× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f
File name: bofa_statement_dudi.doc
Detection ratio: 5 / 53
Analysis date: 2017-02-09 16:08:45 UTC ( 2 years ago ) View latest
Antivirus Result Update
Fortinet WM/Agent.SEQ!tr 20170209
McAfee W97M/Dropper.da 20170209
McAfee-GW-Edition W97M/Dropper.da 20170209
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170209
Qihoo-360 virus.office.gen.70 20170209
Ad-Aware 20170209
AegisLab 20170209
AhnLab-V3 20170209
Alibaba 20170122
ALYac 20170209
Antiy-AVL 20170209
Arcabit 20170209
Avast 20170209
AVG 20170209
Avira (no cloud) 20170209
AVware 20170209
Baidu 20170209
BitDefender 20170209
Bkav 20170209
CAT-QuickHeal 20170209
ClamAV 20170209
CMC 20170209
Comodo 20170209
CrowdStrike Falcon (ML) 20170130
Cyren 20170209
Emsisoft 20170209
Endgame 20170208
ESET-NOD32 20170209
F-Prot 20170209
F-Secure 20170209
GData 20170209
Ikarus 20170209
Sophos ML 20170203
Jiangmin 20170209
K7AntiVirus 20170209
K7GW 20170209
Kaspersky 20170209
Kingsoft 20170209
Malwarebytes 20170209
Microsoft 20170209
eScan 20170209
nProtect 20170209
Panda 20170209
Rising 20170209
Sophos AV 20170209
SUPERAntiSpyware 20170209
Symantec 20170209
Tencent 20170209
TheHacker 20170209
TrendMicro 20170209
TrendMicro-HouseCall 20170209
Trustlook 20170209
VBA32 20170209
VIPRE 20170209
ViRobot 20170209
WhiteArmor 20170202
Yandex 20170208
Zillya 20170208
Zoner 20170209
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May write to a file.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Summary
last_author
Windows
creation_datetime
2017-02-09 14:03:00
author
Matthew
title
page_count
2
last_saved
2017-02-09 14:03:00
revision_number
1
application_name
Microsoft Office Word
character_count
5
code_page
Cyrillic
template
Normal.dot
Document summary
byte_count
11000
company
characters_with_spaces
5
line_count
1
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3520
type_literal
stream
sid
20
name
\x01CompObj
size
113
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
4096
type_literal
stream
sid
1
name
Data
size
46803
type_literal
stream
sid
19
name
Macros/PROJECT
size
529
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
10890
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
8709
type_literal
stream
sid
12
name
Macros/VBA/dir
size
848
type_literal
stream
sid
10
type
macro (only attributes)
name
Macros/VBA/heavy
size
1155
type_literal
stream
sid
9
type
macro
name
Macros/VBA/philatelist
size
18063
type_literal
stream
sid
16
name
Macros/heavy/\x01CompObj
size
97
type_literal
stream
sid
17
name
Macros/heavy/\x03VBFrame
size
283
type_literal
stream
sid
14
name
Macros/heavy/f
size
102
type_literal
stream
sid
15
name
Macros/heavy/o
size
12296
type_literal
stream
sid
3
name
WordDocument
size
60677
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4642 bytes
enum-windows
[+] philatelist.bas Macros/VBA/philatelist 8878 bytes
exe-pattern run-dll write-file
ExifTool file metadata
SharedDoc
No

Author
Matthew

CodePage
Windows Cyrillic

System
Windows

LinksUpToDate
No

LastModifiedBy
Windows

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dot

CharCountWithSpaces
5

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:02:09 13:03:00

Characters
5

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

Bytes
11000

CreateDate
2017:02:09 13:03:00

Lines
1

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
2

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 7428af4caaa3689c6ec16eb684244f07
SHA1 3152f563c55146ad3eb4b0111f36f4b5b15016c3
SHA256 82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f
ssdeep
3072:7I8JK3YDtbTUkFNzeTFzukI2tKjtfMLoWrHhFcF:7LFDtXlNz0zBI2tK2FL

File size 177.0 KB ( 181248 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: Matthew, Template: Normal.dot, Last Saved By: Windows, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Feb 08 13:03:00 2017, Last Saved Time/Date: Wed Feb 08 13:03:00 2017, Number of Pages: 2, Number of Words: 0, Number of Characters: 5, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
enum-windows exe-pattern doc macros run-dll write-file

VirusTotal metadata
First submission 2017-02-09 15:22:09 UTC ( 2 years ago )
Last submission 2018-07-23 19:15:31 UTC ( 7 months ago )
File names bofa_statement_hicham.ifrak.doc
bofa_statement_accountspayable.doc
bofa_statement_techsupport.doc
bofa_statement_triage.doc
bofa_statement_jobs.doc
bofa_statement_jari.virtanen.doc
bofa_statement_taco.john.doc
file1.doc
bofa_statement_dudi.doc
Malicious.doc
bofa_statement_bert.mullen.doc
bofa_statement_kok.doc
bofa_statement_georgia.bepis.doc
file.tmp
82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f
bofa_statement_omyra.clark.doc
bofa_statement_homer.abejuro.doc
bofa_statement_2ndlevel.doc
bofa_statement_suzanne.hinkley.doc
bofa_statement_iane.doc
bofa_statement_jdufour.doc
bofa_statement_cstevens.doc
bofa_statement_karen.e.bridger.doc
bofa_statement_joyce.doc
bofa_statement_abenzing.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!