× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0a43774c6e27788bd52503cbf2ba4388b7c0e159e46ad11aa140728f721b61e
File name: 12 October 2015 Invoice Summary-04.doc
Detection ratio: 7 / 55
Analysis date: 2015-10-12 12:23:17 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151012
AVware LooksLike.Macro.Malware.g (v) 20151012
Fortinet WM/Agent!tr 20151012
GData Macro.Trojan-Downloader.Agent.FZ 20151012
NANO-Antivirus Trojan.Script.Agent.dsgamf 20151012
Qihoo-360 heur.macro.download.cc 20151012
VIPRE LooksLike.Macro.Malware.g (v) 20151012
Ad-Aware 20151012
AegisLab 20151012
Yandex 20151011
AhnLab-V3 20151011
Alibaba 20151012
ALYac 20151012
Antiy-AVL 20151012
Avast 20151012
AVG 20151012
Baidu-International 20151012
BitDefender 20151012
Bkav 20151012
ByteHero 20151012
CAT-QuickHeal 20151012
ClamAV 20151012
CMC 20151012
Comodo 20151012
Cyren 20151012
DrWeb 20151012
Emsisoft 20151012
ESET-NOD32 20151012
F-Prot 20151012
F-Secure 20151012
Ikarus 20151012
Jiangmin 20151011
K7AntiVirus 20151012
K7GW 20151010
Kaspersky 20151012
Kingsoft 20151012
Malwarebytes 20151011
McAfee 20151012
McAfee-GW-Edition 20151012
Microsoft 20151012
eScan 20151012
nProtect 20151008
Panda 20151012
Rising 20151011
Sophos AV 20151012
SUPERAntiSpyware 20151012
Symantec 20151011
Tencent 20151012
TheHacker 20151010
TrendMicro 20151012
TrendMicro-HouseCall 20151012
VBA32 20151012
ViRobot 20151012
Zillya 20151011
Zoner 20151012
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-12 07:34:00
revision_number
4
author
Alex
page_count
1
last_saved
2015-10-12 09:11:00
edit_time
300
template
Normal
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
2560
type_literal
stream
sid
15
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
9984
type_literal
stream
sid
14
name
Macros/PROJECT
size
511
type_literal
stream
sid
13
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
12077
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module2
size
16061
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module3
size
14043
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1099
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
7187
type_literal
stream
sid
12
name
Macros/VBA/dir
size
616
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 35 bytes
[+] Module1.bas Macros/VBA/Module1 6692 bytes
create-file create-ole handle-file open-file write-file
[+] Module2.bas Macros/VBA/Module2 10402 bytes
exe-pattern open-file run-file
[+] Module3.bas Macros/VBA/Module3 7711 bytes
exe-pattern url-pattern create-ole download obfuscated open-file run-file send-keys
ExifTool file metadata
SharedDoc
No

Author
Alex

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:12 06:34:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:12 08:11:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
5.0 minutes

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 f7389b47c3dbe57f24dafb3b9a7818a2
SHA1 703d09ba485db7a4bcb5727576932ac99324c23d
SHA256 b0a43774c6e27788bd52503cbf2ba4388b7c0e159e46ad11aa140728f721b61e
ssdeep
1536:+xU7NBU8P/X36GtJ7wlp6cZcrII3IH9UO++:4U7Ne8P/X36GtJ7wfvMIyIH9UOV

File size 78.0 KB ( 79872 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: Alex, Template: Normal, Last Saved By: 1, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Sun Oct 11 06:34:00 2015, Last Saved Time/Date: Sun Oct 11 08:11:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file exe-pattern handle-file url-pattern create-file open-file macros attachment doc download write-file send-keys create-ole

VirusTotal metadata
First submission 2015-10-12 08:29:07 UTC ( 3 years, 7 months ago )
Last submission 2017-11-08 22:37:32 UTC ( 1 year, 6 months ago )
File names SKMBT_C36014102815580-1.doc
a74ce00a397c8a1e484f847abcc4c0c9
4661923281dd5a74d91728c425bfdbb1
d4e78844d0eb5bb69d7bb26017d32cd7
e6f7855226fb719e95fa123de991e400
12 October 2015 Invoice Summary.doc
SKMBT_C36014102815580.doc
12 October 2015 Invoice Summary.doc
63d1449419ff2966fadffbb4550f6279
0620fd392edb10d5d48dd4a9009b1148
12 October 2015 Invoice Summary-04.doc
e099a464c65ff7faf351f2467897bd1e
1a930835758fd9a2604336888f9caa32
6c72aff02cc7f885bd21439d8ddcafa5
ec9f052d344ced4baa29e85d731ead41
SKMBT_C36014102815580.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!