× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a202c2fa7e5eae2e586e2db61ce3dc9d267ce334e81d699db3307d79d3e77a5
File name: mal.doc
Detection ratio: 6 / 56
Analysis date: 2015-10-21 11:49:49 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/Macro.Downloader 20151021
AVware LooksLike.Macro.Malware.gen!d3 (v) 20151021
Fortinet WM/Agent!tr 20151021
Panda W97M/Downloader 20151021
Sophos AV Troj/DocDl-ACU 20151021
VIPRE LooksLike.Macro.Malware.gen!d3 (v) 20151021
Ad-Aware 20151021
AegisLab 20151021
Yandex 20151020
AhnLab-V3 20151021
Alibaba 20151021
ALYac 20151021
Antiy-AVL 20151021
Arcabit 20151021
Avast 20151021
AVG 20151021
Baidu-International 20151021
BitDefender 20151021
Bkav 20151021
ByteHero 20151021
CAT-QuickHeal 20151021
ClamAV 20151021
CMC 20151021
Comodo 20151021
Cyren 20151021
DrWeb 20151021
Emsisoft 20151021
ESET-NOD32 20151021
F-Prot 20151021
F-Secure 20151021
GData 20151021
Ikarus 20151021
Jiangmin 20151020
K7AntiVirus 20151021
K7GW 20151021
Kaspersky 20151021
Kingsoft 20151021
Malwarebytes 20151021
McAfee 20151021
McAfee-GW-Edition 20151021
Microsoft 20151021
eScan 20151021
NANO-Antivirus 20151021
nProtect 20151021
Qihoo-360 20151021
Rising 20151020
SUPERAntiSpyware 20151021
Symantec 20151020
Tencent 20151021
TheHacker 20151020
TrendMicro 20151021
TrendMicro-HouseCall 20151021
VBA32 20151020
ViRobot 20151021
Zillya 20151020
Zoner 20151021
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-21 08:38:00
template
Normal
author
1
page_count
1
last_saved
2015-10-21 08:38:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3008
type_literal
stream
size
114
name
\x01CompObj
sid
15
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
10222
name
1Table
sid
1
type_literal
stream
size
515
name
Macros/PROJECT
sid
14
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
13
type_literal
stream
size
7807
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
18990
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
15723
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
1475
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
7123
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
617
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 185 bytes
[+] Module1.bas Macros/VBA/Module1 4012 bytes
exe-pattern create-ole download obfuscated open-file run-file
[+] Module2.bas Macros/VBA/Module2 11710 bytes
create-file create-ole obfuscated
[+] Module3.bas Macros/VBA/Module3 8823 bytes
exe-pattern url-pattern create-file create-ole enum-windows open-file run-file write-file
ExifTool file metadata
MIMEType
image/vnd.fpx

FileType
FPX

Warning
Error loading Mini-FAT stream

FileTypeExtension
fpx

File identification
MD5 7e738774ae3e4051d0424d98059e94fa
SHA1 24a80b91b6da78fdb24b0469cdb730fe4ba46c51
SHA256 9a202c2fa7e5eae2e586e2db61ce3dc9d267ce334e81d699db3307d79d3e77a5
ssdeep
1536:ToHPSY2r2f0lbBHvLvse4/r8nL1qElyfWhzPK:sP/2r2f0lbZvLk8L1ty6P

File size 78.5 KB ( 80383 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, corrupt: Cannot read short stream

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file enum-windows exe-pattern url-pattern create-file open-file macros doc download write-file create-ole

VirusTotal metadata
First submission 2015-10-21 11:35:18 UTC ( 3 years, 7 months ago )
Last submission 2015-10-21 11:49:49 UTC ( 3 years, 7 months ago )
File names mal.doc
19mod
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!