× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a565136d9157ca3ebd2503222a50cc112d9612ce12f105b807564c90de69cae1
File name: a565136d9157ca3ebd2503222a50cc112d9612ce12f105b807564c90de69cae1....
Detection ratio: 7 / 54
Analysis date: 2016-02-15 12:40:55 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab Macro.Troj.Downloader!c 20160215
Arcabit HEUR.VBA.Trojan.d 20160215
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160215
Fortinet WM/Agent!tr 20160215
GData Macro.Trojan-Downloader.Agent.MM 20160215
McAfee W97M/Downloader!8176C1F92C0B 20160215
McAfee-GW-Edition W97M/Downloader!8176C1F92C0B 20160215
Ad-Aware 20160215
Yandex 20160213
AhnLab-V3 20160214
Alibaba 20160215
ALYac 20160215
Antiy-AVL 20160215
Avast 20160215
AVG 20160215
Avira (no cloud) 20160215
Baidu-International 20160215
BitDefender 20160215
Bkav 20160215
ByteHero 20160215
CAT-QuickHeal 20160215
ClamAV 20160215
CMC 20160214
Comodo 20160215
Cyren 20160215
DrWeb 20160215
Emsisoft 20160215
ESET-NOD32 20160215
F-Prot 20160215
Ikarus 20160215
Jiangmin 20160215
K7AntiVirus 20160215
K7GW 20160215
Kaspersky 20160215
Malwarebytes 20160215
Microsoft 20160215
eScan 20160215
NANO-Antivirus 20160215
nProtect 20160212
Panda 20160214
Qihoo-360 20160215
Rising 20160215
Sophos AV 20160215
SUPERAntiSpyware 20160215
Symantec 20160214
Tencent 20160215
TheHacker 20160213
TrendMicro 20160215
TrendMicro-HouseCall 20160215
VBA32 20160215
VIPRE 20160215
ViRobot 20160215
Zillya 20160213
Zoner 20160215
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 39 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 7676 bytes
create-ole obfuscated open-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
Microsoft Office
cp:lastModifiedBy
alex
cp:revision
2
dcterms:created
2016-02-15T09:45:00Z
dcterms:modified
2016-02-15T09:45:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
Company
Microsoft Corporation
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
ru-ru
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
alex

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

CreateDate
2016:02:15 09:45:00Z

ZipRequiredVersion
20

ModifyDate
2016:02:15 09:45:00Z

ZipCRC
0xc1a32581

Company
Microsoft Corporation

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
1

AppVersion
12.0

ZipUncompressedSize
1453

ZipCompressedSize
406

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
Microsoft Office

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
57659
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
File identification
MD5 d16fcdc646696d947caf967d337d5ad1
SHA1 fbde4db4a7f1b5a80bc7bf7601cfe4b51b269e36
SHA256 a565136d9157ca3ebd2503222a50cc112d9612ce12f105b807564c90de69cae1
ssdeep
384:0CdfoFkTjLRRv4oeqhRrOyW9ttJSBRlBBbMXqudLzy8GGW+wRsC9nSdjFXY3:nTpRvfxSyoqBL/bWrmKC9SdjF+

File size 24.2 KB ( 24734 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated macros open-file docx create-ole

VirusTotal metadata
First submission 2016-02-15 11:11:09 UTC ( 3 years, 1 month ago )
Last submission 2016-02-17 08:52:14 UTC ( 3 years, 1 month ago )
File names SKM_C3350160212101601.docm
a565136d9157ca3ebd2503222a50cc112d9612ce12f105b807564c90de69cae1.docx
0003_.b64.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!