× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f50019f5e83818af3e8da4c03e676320c4c3edb3efcdca4225892a928161e2a
File name: efax1298357237174_23536.doc
Detection ratio: 5 / 60
Analysis date: 2017-11-08 13:17:19 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20171108
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20171108
Qihoo-360 virus.office.qexvmc.1080 20171108
Symantec W97M.Downloader 20171108
Tencent Macro.Trojan.Dropperx.Auto 20171108
Ad-Aware 20171108
AegisLab 20171108
AhnLab-V3 20171108
Alibaba 20170911
ALYac 20171108
Antiy-AVL 20171103
Avast 20171108
Avast-Mobile 20171108
AVG 20171108
Avira (no cloud) 20171108
AVware 20171108
Baidu 20171108
BitDefender 20171108
Bkav 20171108
CAT-QuickHeal 20171107
ClamAV 20171108
CMC 20171104
Comodo 20171108
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171108
Cyren 20171108
DrWeb 20171108
eGambit 20171108
Emsisoft 20171108
Endgame 20171024
ESET-NOD32 20171108
F-Prot 20171108
F-Secure 20171108
Fortinet 20171108
GData 20171108
Ikarus 20171108
Sophos ML 20170914
Jiangmin 20171108
K7AntiVirus 20171108
K7GW 20171108
Kaspersky 20171108
Kingsoft 20171108
Malwarebytes 20171108
MAX 20171108
McAfee 20171108
McAfee-GW-Edition 20171108
Microsoft 20171108
eScan 20171108
nProtect 20171108
Palo Alto Networks (Known Signatures) 20171108
Panda 20171108
Rising 20171108
SentinelOne (Static ML) 20171019
Sophos AV 20171108
SUPERAntiSpyware 20171108
Symantec Mobile Insight 20171107
TheHacker 20171102
TotalDefense 20171108
TrendMicro 20171108
TrendMicro-HouseCall 20171108
Trustlook 20171108
VBA32 20171108
VIPRE 20171108
ViRobot 20171108
Webroot 20171108
WhiteArmor 20171104
Yandex 20171107
Zillya 20171107
ZoneAlarm by Check Point 20171108
Zoner 20171108
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-11-08 10:29:00
revision_number
3
author
PC
page_count
1
last_saved
2017-11-08 10:30:00
edit_time
60
template
Normal
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
10048
type_literal
stream
sid
24
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7416
type_literal
stream
sid
1
name
Data
size
43811
type_literal
stream
sid
23
name
Macros/PROJECT
size
556
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
20
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
21
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
14
name
Macros/UserForm1/f
size
223
type_literal
stream
sid
19
name
Macros/UserForm1/i01/\x01CompObj
size
112
type_literal
stream
sid
17
name
Macros/UserForm1/i01/f
size
817
type_literal
stream
sid
18
name
Macros/UserForm1/i01/o
size
52
type_literal
stream
sid
15
name
Macros/UserForm1/o
size
104
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
4358
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1099
type_literal
stream
sid
10
type
macro
name
Macros/VBA/UserForm1
size
1607
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
3627
type_literal
stream
sid
12
name
Macros/VBA/dir
size
843
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 31 bytes
[+] Module1.bas Macros/VBA/Module1 1369 bytes
obfuscated run-file
[+] UserForm1.frm Macros/VBA/UserForm1 128 bytes
ExifTool file metadata
SharedDoc
No

Author
PC

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
1

CreateDate
2017:11:08 09:29:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:11:08 09:30:00

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 96d2ab7aabe8b60c53d5aff215d1d358
SHA1 4b5f08729654b5cafa81f1ae75784a9e2151e13c
SHA256 7f50019f5e83818af3e8da4c03e676320c4c3edb3efcdca4225892a928161e2a
ssdeep
1536:RMbWv7m8HTpIjJscwupa1ROfaDvLOjAkTo6:aup2Bwum8MOjRL

File size 83.5 KB ( 85506 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: PC, Template: Normal, Last Saved By: user, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Tue Nov 07 09:29:00 2017, Last Saved Time/Date: Tue Nov 07 09:30:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-11-08 10:57:14 UTC ( 1 year, 4 months ago )
Last submission 2018-05-08 05:30:32 UTC ( 10 months, 2 weeks ago )
File names =?UTF-8?B?ZWZheDEyOTgzNTcyMzcxNzRfMjM1MzYuZG9j?=
XUTF-8XBXZWZheDEyOTgzNTcyMzcxNzRfMjM1MzYuZG9jX
efax1298357237174_23536.doc
1bb5311d54cc1179ce91109b481489f28bb40da3
decoded.doc
4b5f08729654b5cafa81f1ae75784a9e2151e13c
SAMPLES 08_11_2017 (45) doc malware downloader
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!