× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97ae2153166afc889b87e22206547980753eda99ff4cf524649bd0c9f02083db
File name: d0d8dc58c3f986c968367f2d221b624480a9399a
Detection ratio: 3 / 59
Analysis date: 2017-12-20 13:49:17 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Fortinet VBA/Agent.DEM!tr.dldr 20171220
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20171220
Qihoo-360 virus.office.qexvmc.1090 20171220
Ad-Aware 20171220
AegisLab 20171220
AhnLab-V3 20171220
Alibaba 20171220
ALYac 20171220
Antiy-AVL 20171220
Arcabit 20171220
Avast 20171220
Avast-Mobile 20171220
AVG 20171220
Avira (no cloud) 20171220
AVware 20171220
Baidu 20171219
BitDefender 20171220
Bkav 20171220
CAT-QuickHeal 20171219
ClamAV 20171220
CMC 20171218
Comodo 20171220
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171220
Cyren 20171220
DrWeb 20171220
eGambit 20171220
Emsisoft 20171220
Endgame 20171130
ESET-NOD32 20171220
F-Prot 20171220
F-Secure 20171220
GData 20171220
Sophos ML 20170914
Jiangmin 20171220
K7AntiVirus 20171220
K7GW 20171220
Kaspersky 20171220
Kingsoft 20171220
Malwarebytes 20171220
MAX 20171220
McAfee 20171220
McAfee-GW-Edition 20171220
Microsoft 20171220
eScan 20171220
nProtect 20171220
Palo Alto Networks (Known Signatures) 20171220
Panda 20171220
Rising 20171220
SentinelOne (Static ML) 20171207
Sophos AV 20171220
SUPERAntiSpyware 20171220
Symantec 20171220
Symantec Mobile Insight 20171220
Tencent 20171220
TheHacker 20171219
TotalDefense 20171220
TrendMicro 20171220
TrendMicro-HouseCall 20171220
Trustlook 20171220
VBA32 20171219
VIPRE 20171220
ViRobot 20171220
Webroot 20171220
WhiteArmor 20171204
Yandex 20171219
Zillya 20171219
ZoneAlarm by Check Point 20171220
Zoner 20171220
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-12-20 13:25:00
revision_number
3
author
Longer
page_count
1
last_saved
2017-12-20 13:26:00
edit_time
257698037640
word_count
114
template
Normal
application_name
Microsoft Office Word
character_count
650
code_page
Cyrillic
Document summary
line_count
5
company
Grizli777
characters_with_spaces
763
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
9920
type_literal
stream
sid
24
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7088
type_literal
stream
sid
1
name
Data
size
10167
type_literal
stream
sid
23
name
Macros/PROJECT
size
550
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
20
name
Macros/UserForm1/\x01CompObj
size
110
type_literal
stream
sid
21
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
14
name
Macros/UserForm1/f
size
243
type_literal
stream
sid
19
name
Macros/UserForm1/i01/\x01CompObj
size
112
type_literal
stream
sid
17
name
Macros/UserForm1/i01/f
size
797
type_literal
stream
sid
18
name
Macros/UserForm1/i01/o
size
52
type_literal
stream
sid
15
name
Macros/UserForm1/o
size
104
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
4462
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1115
type_literal
stream
sid
10
type
macro
name
Macros/VBA/UserForm1
size
1533
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
3612
type_literal
stream
sid
12
name
Macros/VBA/dir
size
844
type_literal
stream
sid
3
name
WordDocument
size
4148
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 35 bytes
[+] Module1.bas Macros/VBA/Module1 1448 bytes
obfuscated run-file
[+] UserForm1.frm Macros/VBA/UserForm1 94 bytes
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1, , 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
763

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:12:20 12:26:00

TitleOfParts
,

Company
Grizli777

Characters
650

CodePage
Windows Cyrillic

RevisionNumber
3

MIMEType
application/msword

Words
114

CreateDate
2017:12:20 12:25:00

Lines
5

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
9767:02:16 04:14:00

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 a13f6e4c38264eed29ca38048e712380
SHA1 d0d8dc58c3f986c968367f2d221b624480a9399a
SHA256 97ae2153166afc889b87e22206547980753eda99ff4cf524649bd0c9f02083db
ssdeep
768:Mu77D3jz4y49vYaEMrTZrcywD5VrSlaj8CStAaHe1C:H3jz4y49JEMnJcKCStAF1

File size 49.5 KB ( 50688 bytes )
File type MS Word Document
Magic literal

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-12-20 13:49:17 UTC ( 1 year, 3 months ago )
Last submission 2018-05-08 02:31:06 UTC ( 11 months, 2 weeks ago )
File names Secure Form.doc
d0d8dc58c3f986c968367f2d221b624480a9399a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!