× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c32cb9416c4a88e49bcfe7e871bdd36b4c6ec16d9430809817cddcf4db9dc03
File name: 8695884
Detection ratio: 15 / 60
Analysis date: 2018-06-05 18:35:33 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20180605
AVware LooksLike.Macro.Malware.k (v) 20180605
Baidu VBA.Trojan-Downloader.Agent.cym 20180605
ESET-NOD32 VBA/TrojanDownloader.Agent.IOR 20180605
Fortinet VBA/Agent.23B8!tr.dldr 20180605
Ikarus Trojan-Downloader.VBA.Agent 20180605
McAfee W97M/Downloader.cpl 20180605
McAfee-GW-Edition BehavesLike.Downloader.cl 20180605
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180605
Qihoo-360 virus.office.obfuscated.4 20180605
TACHYON Suspicious/W97M.Obfus.Gen 20180605
Tencent Heur.Macro.Generic.Gen.f 20180605
TrendMicro HEUR_VBA.O.ELBP 20180605
VIPRE LooksLike.Macro.Malware.k (v) 20180605
Zoner Probably W97Obfuscated 20180605
Ad-Aware 20180605
AegisLab 20180605
AhnLab-V3 20180605
Alibaba 20180604
ALYac 20180605
Antiy-AVL 20180605
Avast 20180605
Avast-Mobile 20180605
AVG 20180605
Avira (no cloud) 20180605
Babable 20180406
BitDefender 20180605
Bkav 20180605
CAT-QuickHeal 20180605
ClamAV 20180605
CMC 20180605
Comodo 20180604
CrowdStrike Falcon (ML) 20180202
Cybereason
Cylance 20180605
Cyren 20180605
DrWeb 20180605
eGambit 20180605
Emsisoft 20180605
Endgame 20180507
F-Prot 20180605
F-Secure 20180605
GData 20180605
Sophos ML 20180601
Jiangmin 20180605
K7AntiVirus 20180605
K7GW 20180605
Kaspersky 20180605
Kingsoft 20180605
Malwarebytes 20180605
MAX 20180605
Microsoft 20180605
eScan 20180605
Palo Alto Networks (Known Signatures) 20180605
Panda 20180605
Rising 20180605
SentinelOne (Static ML) 20180225
Sophos AV 20180605
SUPERAntiSpyware 20180605
Symantec 20180605
Symantec Mobile Insight 20180605
TheHacker 20180605
TotalDefense 20180605
TrendMicro-HouseCall 20180605
Trustlook 20180605
VBA32 20180605
ViRobot 20180605
Webroot 20180605
Yandex 20180529
Zillya 20180605
ZoneAlarm by Check Point 20180605
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-06-05 18:39:00
author
75975Ushojituwogaeg35531
title
48690Ushojituwogaeg42133
page_count
1
last_saved
2018-06-05 18:39:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
subject
13758Ushoj88543
code_page
Latin I
template
Normal.dotm
Document summary
category
44225Ushojit51122
line_count
1
company
62008Ushojituwogaegyn29651
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7360
type_literal
stream
size
114
name
\x01CompObj
sid
18
type_literal
stream
size
360
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
464
name
\x05SummaryInformation
sid
4
type_literal
stream
size
8592
name
1Table
sid
2
type_literal
stream
size
22293
name
Data
sid
1
type_literal
stream
size
441
name
Macros/PROJECT
sid
16
type_literal
stream
size
83
name
Macros/PROJECTwm
sid
17
type_literal
stream
size
3022
type
macro
name
Macros/VBA/MJwoFHiLnVur
sid
13
type_literal
stream
size
11915
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
1283
name
Macros/VBA/__SRP_0
sid
9
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
10
type_literal
stream
size
364
name
Macros/VBA/__SRP_2
sid
11
type_literal
stream
size
145
name
Macros/VBA/__SRP_3
sid
12
type_literal
stream
size
595
name
Macros/VBA/dir
sid
8
type_literal
stream
size
20615
type
macro
name
Macros/VBA/fsRMbcaOJKPQp
sid
15
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] MJwoFHiLnVur.cls Macros/VBA/MJwoFHiLnVur 881 bytes
obfuscated run-file
[+] fsRMbcaOJKPQp.bas Macros/VBA/fsRMbcaOJKPQp 10157 bytes
ExifTool file metadata
Category
44225Ushojit51122

SharedDoc
No

Author
75975Ushojituwogaeg35531

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:06:05 16:39:00

ScaleCrop
No

Company
62008Ushojituwogaegyn29651

Title
48690Ushojituwogaeg42133

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:06:05 16:39:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
13758Ushoj88543

File identification
MD5 f1fce6ce2854b69540f771cb96639624
SHA1 819c7257e9840327b2b5a3f96f338fd30a8cce82
SHA256 7c32cb9416c4a88e49bcfe7e871bdd36b4c6ec16d9430809817cddcf4db9dc03
ssdeep
1536:4u8WQ+4X0zyPcle+agHfiHX+uWYxnmcTqOSb:KXsiOHYx0bb

File size 104.0 KB ( 106496 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: 48690Ushojituwogaeg42133, Subject: 13758Ushoj88543, Author: 75975Ushojituwogaeg35531, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Jun 04 17:39:00 2018, Last Saved Time/Date: Mon Jun 04 17:39:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-06-05 18:35:33 UTC ( 9 months, 2 weeks ago )
Last submission 2018-11-20 09:10:39 UTC ( 4 months ago )
File names FACT375568078466244.doc
RECH3003316044748.doc
INV6507152973.doc
RECH571573486.doc
INV4342644243546780211.doc
INV272838720.doc
INV2107504588361696.doc
RECH5052040.doc
INV54595675.doc
RECH51491316178.doc
8A54437300664996.doc
8695884
RECH5904774008744.doc
8IP82435672014467.doc
2C55516639550138.doc
0YPG39443889647835.doc
RECH69821726775257.doc
INV5867563.doc
RECH351246891867330.doc
6J18324536956959.doc
1KEF87873291722449.doc
INV6013508184466233.doc
INV88654600.doc
INV5456861348384982195.doc
RECH10418540.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!