× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac8ad9153e36a3d3644f890770259bcd8c77a10c0eff512b4a1fccecc3eb9e26
File name: Invoice 0215.doc
Detection ratio: 0 / 57
Analysis date: 2015-02-16 09:23:11 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150216
AegisLab 20150216
Yandex 20150216
AhnLab-V3 20150216
Alibaba 20150216
ALYac 20150216
Antiy-AVL 20150216
Avast 20150216
AVG 20150216
Avira (no cloud) 20150216
AVware 20150216
Baidu-International 20150216
BitDefender 20150216
Bkav 20150213
ByteHero 20150216
CAT-QuickHeal 20150216
ClamAV 20150216
CMC 20150214
Comodo 20150216
Cyren 20150216
DrWeb 20150216
Emsisoft 20150216
ESET-NOD32 20150216
F-Prot 20150216
F-Secure 20150215
Fortinet 20150216
GData 20150216
Ikarus 20150216
Jiangmin 20150215
K7AntiVirus 20150216
K7GW 20150216
Kaspersky 20150216
Kingsoft 20150216
Malwarebytes 20150216
McAfee 20150216
McAfee-GW-Edition 20150215
Microsoft 20150216
eScan 20150216
NANO-Antivirus 20150216
Norman 20150216
nProtect 20150213
Panda 20150215
Qihoo-360 20150216
Rising 20150215
Sophos AV 20150216
SUPERAntiSpyware 20150215
Symantec 20150216
Tencent 20150216
TheHacker 20150213
TotalDefense 20150215
TrendMicro 20150216
TrendMicro-HouseCall 20150216
VBA32 20150216
VIPRE 20150216
ViRobot 20150216
Zillya 20150215
Zoner 20150216
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-01-19 14:05:00
template
Normal.dot
author
1
page_count
1
last_saved
2015-01-19 14:05:00
revision_number
3
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3648
type_literal
stream
size
113
name
\x01CompObj
sid
16
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
444
name
Macros/PROJECT
sid
15
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
14
type_literal
stream
size
22048
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
8634
name
Macros/VBA/_VBA_PROJECT
sid
10
type_literal
stream
size
1937
name
Macros/VBA/__SRP_0
sid
12
type_literal
stream
size
130
name
Macros/VBA/__SRP_1
sid
13
type_literal
stream
size
4418
name
Macros/VBA/__SRP_2
sid
8
type_literal
stream
size
193
name
Macros/VBA/__SRP_3
sid
9
type_literal
stream
size
514
name
Macros/VBA/dir
sid
11
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9710 bytes
exe-pattern url-pattern create-file create-ole obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:01:19 13:05:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:01:19 13:05:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 69cae61ee51a05ce37f95cce50b12495
SHA1 7ce71c27cc258e6bc10c20982236cc33673062f4
SHA256 ac8ad9153e36a3d3644f890770259bcd8c77a10c0eff512b4a1fccecc3eb9e26
ssdeep
384:ozekDWKN+vBvUpJE8Ru0Emjf1c6Sk3ZwEFlDdUkDt230Xw6LMOLOfAi9KVXL0Rq+:HQWb5CpRDjzwcs5f6LMOLCSI3sMyYt

File size 59.5 KB ( 60928 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Jan 18 13:05:00 2015, Last Saved Time/Date: Sun Jan 18 13:05:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file exe-pattern url-pattern create-file macros attachment doc write-file create-ole

VirusTotal metadata
First submission 2015-02-16 08:23:39 UTC ( 2 years, 8 months ago )
Last submission 2016-11-09 19:34:02 UTC ( 11 months, 2 weeks ago )
File names 0c203ac18f91fe3f64f93791510ad8fd
69cae61ee51a05ce37f95cce50b12495_66990 (2).doc
Invoice 0215.doc
ffe64268f3c7a536720d885614367513
dc079f8e683ed40d01a62eebe70ec36a
f5037fb5e964676c8ecd89b9df222e0e
8b36ff2346680d792f6d672ddc7e5dcd
8291685200155283381
c.doc
9903e52337dc68ce3b4dc7efce99223f
VirusShare_69cae61ee51a05ce37f95cce50b12495
86eb818219c8592d8fa1e9729c2eb620
005b2e9f10c04c3851c58d14dcd0e01d
ac8ad9153e36a3d3644f890770259bcd8c77a10c0eff512b4a1fccecc3eb9e26.doc
66990.doc
66990.doc
b67c099ae8257104cdc2f2a187b2dc85
8ee4c30b8f143eb073c210c29c408fac
.
0
169cc29066d4789e0fac45eede6939fe
6
66990.doc
0eecb3b2a4b44972b9758c4fa8461060
af7807d7f7360d82d4c2004c7d41203f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!