× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa7a05241105fd2da8e3b8c170baf7cee7a267230a1d462ff8f4a55784a89469
File name: mal2.doc
Detection ratio: 5 / 55
Analysis date: 2015-10-21 11:50:01 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.gen!d3 (v) 20151021
Fortinet WM/Agent!tr 20151021
Panda W97M/Downloader 20151021
Sophos AV Troj/DocDl-ACU 20151021
VIPRE LooksLike.Macro.Malware.gen!d3 (v) 20151021
Ad-Aware 20151021
AegisLab 20151021
Yandex 20151020
AhnLab-V3 20151021
Alibaba 20151021
ALYac 20151021
Antiy-AVL 20151021
Arcabit 20151021
Avast 20151021
AVG 20151021
Baidu-International 20151021
BitDefender 20151021
Bkav 20151021
ByteHero 20151021
CAT-QuickHeal 20151021
ClamAV 20151021
CMC 20151021
Comodo 20151021
Cyren 20151021
DrWeb 20151021
Emsisoft 20151021
ESET-NOD32 20151021
F-Prot 20151021
F-Secure 20151021
GData 20151021
Ikarus 20151021
Jiangmin 20151020
K7AntiVirus 20151021
K7GW 20151021
Kaspersky 20151021
Kingsoft 20151021
Malwarebytes 20151021
McAfee 20151021
McAfee-GW-Edition 20151021
Microsoft 20151021
eScan 20151021
NANO-Antivirus 20151021
nProtect 20151021
Qihoo-360 20151021
Rising 20151020
SUPERAntiSpyware 20151021
Symantec 20151020
Tencent 20151021
TheHacker 20151020
TrendMicro 20151021
TrendMicro-HouseCall 20151021
VBA32 20151020
ViRobot 20151021
Zillya 20151020
Zoner 20151021
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-21 08:38:00
template
Normal
author
1
page_count
1
last_saved
2015-10-21 08:38:00
revision_number
3
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3008
type_literal
stream
size
114
name
\x01CompObj
sid
15
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
10218
name
1Table
sid
1
type_literal
stream
size
513
name
Macros/PROJECT
sid
14
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
13
type_literal
stream
size
7820
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
18990
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
15723
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
1475
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
7123
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
617
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 185 bytes
[+] Module1.bas Macros/VBA/Module1 4018 bytes
exe-pattern create-ole download obfuscated open-file run-file
[+] Module2.bas Macros/VBA/Module2 11710 bytes
create-file create-ole obfuscated
[+] Module3.bas Macros/VBA/Module3 8823 bytes
exe-pattern url-pattern create-file create-ole enum-windows open-file run-file write-file
ExifTool file metadata
MIMEType
image/vnd.fpx

FileType
FPX

Warning
Error loading Mini-FAT stream

FileTypeExtension
fpx

File identification
MD5 a8cae72b24d6209f13824ee288318cfc
SHA1 aeec58f8e8954c2de719782fa9ad87c8b885a5d4
SHA256 aa7a05241105fd2da8e3b8c170baf7cee7a267230a1d462ff8f4a55784a89469
ssdeep
1536:/dq7PEY2r2f0lbBHvLvse4/r8nL1qElyfWhzJW:FaPV2r2f0lbZvLk8L1ty6J

File size 78.5 KB ( 80383 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, corrupt: Cannot read short stream

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file enum-windows exe-pattern url-pattern create-file open-file macros doc download write-file create-ole

VirusTotal metadata
First submission 2015-10-21 11:35:01 UTC ( 3 years, 7 months ago )
Last submission 2015-10-25 09:51:25 UTC ( 3 years, 7 months ago )
File names mal2.doc
8bbmod
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!