count
1
last_saved
2015-01-23 02:09:00
edit_time
300
template
Normal.dot
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
14208
type_literal
stream
sid
16
name
\x01CompObj
size
113
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
4096
type_literal
stream
sid
15
name
Macros/PROJECT
size
603
type_literal
stream
sid
14
name
Macros/PROJECTwm
size
137
type_literal
stream
sid
9
type
macro (only attributes)
name
Macros/VBA/Class1
size
999
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
2173
type_literal
stream
sid
11
type
macro (only attributes)
name
Macros/VBA/Module2
size
702
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1089
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
3771
type_literal
stream
sid
10
type
macro
name
Macros/VBA/dfsdfsdf
size
3666
type_literal
stream
sid
13
name
Macros/VBA/dir
size
682
type_literal
stream
sid
2
name
WordDocument
size
4142
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 26 bytes
[+] Module1.bas Macros/VBA/Module1 868 bytes
[+] dfsdfsdf.bas Macros/VBA/dfsdfsdf 1635 bytes
download environ run-dll run-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:01:22 10:18:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:01:23 01:09:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
6

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
5.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 804dbe42f4d2aa25dac4d147a54b8e30
SHA1 11bddf29e5c27496561a53e138f7c5c1addc21a7
SHA256 73d0d60b84393ffbc09a94230384772ec688ff2c39a2a4de58ff705b2aa55e50
ssdeep
192:D4hpufkUaX3ZW5tfwXB5ZB/lHhTrJK/4OXtqqy0ra0jhx0mPXtDnpaC2:0hpyqpW5tfM5ZbF1Kd4ura0jQutjq

File size 35.0 KB ( 35840 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 6, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Wed Jan 21 10:18:00 2015, Last Saved Time/Date: Thu Jan 22 01:09:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
run-file doc macros run-dll environ attachment download

VirusTotal metadata
First submission 2015-02-26 10:32:29 UTC ( 2 years, 8 months ago )
Last submission 2016-09-04 20:26:32 UTC ( 1 year, 2 months ago )
File names 79ab9333df8b71b73d629c0e952aa8d6
c4ca39e9f20efac9f0246e39a3f165e3
IGM135809.doc
c1156feb90ee5dbd2c7b14466ece93dc
1b7a2f2dcfb0340bb7d74655f25f475d
3c20314de089c7e5f7cf47fbc9c86a98
ujoPLL.dwg
VirusShare_804dbe42f4d2aa25dac4d147a54b8e30
aca3ff1a5d25f7f673840510b33d0f87
b1978d35fdfbb40aa7f9734faf1b0fd6
Gregg Simmonds Copy Invoice IGM135809.doc
IGM135809.doc
IGM135809.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!