× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7698bdf2bdf2faf938b9f02d389d711c2a735047258df45794fd364a13cfe92d
File name: zbetcheckin_tracker_Past-Due-Invoices
Detection ratio: 14 / 57
Analysis date: 2018-10-01 21:28:47 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Emsisoft Trojan-Downloader.Macro.Generic.H (A) 20181001
Endgame malicious (high confidence) 20180730
Fortinet VBA/Agent.KSB!tr.dldr 20181001
Ikarus Trojan.VBA.Agent 20181001
K7AntiVirus Trojan ( 00536d111 ) 20181001
K7GW Trojan ( 00536d111 ) 20181001
McAfee W97M/Downloader.ea 20181001
McAfee-GW-Edition W97M/Downloader.ea 20181001
Microsoft Trojan:Script/Foretype.A!ml 20181001
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181001
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ISB.Downloader!gen69 20181001
TrendMicro Troj_Gen.F04IE00J118 20181001
Zoner Probably W97Obfuscated 20180927
Ad-Aware 20181001
AegisLab 20181001
AhnLab-V3 20181001
Alibaba 20180921
ALYac 20181001
Antiy-AVL 20181001
Avast 20181001
Avast-Mobile 20181001
AVG 20181001
Avira (no cloud) 20181001
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181001
Bkav 20181001
CAT-QuickHeal 20181001
ClamAV 20181001
CMC 20181001
Comodo 20181001
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181001
Cyren 20181001
DrWeb 20181001
eGambit 20181001
ESET-NOD32 20181001
F-Prot 20181001
F-Secure 20180810
GData 20181001
Sophos ML 20180717
Jiangmin 20181001
Kaspersky 20181001
Kingsoft 20181001
MAX 20181001
eScan 20181001
Palo Alto Networks (Known Signatures) 20181001
Panda 20181001
Qihoo-360 20181001
Rising 20181001
Sophos AV 20181001
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181001
TheHacker 20181001
TotalDefense 20181001
TrendMicro-HouseCall 20181001
Trustlook 20181001
VBA32 20181001
VIPRE 20181001
ViRobot 20181001
Webroot 20181001
Yandex 20180927
ZoneAlarm by Check Point 20180925
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-10-01 17:31:00
template
Normal.dotm
author
John
page_count
1
last_saved
2018-10-01 17:31:00
word_count
6
revision_number
1
application_name
Microsoft Office Word
character_count
37
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
42
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8064
type_literal
stream
size
114
name
\x01CompObj
sid
19
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
408
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7564
name
1Table
sid
2
type_literal
stream
size
20259
name
Data
sid
1
type_literal
stream
size
504
name
Macros/PROJECT
sid
18
type_literal
stream
size
119
name
Macros/PROJECTwm
sid
17
type_literal
stream
size
4346
name
Macros/VBA/_VBA_PROJECT
sid
13
type_literal
stream
size
1316
name
Macros/VBA/__SRP_0
sid
15
type_literal
stream
size
110
name
Macros/VBA/__SRP_1
sid
16
type_literal
stream
size
292
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
4509
type
macro
name
Macros/VBA/caHIKoBPD
sid
11
type_literal
stream
size
649
name
Macros/VBA/dir
sid
14
type_literal
stream
size
2501
type
macro
name
Macros/VBA/izXzCqwwWUCwhk
sid
8
type_literal
stream
size
1644
type
macro
name
Macros/VBA/viiwhaUAKGfpC
sid
12
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] izXzCqwwWUCwhk.cls Macros/VBA/izXzCqwwWUCwhk 588 bytes
obfuscated
[+] caHIKoBPD.bas Macros/VBA/caHIKoBPD 1837 bytes
obfuscated
[+] viiwhaUAKGfpC.bas Macros/VBA/viiwhaUAKGfpC 369 bytes
run-file
ExifTool file metadata
SharedDoc
No

Author
John

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
42

CreateDate
2018:10:01 16:31:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:10:01 16:31:00

ScaleCrop
No

Characters
37

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
6

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 aeac9383d139f3cc3639c618330370ca
SHA1 a74120f1bbddf313c873dce324f59e3e0746643b
SHA256 7698bdf2bdf2faf938b9f02d389d711c2a735047258df45794fd364a13cfe92d
ssdeep
768:tpJcaUitGAlmrJpmxlzC+w99NBH+1o0ffk0k3Lv1zZi0r6yzTWb:tptJlmrJpmxlRw99NBH+a0U7rTzq

File size 73.5 KB ( 75264 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: John, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Sep 30 16:31:00 2018, Last Saved Time/Date: Sun Sep 30 16:31:00 2018, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-10-01 21:28:47 UTC ( 1 month, 2 weeks ago )
Last submission 2018-10-01 21:28:47 UTC ( 1 month, 2 weeks ago )
File names zbetcheckin_tracker_Past-Due-Invoices
2018.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!