× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7435b4478e8c0bf3fef5fdf43998e5ba4ce646a03376ad2c278399437c5185e5
File name: 000001.DOC
Detection ratio: 4 / 57
Analysis date: 2015-05-21 08:29:46 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Fortinet WM/Agent!tr 20150521
McAfee W97M/Downloader.aha 20150521
McAfee-GW-Edition W97M/Downloader.aha 20150521
Panda W97M/Downloader 20150520
Ad-Aware 20150521
AegisLab 20150521
Yandex 20150520
AhnLab-V3 20150520
Alibaba 20150521
ALYac 20150521
Antiy-AVL 20150521
Avast 20150521
AVG 20150521
Avira (no cloud) 20150521
AVware 20150521
Baidu-International 20150521
BitDefender 20150521
Bkav 20150520
ByteHero 20150521
CAT-QuickHeal 20150520
ClamAV 20150521
CMC 20150520
Comodo 20150521
Cyren 20150521
DrWeb 20150521
Emsisoft 20150521
ESET-NOD32 20150521
F-Prot 20150521
F-Secure 20150521
GData 20150521
Ikarus 20150521
Jiangmin 20150519
K7AntiVirus 20150521
K7GW 20150521
Kaspersky 20150521
Kingsoft 20150521
Malwarebytes 20150521
Microsoft 20150520
eScan 20150521
NANO-Antivirus 20150521
Norman 20150521
nProtect 20150520
Qihoo-360 20150521
Rising 20150520
Sophos AV 20150521
SUPERAntiSpyware 20150521
Symantec 20150521
Tencent 20150521
TheHacker 20150520
TotalDefense 20150525
TrendMicro 20150521
TrendMicro-HouseCall 20150521
VBA32 20150520
VIPRE 20150521
ViRobot 20150521
Zillya 20150520
Zoner 20150520
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
GN
creation_datetime
2015-05-21 07:45:00
template
Normal.dot
author
1
page_count
1
last_saved
2015-05-21 07:45:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
24768
type_literal
stream
size
113
name
\x01CompObj
sid
31
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
6367
name
1Table
sid
1
type_literal
stream
size
644
name
Macros/PROJECT
sid
30
type_literal
stream
size
134
name
Macros/PROJECTwm
sid
29
type_literal
stream
size
2252
type
macro
name
Macros/VBA/M11
sid
10
type_literal
stream
size
3718
type
macro
name
Macros/VBA/M3
sid
19
type_literal
stream
size
5249
type
macro
name
Macros/VBA/Module1
sid
13
type_literal
stream
size
8701
type
macro
name
Macros/VBA/Module2
sid
16
type_literal
stream
size
3396
type
macro
name
Macros/VBA/Module3
sid
22
type_literal
stream
size
2000
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
5446
name
Macros/VBA/_VBA_PROJECT
sid
25
type_literal
stream
size
3527
name
Macros/VBA/__SRP_0
sid
27
type_literal
stream
size
340
name
Macros/VBA/__SRP_1
sid
28
type_literal
stream
size
384
name
Macros/VBA/__SRP_2
sid
8
type_literal
stream
size
149
name
Macros/VBA/__SRP_3
sid
9
type_literal
stream
size
252
name
Macros/VBA/__SRP_4
sid
11
type_literal
stream
size
113
name
Macros/VBA/__SRP_5
sid
12
type_literal
stream
size
1334
name
Macros/VBA/__SRP_6
sid
14
type_literal
stream
size
259
name
Macros/VBA/__SRP_7
sid
15
type_literal
stream
size
2664
name
Macros/VBA/__SRP_8
sid
17
type_literal
stream
size
190
name
Macros/VBA/__SRP_9
sid
18
type_literal
stream
size
714
name
Macros/VBA/__SRP_a
sid
20
type_literal
stream
size
142
name
Macros/VBA/__SRP_b
sid
21
type_literal
stream
size
574
name
Macros/VBA/__SRP_c
sid
23
type_literal
stream
size
144
name
Macros/VBA/__SRP_d
sid
24
type_literal
stream
size
930
name
Macros/VBA/dir
sid
26
type_literal
stream
size
4151
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 93 bytes
[+] M11.bas Macros/VBA/M11 415 bytes
[+] Module1.bas Macros/VBA/Module1 1036 bytes
create-ole obfuscated open-file
[+] Module2.bas Macros/VBA/Module2 3109 bytes
create-file obfuscated open-file write-file
[+] M3.bas Macros/VBA/M3 893 bytes
[+] Module3.bas Macros/VBA/Module3 826 bytes
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
GN

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:05:21 06:45:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:05:21 06:45:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 015cc26b738d313e5e7aba0c9114670e
SHA1 f62ea4e305e9c5390f4f84c8ac0b4158a2c46e02
SHA256 7435b4478e8c0bf3fef5fdf43998e5ba4ce646a03376ad2c278399437c5185e5
ssdeep
768:wuK1cDaqyQDyV002gDOlhjp0EBQ5Vyxql/3:wu0ID20027vp0B8i

File size 70.5 KB ( 72192 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: GN, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed May 20 06:45:00 2015, Last Saved Time/Date: Wed May 20 06:45:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file doc create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2015-05-21 07:47:31 UTC ( 2 years, 3 months ago )
Last submission 2015-05-29 18:39:39 UTC ( 2 years, 2 months ago )
File names e0ae02e1b9581193da04ee1593afc6e6
Travel Order Confirmation - 0300202959.txt.doc
48656f8d6e72370f63928e77c75d2f4f
307188e20875c272c89ba8010b559200
7c16b66ad580ad78cff08256d8f11398
000001.DOC
Travel Order Confirmation - 0300202959.doc
f712e866743dcf5698a865a8ccca4f87
548d246c9135ff87db15dbda857c7f38
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!