× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84ef5406a61b4fb0703768a120e9f107d569387276357d88ef77c936c1ec109a
File name: 14109KW.doc
Detection ratio: 1 / 57
Analysis date: 2015-02-13 13:55:43 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
ESET-NOD32 W97M/TrojanDownloader.Agent.NEE 20150213
Ad-Aware 20150213
AegisLab 20150213
Yandex 20150212
AhnLab-V3 20150213
Alibaba 20150213
ALYac 20150213
Antiy-AVL 20150213
Avast 20150213
AVG 20150213
Avira (no cloud) 20150213
AVware 20150213
Baidu-International 20150213
BitDefender 20150213
Bkav 20150213
ByteHero 20150213
CAT-QuickHeal 20150213
ClamAV 20150213
CMC 20150211
Comodo 20150213
Cyren 20150213
DrWeb 20150213
Emsisoft 20150213
F-Prot 20150213
F-Secure 20150213
Fortinet 20150213
GData 20150213
Ikarus 20150213
Jiangmin 20150212
K7AntiVirus 20150213
K7GW 20150213
Kaspersky 20150213
Kingsoft 20150213
Malwarebytes 20150213
McAfee 20150213
McAfee-GW-Edition 20150213
Microsoft 20150213
eScan 20150213
NANO-Antivirus 20150213
Norman 20150213
nProtect 20150213
Panda 20150213
Qihoo-360 20150213
Rising 20150212
Sophos AV 20150213
SUPERAntiSpyware 20150213
Symantec 20150213
Tencent 20150213
TheHacker 20150212
TotalDefense 20150213
TrendMicro 20150213
TrendMicro-HouseCall 20150213
VBA32 20150213
VIPRE 20150213
ViRobot 20150213
Zillya 20150213
Zoner 20150213
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-01-19 12:37:00
template
Normal.dot
author
1
page_count
1
last_saved
2015-01-19 12:54:00
edit_time
540
revision_number
8
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1216
type_literal
stream
size
113
name
\x01CompObj
sid
12
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
440
name
Macros/PROJECT
sid
11
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
10
type_literal
stream
size
23186
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
4646
name
Macros/VBA/_VBA_PROJECT
sid
8
type_literal
stream
size
515
name
Macros/VBA/dir
sid
9
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 12230 bytes
create-file create-ole obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:01:19 11:37:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:01:19 11:54:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
8

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
9.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 dda0e41140a88f59ca25f4f987a8e862
SHA1 0010e676d77bd57b7c53b538a4fcba8fc3c3a79b
SHA256 84ef5406a61b4fb0703768a120e9f107d569387276357d88ef77c936c1ec109a
ssdeep
384:CWU9HEpHLZsNVDoTkfKlyoUAwFJzroNL790jit9rZ0jY8pXr:8IFcDCkClyBptMN5JlP8h

File size 49.5 KB ( 50688 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 8, Name of Creating Application: Microsoft Office Word, Total Editing Time: 09:00, Create Time/Date: Sun Jan 18 11:37:00 2015, Last Saved Time/Date: Sun Jan 18 11:54:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file doc create-file macros write-file create-ole

VirusTotal metadata
First submission 2015-02-13 13:26:47 UTC ( 2 years, 7 months ago )
Last submission 2017-07-16 11:37:24 UTC ( 2 months, 1 week ago )
File names 344783TE.doc
467272be4f115a50ba0fb5a4411e98ca
14109KW.doc
1971GA.doc
vti-rescan
0999KI.doc
.cf233300
9df940f73b0c620415091001fa359f47
4892DX.doc
445TD.doc
50688-dda0e41140a88f59ca25f4f987a8e862.doc
0796CQM.doc
131d6f8e75d20776c5b2f2ec98bc38be
8668002f7d5177b2fb72f8560e716007
2907HDG.doc
619HK.doc
VirusShare_dda0e41140a88f59ca25f4f987a8e862
488013ZP.doc
447EUR.doc
93382AEU.doc
330255WCH.doc
39498IX.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!