× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9495476ae76b40210cba9a54de07e423b3fec4d0225ec4d8063077c2f78ba4a8
File name: Attached file: request for payment-t9a.rtf.txt
Detection ratio: 29 / 54
Analysis date: 2016-07-31 10:50:51 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.VB.Dropper.AMU 20160731
AegisLab Troj.Msword.Agent!c 20160731
ALYac Trojan.VB.Dropper.AMU 20160731
Antiy-AVL Trojan/MSWord.Agent.em 20160731
Arcabit Trojan.VB.Dropper.AMU 20160731
Avast VBA:Downloader-CPA [Trj] 20160731
AVG W97M/Downloader 20160731
Avira (no cloud) W2000M/Agent.39151 20160731
BitDefender Trojan.VB.Dropper.AMU 20160731
CAT-QuickHeal O97M.Downloader.GQ 20160730
ClamAV Doc.Dropper.Agent-1568116 20160731
Cyren PP97M/Downldr.BH.gen 20160731
Emsisoft Trojan.VB.Dropper.AMU (B) 20160731
ESET-NOD32 VBA/TrojanDownloader.Agent.BMF 20160731
F-Prot PP97M/Downldr.BH.gen 20160731
F-Secure Trojan.VB.Dropper.AMU 20160731
Fortinet WM/Agent.BMF!tr 20160731
GData Trojan.VB.Dropper.AMU 20160731
Ikarus Trojan-Downloader.VBA.Agent 20160731
Kaspersky Trojan.MSWord.Agent.em 20160731
McAfee W97M/Downloader.bhg 20160731
McAfee-GW-Edition W97M/Downloader.bhg 20160730
Microsoft Trojan:O97M/Macrobe.D 20160731
eScan Trojan.VB.Dropper.AMU 20160731
nProtect Trojan.VB.Dropper.AMU 20160729
Qihoo-360 virus.office.obfuscated.1 20160731
Sophos AV Troj/DocDl-ECK 20160731
Tencent Word.Trojan.Agent.Agku 20160731
TrendMicro W2KM_DLOADR.RC 20160731
AhnLab-V3 20160730
Alibaba 20160730
AVware 20160731
Baidu 20160730
Bkav 20160727
CMC 20160728
Comodo 20160731
DrWeb 20160731
Jiangmin 20160731
K7AntiVirus 20160731
K7GW 20160731
Kingsoft 20160731
Malwarebytes 20160731
NANO-Antivirus 20160731
Panda 20160731
SUPERAntiSpyware 20160731
Symantec 20160731
TheHacker 20160729
TrendMicro-HouseCall 20160731
VBA32 20160729
VIPRE 20160731
ViRobot 20160731
Yandex 20160730
Zillya 20160730
Zoner 20160731
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 8937 bytes
create-ole
Content types
bin
rels
jpeg
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
tutorhood
lastModifiedBy
cerebellocortex
revision
4
created
2016-06-03T19:27:00.0000000Z
modified
2016-07-25T23:48:00.0000000Z
Application document properties
Template
Normal
TotalTime
0
Pages
2
Words
631
Characters
3600
Application
Microsoft Office Word
DocSecurity
0
Lines
30
Paragraphs
8
ScaleCrop
false
Company
apogamically
LinksUpToDate
false
CharactersWithSpaces
4223
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
CorePropertiesModified
2016-07-25T23:48:00.0000000Z

PropertiesParagraphs
8

CorePropertiesCreatedType
dcterms:W3CDTF

PropertiesHyperlinksChanged
False

ZipFileName
[Content_Types].xml

PropertiesLinksUpToDate
False

CorePropertiesXmlns
http://schemas.openxmlformats.org/package/2006/metadata/core-properties

ZipRequiredVersion
20

ZipCRC
0xffdc6d76

PropertiesWords
631

CorePropertiesCreator
tutorhood

ZipBitFlag
0x0006

PropertiesTotalTime
0

PropertiesLines
30

MIMEType
application/vnd.ms-word.document.macroEnabled

CorePropertiesCreated
2016-06-03T19:27:00.0000000Z

FileType
DOCM

PropertiesSharedDoc
False

ZipUncompressedSize
1555

PropertiesCharactersWithSpaces
4223

PropertiesApplication
Microsoft Office Word

CorePropertiesRevision
4

PropertiesHeadingPairs
, 1

ZipModifyDate
1980:01:01 00:00:00

ZipCompressedSize
431

PropertiesTemplate
Normal

PropertiesAppVersion
12.0

PropertiesPages
2

ZipCompression
Deflated

PropertiesDocSecurity
0

CorePropertiesModifiedType
dcterms:W3CDTF

FileTypeExtension
docm

PropertiesCompany
apogamically

PropertiesCharacters
3600

CorePropertiesLastModifiedBy
cerebellocortex

PropertiesScaleCrop
False

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
192103
Highest datetime
2016-07-25 16:48:34
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
png
1
Contained files by type
XML
11
unknown
2
Microsoft Office
1
JPG
1
PNG
1
File identification
MD5 76409c5a953b99e6d3a3f80e14e258e4
SHA1 5187e68c9e455d4a071f1120e5b4e3d24b6ff28b
SHA256 9495476ae76b40210cba9a54de07e423b3fec4d0225ec4d8063077c2f78ba4a8
ssdeep
3072:eEk44n9U9qY8ZBR4FpW6M+f5F1E0c5sRm4u3o/JI3zzTgI5j9C3ZC6RG:eA49U9uWpW6PF1E0c5sdu3o0gI5j9CJC

File size 149.2 KB ( 152813 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
macros docx create-ole

VirusTotal metadata
First submission 2016-07-26 13:47:21 UTC ( 1 year, 2 months ago )
Last submission 2016-07-31 10:50:51 UTC ( 1 year, 2 months ago )
File names request for payment-t9a.rtf
Attached file: request for payment-t9a.rtf.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!