× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a73924f6b3bc139c6f2365bc45eb1fa7727d6bfcea45ed3f9b21f97995d3daae
File name: emotet doc (13)
Detection ratio: 16 / 58
Analysis date: 2017-12-28 16:55:33 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
AegisLab Troj.Script.Agent!c 20171228
AhnLab-V3 W2KM/Downloader 20171228
BitDefender W97M.Downloader.GOL 20171228
ClamAV Doc.Dropper.Agent-6409519-0 20171228
Cyren Trojan.BJQJ-0 20171228
Emsisoft W97M.Downloader.GOL (B) 20171228
ESET-NOD32 VBA/TrojanDownloader.Agent.FZN 20171228
Fortinet Malicious_Behavior.SB 20171228
Ikarus Trojan-Downloader.VBA.Agent 20171228
eScan W97M.Downloader.GOL 20171228
Qihoo-360 virus.office.qexvmc.1085 20171228
Symantec W97M.Downloader 20171227
TrendMicro W2KM_POWLOAD.AUSJWR 20171228
TrendMicro-HouseCall W2KM_POWLOAD.AUSJWR 20171228
ViRobot W97M.S.Downloader.196096.B 20171228
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20171228
Ad-Aware 20171225
Alibaba 20171228
ALYac 20171228
Arcabit 20171228
Avast 20171228
Avast-Mobile 20171228
AVG 20171228
Avira (no cloud) 20171228
AVware 20171228
Baidu 20171227
Bkav 20171228
CAT-QuickHeal 20171228
CMC 20171228
Comodo 20171228
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171228
DrWeb 20171228
eGambit 20171228
Endgame 20171130
F-Prot 20171228
F-Secure 20171228
GData 20171228
Sophos ML 20170914
Jiangmin 20171228
K7AntiVirus 20171228
K7GW 20171228
Kingsoft 20171228
Malwarebytes 20171228
MAX 20171228
McAfee 20171228
McAfee-GW-Edition 20171228
Microsoft 20171228
NANO-Antivirus 20171228
nProtect 20171228
Palo Alto Networks (Known Signatures) 20171228
Panda 20171228
Rising 20171228
SentinelOne (Static ML) 20171224
Sophos AV 20171228
SUPERAntiSpyware 20171228
Symantec Mobile Insight 20171227
Tencent 20171228
TheHacker 20171226
TotalDefense 20171228
Trustlook 20171228
VBA32 20171228
VIPRE 20171228
Webroot 20171228
WhiteArmor 20171226
Yandex 20171225
Zillya 20171228
Zoner 20171228
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2017-12-27 15:33:00
template
Normal.dotm
author
jvnlaGRF
page_count
1
last_saved
2017-12-27 15:33:00
word_count
2
revision_number
1
application_name
Microsoft Office Word
character_count
12
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
13
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3008
type_literal
stream
size
114
name
\x01CompObj
sid
16
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
412
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7007
name
1Table
sid
2
type_literal
stream
size
8968
name
Data
sid
1
type_literal
stream
size
518
name
Macros/PROJECT
sid
15
type_literal
stream
size
149
name
Macros/PROJECTwm
sid
14
type_literal
stream
size
924
type
macro (only attributes)
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
59871
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
36959
type
macro
name
Macros/VBA/bcUcCwMdERCv
sid
11
type_literal
stream
size
695
name
Macros/VBA/dir
sid
13
type_literal
stream
size
27080
type
macro
name
Macros/VBA/mVRnBHjdcqU
sid
9
type_literal
stream
size
34400
type
macro
name
Macros/VBA/upjkGqFMNt
sid
10
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] mVRnBHjdcqU.bas Macros/VBA/mVRnBHjdcqU 18595 bytes
obfuscated
[+] upjkGqFMNt.bas Macros/VBA/upjkGqFMNt 24425 bytes
run-file
[+] bcUcCwMdERCv.bas Macros/VBA/bcUcCwMdERCv 26360 bytes
ExifTool file metadata
SharedDoc
No

Author
jvnlaGRF

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
13

CreateDate
2017:12:27 14:33:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:12:27 14:33:00

HyperlinksChanged
No

Characters
12

ScaleCrop
No

RevisionNumber
1

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 5f58ae772d7eab98385d07c8f4b7886e
SHA1 d03c0e59184eac1988f237a2529934998980e267
SHA256 a73924f6b3bc139c6f2365bc45eb1fa7727d6bfcea45ed3f9b21f97995d3daae
ssdeep
3072:26WE8O2uHWDMu7AMzrrB5j0VWnKD/4P7xAKN2PNCCn9zZ4Teqikk3SKj6Y:6O2oSMGPrb0P/476Os4y94TGhS

File size 191.5 KB ( 196096 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: jvnlaGRF, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 26 14:33:00 2017, Last Saved Time/Date: Tue Dec 26 14:33:00 2017, Number of Pages: 1, Number of Words: 2, Number of Characters: 12, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2017-12-27 14:50:08 UTC ( 2 weeks, 6 days ago )
Last submission 2017-12-28 16:55:33 UTC ( 2 weeks, 5 days ago )
File names Outstanding INVOICE GEW-2573902-9651.doc
Your Christmas Card.doc
Invoice Number 244472.doc
Order Confirmation.doc
CHLR7-7366227165.doc
Your Card.doc
eGift Card.doc
Your eCard.doc
INCORRECT INVOICE.doc
Gift Card.doc
Happy Holidays Card.doc
Invoice Number 72168.doc
JRJUM9-1272592813.doc
VVYK3-7342117567.doc
Your holidays Gift Card.doc
Gift Card for you.doc
artifact216895651.doc
Invoices Overdue.doc
Final Account.doc
Christmas Gift Card.doc
Your eGift Card.doc
JNZ3-0555331430.doc
Your Christmas Gift Card.doc
Holidays eCard.doc
Your Holidays Card.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!