× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 874b5b645a4af4010e200ddcd28953777e3822f8012a377b48d01e2428e1a2e6
File name: parchel2go567313.doc
Detection ratio: 3 / 54
Analysis date: 2016-11-07 16:17:15 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20161107
Qihoo-360 virus.office.gen.75 20161107
Rising Macro.Downloader.t (classic) 20161107
Ad-Aware 20161107
AegisLab 20161107
AhnLab-V3 20161107
Alibaba 20161107
ALYac 20161107
Antiy-AVL 20161107
Avast 20161107
AVG 20161107
Avira (no cloud) 20161107
AVware 20161107
Baidu 20161107
BitDefender 20161107
Bkav 20161107
CAT-QuickHeal 20161107
ClamAV 20161107
CMC 20161107
Comodo 20161107
CrowdStrike Falcon (ML) 20161024
Cyren 20161107
DrWeb 20161107
Emsisoft 20161107
ESET-NOD32 20161107
F-Prot 20161107
F-Secure 20161107
Fortinet 20161107
GData 20161107
Ikarus 20161107
Sophos ML 20161018
Jiangmin 20161107
K7AntiVirus 20161107
K7GW 20161107
Kaspersky 20161107
Kingsoft 20161107
Malwarebytes 20161107
McAfee 20161107
McAfee-GW-Edition 20161107
Microsoft 20161107
eScan 20161107
NANO-Antivirus 20161107
nProtect 20161107
Panda 20161106
Sophos AV 20161107
SUPERAntiSpyware 20161107
Symantec 20161107
Tencent 20161107
TheHacker 20161106
TrendMicro 20161107
TrendMicro-HouseCall 20161107
VBA32 20161105
VIPRE 20161107
ViRobot 20161107
Yandex 20161107
Zillya 20161107
Zoner 20161107
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
admin
creation_datetime
2016-11-07 10:39:00
author
mark
title
This file has incorrect characters encoding, please repair it buy pressing
page_count
2
last_saved
2016-11-07 10:39:00
word_count
250
revision_number
2
application_name
Microsoft Office Word
character_count
1427
code_page
Cyrillic
template
Normal.dot
Document summary
line_count
11
characters_with_spaces
1674
version
730895
paragraph_count
3
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4224
type_literal
stream
sid
17
name
\x01CompObj
size
113
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
10477
type_literal
stream
sid
1
name
Data
size
4096
type_literal
stream
sid
16
name
Macros/PROJECT
size
369
type_literal
stream
sid
15
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
67903
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
12314
type_literal
stream
sid
13
name
Macros/VBA/__SRP_0
size
1390
type_literal
stream
sid
14
name
Macros/VBA/__SRP_1
size
153
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
924
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
488
type_literal
stream
sid
12
name
Macros/VBA/dir
size
523
type_literal
stream
sid
3
name
WordDocument
size
18984
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 31620 bytes
create-ole obfuscated open-file run-file
ExifTool file metadata
SharedDoc
No

Author
mark

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
1674

CreateDate
2016:11:07 09:39:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:11:07 09:39:00

TitleOfParts
This file has incorrect characters encoding, please repair it buy pressing

Title
This file has incorrect characters encoding, please repair it buy pressing

HyperlinksChanged
No

Characters
1427

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
250

FileType
DOC

Lines
11

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
3

Compressed bundles
File identification
MD5 4136f72c9294668d4528ef2c9a6c3be0
SHA1 e4151d54e41f98826c9497f1bea0cc85abb1cc19
SHA256 874b5b645a4af4010e200ddcd28953777e3822f8012a377b48d01e2428e1a2e6
ssdeep
1536:kjAWc7Sre7WNKq7N6zCF9CwVNsn2Ej9E1/1PZzl1xToaHQFhbhkj:kj070e7g7N6zCF9Cwzs2EjaPZzlQn

File size 130.0 KB ( 133120 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: This file has incorrect characters encoding, please repair it buy pressing, Author: mark, Template: Normal.dot, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Nov 06 09:39:00 2016, Last Saved Time/Date: Sun Nov 06 09:39:00 2016, Number of Pages: 2, Number of Words: 250, Number of Characters: 1427, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file doc run-file macros create-ole

VirusTotal metadata
First submission 2016-11-07 13:55:41 UTC ( 2 years, 3 months ago )
Last submission 2018-01-23 08:26:47 UTC ( 1 year ago )
File names parchel2go567313.doc
parchel2go8743141.doc
parchel2go48569412.doc
parchel2go745274.doc
parchel2go8743141.doc";filename*=UTF-8''parchel2go8743141.doc
874b5b645a4af4010e200ddcd28953777e3822f8012a377b48d01e2428e1a2e6.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!