× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96afb0f23199547d47801eacb9ce4562b87fbb2a68e5a2a2f0aa271d4e336ae0
File name: 36b5d5c6d4745f75bc7ac26987da01fa_DOC00021656076
Detection ratio: 36 / 56
Analysis date: 2016-09-12 16:32:55 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.CBM 20160912
AhnLab-V3 W97M/Downloader 20160912
ALYac W97M.Downloader.CBM 20160912
Antiy-AVL Trojan/MSWord.Agent.ds 20160912
Arcabit HEUR.VBA.Trojan.d 20160912
Avast VBA:Downloader-BQQ [Trj] 20160912
AVG W97M/Downloader 20160912
Avira (no cloud) W2000M/Dldr.Agent.aagg 20160912
Baidu VBA.Trojan-Downloader.Agent.afz 20160912
BitDefender W97M.Downloader.CBM 20160912
CAT-QuickHeal W97M.Dropper.XD 20160912
ClamAV Doc.Dropper.Agent-1404328 20160912
Comodo UnclassifiedMalware 20160912
Cyren W97M/DridLdr 20160912
DrWeb W97M.DownLoader.1046 20160912
Emsisoft W97M.Downloader.CBM (B) 20160912
ESET-NOD32 VBA/TrojanDownloader.Agent.BAW 20160912
F-Prot New or modified W97M/DridLdr 20160912
F-Secure Trojan-Downloader:W97M/Dridex.R 20160912
Fortinet WM/Agent.BAJ!tr 20160912
GData W97M.Downloader.CBM 20160912
Ikarus Trojan-Downloader.VBA.Agent 20160912
Kaspersky Trojan-Downloader.MSWord.Agent.ahj 20160912
McAfee W97M/Downloader.bcs 20160912
McAfee-GW-Edition W97M/Downloader.bcs 20160912
Microsoft Trojan:O97M/Macrobe.D 20160912
eScan W97M.Downloader.CBM 20160912
NANO-Antivirus Trojan.Script.MLW.ecgnmd 20160912
Panda O97M/Downloader 20160912
Qihoo-360 virus.office.obfuscated.1 20160912
Rising Downloader.Agent/VBA!1.A517 (classic) 20160912
Sophos Troj/DocDl-CUI 20160912
Symantec W97M.Downloader 20160912
Tencent Win32.Trojan.Dldr.Llhl 20160912
TrendMicro W97M_DLOADR.XTSG 20160912
TrendMicro-HouseCall W97M_DLOADR.XTSG 20160912
AegisLab 20160912
Alibaba 20160912
AVware 20160912
Bkav 20160912
CMC 20160912
Jiangmin 20160912
K7AntiVirus 20160912
K7GW 20160912
Kingsoft 20160912
Malwarebytes 20160912
nProtect 20160912
SUPERAntiSpyware 20160912
TheHacker 20160911
TotalDefense 20160907
VBA32 20160912
VIPRE 20160912
ViRobot 20160912
Yandex 20160911
Zillya 20160911
Zoner 20160912
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May perform operations with other files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2016-05-05 08:51:00
template
Normal
author
1
page_count
1
last_saved
2016-05-05 08:51:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7232
type_literal
stream
size
114
name
\x01CompObj
sid
25
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
8986
name
1Table
sid
1
type_literal
stream
size
626
name
Macros/PROJECT
sid
18
type_literal
stream
size
143
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
97
name
Macros/UserForm2/\x01CompObj
sid
23
type_literal
stream
size
256
name
Macros/UserForm2/\x03VBFrame
sid
24
type_literal
stream
size
327
name
Macros/UserForm2/f
sid
21
type_literal
stream
size
16
name
Macros/UserForm2/o
sid
22
type_literal
stream
size
4652
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
13587
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
29643
type
macro
name
Macros/VBA/Module6
sid
10
type_literal
stream
size
9803
type
macro
name
Macros/VBA/ThisDocument
sid
16
type_literal
stream
size
1344
type
macro (only attributes)
name
Macros/VBA/UserForm2
sid
15
type_literal
stream
size
10518
name
Macros/VBA/_VBA_PROJECT
sid
17
type_literal
stream
size
1802
name
Macros/VBA/__SRP_0
sid
11
type_literal
stream
size
136
name
Macros/VBA/__SRP_1
sid
12
type_literal
stream
size
652
name
Macros/VBA/__SRP_2
sid
13
type_literal
stream
size
331
name
Macros/VBA/__SRP_3
sid
14
type_literal
stream
size
905
name
Macros/VBA/dir
sid
7
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 3035 bytes
handle-file open-file
[+] Module6.bas Macros/VBA/Module6 14010 bytes
create-ole obfuscated open-file
[+] Module2.bas Macros/VBA/Module2 5007 bytes
create-ole obfuscated open-file
[+] Module1.bas Macros/VBA/Module1 1869 bytes
obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2016:05:05 07:51:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2016:05:05 07:51:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

File identification
MD5 36b5d5c6d4745f75bc7ac26987da01fa
SHA1 ea8888d77f04f8c3d4ad45eb623602e74979fe21
SHA256 96afb0f23199547d47801eacb9ce4562b87fbb2a68e5a2a2f0aa271d4e336ae0
ssdeep
768:eJgTbuXVobFja3EIrkXGBZaS8Yj2MSyQIldyM0idFdPRE8YRnQYyO1880irViwp:hmob48SZn8Yj2MMMHJE1hyOqmYw

File size 102.0 KB ( 104448 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed May 04 07:51:00 2016, Last Saved Time/Date: Wed May 04 07:51:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file handle-file doc macros create-ole

VirusTotal metadata
First submission 2016-05-05 09:24:36 UTC ( 1 year ago )
Last submission 2016-09-12 16:32:55 UTC ( 8 months, 2 weeks ago )
File names DOC00021656076
9d948e030d2b36e44a3dc9ad17637813
96afb0f23199547d47801eacb9ce4562b87fbb2a68e5a2a2f0aa271d4e336ae0.doc
36b5d5c6d4745f75bc7ac26987da01fa_DOC00021656076
36b5d5c6d4745f75bc7ac26987da01fa.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!