× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f598aa8751d9a7b5a6afe1d6e1e930d92c2131bd2f7c1839ba94307934b1e91
File name: 9f598aa8751d9a7b5a6afe1d6e1e930d92c2131bd2f7c1839ba94307934b1e91.bin
Detection ratio: 41 / 56
Analysis date: 2016-09-21 14:59:11 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.ACP 20160921
AegisLab Troj.Downloader.Vbs.Agent|2|65!c 20160921
AhnLab-V3 W97M/Downloader 20160921
ALYac W97M.Downloader.ACP 20160921
Antiy-AVL Trojan[Downloader]/VBS.Agent.avf 20160921
Arcabit HEUR.VBA.Trojan.d 20160921
Avast VBA:Downloader-QC [Trj] 20160921
AVG Generic14_c.ALWU 20160921
Avira (no cloud) W2000M/Dldr.Agent.kduf 20160921
AVware LooksLike.Macro.Malware.gen!d3 (v) 20160921
Baidu VBA.Trojan-Downloader.Agent.mk 20160921
BitDefender W97M.Downloader.ACP 20160921
CAT-QuickHeal W97M.Dropper.LI 20160921
ClamAV Doc.Downloader.Dridex-246 20160921
Comodo TrojWare.VBS.Downloader.b 20160920
Cyren W97M/Downldr 20160921
DrWeb W97M.DownLoader.675 20160921
Emsisoft W97M.Downloader.ACP (B) 20160921
ESET-NOD32 VBA/TrojanDownloader.Agent.AFO 20160921
F-Prot New or modified W97M/Downldr 20160921
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160921
Fortinet WM/Shifag.0A0F!tr 20160921
GData W97M.Downloader.ACP 20160921
Ikarus Trojan-Downloader.VBA.Agent 20160921
Jiangmin XM/Downloader.Agent.av 20160921
Kaspersky Trojan-Downloader.VBS.Agent.avg 20160921
McAfee Generic.xl 20160921
McAfee-GW-Edition Generic.xl 20160921
Microsoft TrojanDownloader:O97M/Adnel 20160921
eScan W97M.Downloader.ACP 20160921
NANO-Antivirus Trojan.Script.MLW.ebkuis 20160921
Panda W97M/Downloader 20160921
Qihoo-360 virus.office.obfuscated.1 20160921
Rising Heur.Macro.Downloader.e (classic) 20160921
Sophos Troj/DocDl-AEH 20160921
Symantec W97M.Downloader 20160921
Tencent Win32.Trojan.Dldr.Tafd 20160921
TrendMicro W2KM_DRIDEX.THJ 20160921
TrendMicro-HouseCall W2KM_DRIDEX.THJ 20160921
VIPRE LooksLike.Macro.Malware.gen!d3 (v) 20160921
ViRobot W97M.S.Downloader.101376.J[h] 20160921
Alibaba 20160921
Bkav 20160921
CMC 20160921
K7AntiVirus 20160921
K7GW 20160921
Kingsoft 20160921
Malwarebytes 20160921
nProtect 20160921
SUPERAntiSpyware 20160920
TheHacker 20160920
TotalDefense 20160920
VBA32 20160921
Yandex 20160920
Zillya 20160921
Zoner 20160921
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-20 06:57:00
template
Normal
author
1
page_count
1
last_saved
2015-10-20 06:57:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3840
type_literal
stream
size
114
name
\x01CompObj
sid
17
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
10368
name
1Table
sid
1
type_literal
stream
size
515
name
Macros/PROJECT
sid
15
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
19924
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
17399
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
13506
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
2030
type
macro
name
Macros/VBA/ThisDocument
sid
13
type_literal
stream
size
13240
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
4669
name
Macros/VBA/__SRP_0
sid
11
type_literal
stream
size
306
name
Macros/VBA/__SRP_1
sid
12
type_literal
stream
size
617
name
Macros/VBA/dir
sid
7
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 161 bytes
[+] Module1.bas Macros/VBA/Module1 9573 bytes
exe-pattern create-ole open-file
[+] Module2.bas Macros/VBA/Module2 8897 bytes
exe-pattern create-file create-ole download open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 7155 bytes
create-file obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:20 05:57:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:20 05:57:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 c6cd52b59fc772edde4df5d4058524fe
SHA1 d31951e6b944fe181fec5c5bed190fbce00d9d96
SHA256 9f598aa8751d9a7b5a6afe1d6e1e930d92c2131bd2f7c1839ba94307934b1e91
ssdeep
1536:Ve6zfAMnkttIian1j2uYIUjGCDAsm4QKcabhKGNazqk:nzfAMnktZK1j2nDAsm4QKca1KGNau

File size 99.0 KB ( 101376 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 19 05:57:00 2015, Last Saved Time/Date: Mon Oct 19 05:57:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file exe-pattern doc create-file run-file macros attachment download write-file create-ole

VirusTotal metadata
First submission 2015-10-20 08:01:37 UTC ( 1 year, 6 months ago )
Last submission 2016-09-17 09:42:57 UTC ( 7 months, 2 weeks ago )
File names PO_48847.DOC
4548621641.doc
fcb916bc8f5376d76b12d58d19688ea3
inv 11368 corrected.doc
a8ecfd10b2df19ad03b307b07cfb213d
1dc42a8432ffe666c20d6bc020b70473
4ef7faedcd5058e75536e754af1fbe27
bba8f7879a8acf912793063e7bc72409
pre.doc
38df605233df9204269bbdfb3609bce9
9f598aa8751d9a7b5a6afe1d6e1e930d92c2131bd2f7c1839ba94307934b1e91.bin
359e6df670631871c1a5648a5ba5fa92
4f1205e479bfa7672b3396e47f8830e5
7bf1d7565d3f68268361b1d1c988d42c
PO_48847-01.DOC
inv_11368_corrected.doc
inv 11368 corrected.doc
6ada08bc2ea7bae255db9664c78b2151
lp22_20151013_164535.doc
67e7939a9c5003d6dd800b268e4e34a4
64452c9874191b4dd4c400764f206c83
ba73488707fbd5921b241f296adfd67f
40b7d770727c7be9f2f0270968c23b31
a2f93131b5f9df12fbb498ceb5458dc3
998b6f2e9f266f9c58c77d35347eb362
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!