| SHA256: | 82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f |
| File name: | bofa_statement_dudi.doc |
| Detection ratio: | 5 / 53 |
| Analysis date: | 2017-02-09 16:08:45 UTC ( 2 years, 2 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Fortinet | WM/Agent.SEQ!tr | 20170209 |
| McAfee | W97M/Dropper.da | 20170209 |
| McAfee-GW-Edition | W97M/Dropper.da | 20170209 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20170209 |
| Qihoo-360 | virus.office.gen.70 | 20170209 |
| Ad-Aware | 20170209 | |
| AegisLab | 20170209 | |
| AhnLab-V3 | 20170209 | |
| Alibaba | 20170122 | |
| ALYac | 20170209 | |
| Antiy-AVL | 20170209 | |
| Arcabit | 20170209 | |
| Avast | 20170209 | |
| AVG | 20170209 | |
| Avira (no cloud) | 20170209 | |
| AVware | 20170209 | |
| Baidu | 20170209 | |
| BitDefender | 20170209 | |
| Bkav | 20170209 | |
| CAT-QuickHeal | 20170209 | |
| ClamAV | 20170209 | |
| CMC | 20170209 | |
| Comodo | 20170209 | |
| CrowdStrike Falcon (ML) | 20170130 | |
| Cyren | 20170209 | |
| Emsisoft | 20170209 | |
| Endgame | 20170208 | |
| ESET-NOD32 | 20170209 | |
| F-Prot | 20170209 | |
| F-Secure | 20170209 | |
| GData | 20170209 | |
| Ikarus | 20170209 | |
| Sophos ML | 20170203 | |
| Jiangmin | 20170209 | |
| K7AntiVirus | 20170209 | |
| K7GW | 20170209 | |
| Kaspersky | 20170209 | |
| Kingsoft | 20170209 | |
| Malwarebytes | 20170209 | |
| Microsoft | 20170209 | |
| eScan | 20170209 | |
| nProtect | 20170209 | |
| Panda | 20170209 | |
| Rising | 20170209 | |
| Sophos AV | 20170209 | |
| SUPERAntiSpyware | 20170209 | |
| Symantec | 20170209 | |
| Tencent | 20170209 | |
| TheHacker | 20170209 | |
| TrendMicro | 20170209 | |
| TrendMicro-HouseCall | 20170209 | |
| Trustlook | 20170209 | |
| VBA32 | 20170209 | |
| VIPRE | 20170209 | |
| ViRobot | 20170209 | |
| WhiteArmor | 20170202 | |
| Yandex | 20170208 | |
| Zillya | 20170208 | |
| Zoner | 20170209 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May write to a file.
May enumerate open windows.
May execute code from Dynamically Linked Libraries.
Summary
last_author
Windows
creation_datetime
2017-02-09 14:03:00
author
Matthew
title
page_count
2
last_saved
2017-02-09 14:03:00
revision_number
1
application_name
Microsoft Office Word
character_count
5
code_page
Cyrillic
template
Normal.dot
Document summary
byte_count
11000
company
characters_with_spaces
5
line_count
1
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
Macros and VBA code streams
ExifTool file metadata
SharedDoc
No
Author
Matthew
HyperlinksChanged
No
System
Windows
LinksUpToDate
No
LastModifiedBy
Windows
HeadingPairs
, 1
Identification
Word 8.0
Template
Normal.dot
CharCountWithSpaces
5
Word97
No
LanguageCode
Russian
CompObjUserType
???????? Microsoft Office Word
ModifyDate
2017:02:09 13:03:00
Characters
5
CodePage
Windows Cyrillic
RevisionNumber
1
MIMEType
application/msword
Words
0
Lines
1
CreateDate
2017:02:09 13:03:00
Bytes
11000
AppVersion
11.5606
Security
None
Software
Microsoft Office Word
FileType
DOC
TotalEditTime
0
Pages
2
ScaleCrop
No
CompObjUserTypeLen
31
FileTypeExtension
doc
Paragraphs
1
LastPrinted
0000:00:00 00:00:00
DocFlags
Has picture, 1Table, ExtChar
Compressed bundles
File identification
MD5 7428af4caaa3689c6ec16eb684244f07
SHA1 3152f563c55146ad3eb4b0111f36f4b5b15016c3
SHA256 82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f
ssdeep
3072:7I8JK3YDtbTUkFNzeTFzukI2tKjtfMLoWrHhFcF:7LFDtXlNz0zBI2tK2FL
File size
177.0 KB ( 181248 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: Matthew, Template: Normal.dot, Last Saved By: Windows, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Feb 08 13:03:00 2017, Last Saved Time/Date: Wed Feb 08 13:03:00 2017, Number of Pages: 2, Number of Words: 0, Number of Characters: 5, Security: 0
| TrID |
Microsoft Word document (80.0%) Generic OLE2 / Multistream Compound File (20.0%) |
Tags
enum-windows
exe-pattern
doc
macros
run-dll
write-file
VirusTotal metadata
First submission
2017-02-09 15:22:09 UTC ( 2 years, 2 months ago )
Last submission
2018-07-23 19:15:31 UTC ( 9 months ago )
| File names |
bofa_statement_hicham.ifrak.doc bofa_statement_accountspayable.doc bofa_statement_techsupport.doc bofa_statement_triage.doc bofa_statement_jobs.doc bofa_statement_jari.virtanen.doc bofa_statement_taco.john.doc file1.doc bofa_statement_dudi.doc Malicious.doc bofa_statement_bert.mullen.doc bofa_statement_kok.doc bofa_statement_georgia.bepis.doc file.tmp 82d4b6676bbff17626aba1a65a9c6ec10ab036c101c8dc5e6e697693ec5a013f bofa_statement_omyra.clark.doc bofa_statement_homer.abejuro.doc bofa_statement_2ndlevel.doc bofa_statement_suzanne.hinkley.doc bofa_statement_iane.doc bofa_statement_jdufour.doc bofa_statement_cstevens.doc bofa_statement_karen.e.bridger.doc bofa_statement_joyce.doc bofa_statement_abenzing.doc |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!