× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a73924f6b3bc139c6f2365bc45eb1fa7727d6bfcea45ed3f9b21f97995d3daae
File name: Your Holidays Card.doc
Detection ratio: 40 / 58
Analysis date: 2018-03-30 08:45:12 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.GOL 20180330
AegisLab Troj.Script.Agent!c 20180330
AhnLab-V3 W2KM/Downloader 20180330
ALYac Trojan.Downloader.W97M.Gen 20180330
Arcabit HEUR.VBA.Trojan.e 20180330
Avast Other:Malware-gen [Trj] 20180330
AVG Other:Malware-gen [Trj] 20180330
Avira (no cloud) W97M/Agent.7681016 20180330
AVware Trojan.OLE.Generic.a (v) 20180330
Baidu VBA.Trojan-Downloader.Agent.cil 20180330
BitDefender W97M.Downloader.GOL 20180330
CAT-QuickHeal W97M.Downloader.30588 20180329
ClamAV Img.Dropper.PhishingLure-6443153-0 20180330
Comodo TrojWare.Win32.Agent.xig 20180330
Cyren Trojan.BJQJ-0 20180330
DrWeb W97M.DownLoader.2406 20180330
Emsisoft W97M.Downloader.GOL (B) 20180330
ESET-NOD32 VBA/TrojanDownloader.Agent.FZN 20180330
F-Secure W97M.Downloader.GOL 20180330
Fortinet VBA/Agent.HFY!tr 20180330
GData W97M.Downloader.GOL 20180330
Ikarus Trojan.VBA.Agent 20180330
Kaspersky HEUR:Trojan.Script.Agent.gen 20180330
MAX malware (ai score=96) 20180330
McAfee W97M/Downloader.ckn 20180330
McAfee-GW-Edition W97M/Downloader.ckn 20180330
Microsoft TrojanDownloader:O97M/Donoff 20180330
eScan W97M.Downloader.GOL 20180330
NANO-Antivirus Trojan.Script.Agent.exdfon 20180330
nProtect Suspicious/W97M.Obfus.Gen 20180330
Qihoo-360 virus.office.qexvmc.1090 20180330
Sophos AV Troj/DocDl-LZR 20180330
Symantec W97M.Downloader 20180330
Tencent Win32.Trojan-downloader.Agent.Syii 20180330
TrendMicro W2KM_POWLOAD.AUSJWR 20180330
TrendMicro-HouseCall W2KM_POWLOAD.SMJSA 20180330
VIPRE Trojan.OLE.Generic.a (v) 20180330
ViRobot W97M.S.Downloader.196096.B 20180330
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20180330
Zoner Probably W97Shell 20180329
Alibaba 20180402
Antiy-AVL 20180330
Avast-Mobile 20180329
Bkav 20180330
CMC 20180329
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180330
eGambit 20180330
Endgame 20180316
F-Prot 20180330
Sophos ML 20180121
Jiangmin 20180330
K7AntiVirus 20180330
K7GW 20180330
Kingsoft 20180330
Malwarebytes 20180330
Palo Alto Networks (Known Signatures) 20180330
Panda 20180329
Rising 20180330
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180330
Symantec Mobile Insight 20180311
TheHacker 20180327
Trustlook 20180330
VBA32 20180329
WhiteArmor 20180324
Yandex 20180329
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2017-12-27 15:33:00
revision_number
1
author
jvnlaGRF
page_count
1
last_saved
2017-12-27 15:33:00
word_count
2
template
Normal.dotm
application_name
Microsoft Office Word
character_count
12
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
13
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3008
type_literal
stream
sid
16
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
412
type_literal
stream
sid
2
name
1Table
size
7007
type_literal
stream
sid
1
name
Data
size
8968
type_literal
stream
sid
15
name
Macros/PROJECT
size
518
type_literal
stream
sid
14
name
Macros/PROJECTwm
size
149
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
924
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
59871
type_literal
stream
sid
11
type
macro
name
Macros/VBA/bcUcCwMdERCv
size
36959
type_literal
stream
sid
13
name
Macros/VBA/dir
size
695
type_literal
stream
sid
9
type
macro
name
Macros/VBA/mVRnBHjdcqU
size
27080
type_literal
stream
sid
10
type
macro
name
Macros/VBA/upjkGqFMNt
size
34400
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] mVRnBHjdcqU.bas Macros/VBA/mVRnBHjdcqU 18595 bytes
obfuscated
[+] upjkGqFMNt.bas Macros/VBA/upjkGqFMNt 24425 bytes
run-file
[+] bcUcCwMdERCv.bas Macros/VBA/bcUcCwMdERCv 26360 bytes
ExifTool file metadata
SharedDoc
No

Author
jvnlaGRF

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
13

CreateDate
2017:12:27 14:33:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:12:27 14:33:00

HyperlinksChanged
No

Characters
12

ScaleCrop
No

RevisionNumber
1

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 5f58ae772d7eab98385d07c8f4b7886e
SHA1 d03c0e59184eac1988f237a2529934998980e267
SHA256 a73924f6b3bc139c6f2365bc45eb1fa7727d6bfcea45ed3f9b21f97995d3daae
ssdeep
3072:26WE8O2uHWDMu7AMzrrB5j0VWnKD/4P7xAKN2PNCCn9zZ4Teqikk3SKj6Y:6O2oSMGPrb0P/476Os4y94TGhS

File size 191.5 KB ( 196096 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: jvnlaGRF, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 26 14:33:00 2017, Last Saved Time/Date: Tue Dec 26 14:33:00 2017, Number of Pages: 1, Number of Words: 2, Number of Characters: 12, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2017-12-27 14:50:08 UTC ( 5 months, 3 weeks ago )
Last submission 2018-03-30 08:45:12 UTC ( 2 months, 2 weeks ago )
File names Outstanding INVOICE GEW-2573902-9651.doc
Your Christmas Card.doc
Invoice Number 244472.doc
Order Confirmation.doc
CHLR7-7366227165.doc
Your Card.doc
eGift Card.doc
Your eCard.doc
INCORRECT INVOICE.doc
Gift Card.doc
Happy Holidays Card.doc
Invoice Number 72168.doc
Invoices Overdue.doc
VVYK3-7342117567.doc
Your holidays Gift Card.doc
Gift Card for you.doc
artifact216895651.doc
Your Holidays Card.doc
Final Account.doc
Christmas Gift Card.doc
Your eGift Card.doc
JNZ3-0555331430.doc
Your Christmas Gift Card.doc
JRJUM9-1272592813.doc
Holidays eCard.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!