× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8da85186a941010216264d11872461a43a71f2cfe50c68b698b181984c2e5555
File name: Resume.rtf
Detection ratio: 9 / 54
Analysis date: 2016-01-29 11:56:06 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AegisLab W97M.Gen!c 20160129
Arcabit HEUR.VBA.Trojan.d 20160129
Avast VBA:Downloader-ABI [Trj] 20160129
AVG W97M/Downloader 20160129
ESET-NOD32 VBA/TrojanDownloader.Agent.APP 20160129
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160129
Fortinet WM/Agent!tr 20160129
Panda O97M/Downloader 20160128
VIPRE LooksLike.Macro.Malware.h (v) 20160129
Ad-Aware 20160129
Yandex 20160128
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160129
Antiy-AVL 20160129
Avira (no cloud) 20160129
Baidu-International 20160129
BitDefender 20160129
Bkav 20160129
ByteHero 20160129
CAT-QuickHeal 20160129
ClamAV 20160129
CMC 20160129
Comodo 20160129
Cyren 20160129
DrWeb 20160129
Emsisoft 20160129
F-Prot 20160129
GData 20160129
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160129
McAfee 20160129
McAfee-GW-Edition 20160129
Microsoft 20160129
eScan 20160129
NANO-Antivirus 20160129
nProtect 20160129
Qihoo-360 20160129
Rising 20160129
Sophos AV 20160129
SUPERAntiSpyware 20160129
Symantec 20160128
Tencent 20160129
TheHacker 20160124
TrendMicro 20160129
TrendMicro-HouseCall 20160129
VBA32 20160128
ViRobot 20160129
Zillya 20160128
Zoner 20160129
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 10426 bytes
create-file environ obfuscated open-file run-dll write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
Marky
lastModifiedBy
Marky
revision
2
created
2016-01-29T01:17:00Z
modified
2016-01-29T01:18:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
67
Characters
388
Application
Microsoft Office Word
DocSecurity
0
Lines
3
Paragraphs
1
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
454
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ja-jp
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Marky

HeadingPairs
Title, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:01:29 01:18:00Z

ZipCRC
0xcb72ec2e

Words
67

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:01:29 01:17:00Z

Lines
3

AppVersion
14.0

ZipUncompressedSize
1696

ZipCompressedSize
434

Characters
388

CharactersWithSpaces
454

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
Marky

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
95593
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
12
bin
1
Contained files by type
XML
15
Microsoft Office
1
Compressed bundles
File identification
MD5 3b68ddd5b6f9c62acc06a046f7d54b0e
SHA1 07194f585c00bf1b45c2be2af97da124062fc125
SHA256 8da85186a941010216264d11872461a43a71f2cfe50c68b698b181984c2e5555
ssdeep
768:u+NPh0C2SJ4Zijpg9TMwMcO108B5TjpSwVbFylHam7Q6iH:uih0Cn4Zi+MwMcOzjTVS4bWHam8H

File size 32.0 KB ( 32816 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated open-file create-file docx macros run-dll environ attachment write-file

VirusTotal metadata
First submission 2016-01-29 03:58:28 UTC ( 1 year, 10 months ago )
Last submission 2016-10-02 23:06:33 UTC ( 1 year, 1 month ago )
File names file.1437992.docx
Resume.rtf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!