× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4319a6f2bc4b60783e83a169b73a3705aabbe6ac70320bb554cd2da4528d243
File name: VirusShare_0d0f79e6894beca87b72f54b0463dbdb
Detection ratio: 42 / 54
Analysis date: 2016-07-21 11:47:42 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.IS 20160721
AegisLab Troj.Downloader.MSWord.Agent.hk!c 20160721
AhnLab-V3 W97M/Downloader 20160721
Antiy-AVL Trojan/MSWord.Agent.aj 20160721
Arcabit HEUR.VBA.Trojan.d 20160721
Avast MO97:Downloader-QF [Trj] 20160721
AVG W97M/Generic 20160721
Avira (no cloud) VBA/Dldr.Agent.76288 20160721
AVware LooksLike.Macro.Malware.d (v) 20160721
Baidu VBA.Trojan-Downloader.Agent.ez 20160721
BitDefender W97M.Downloader.IS 20160721
CAT-QuickHeal W97M.Downloader.BI 20160721
Comodo TrojWare.W97M.Agent.~AA 20160721
Cyren W97M/Adnel 20160721
DrWeb W97M.DownLoader.273 20160721
Emsisoft Trojan-Downloader.VBA.Agent (A) 20160721
ESET-NOD32 VBA/TrojanDownloader.Agent.LN 20160721
F-Prot New or modified W97M/Adnel 20160721
F-Secure Trojan-Downloader:W97M/Dridex.R 20160721
Fortinet WM/Agent!tr 20160721
GData W97M.Downloader.IS 20160721
Ikarus Trojan-Downloader.VBA.Agent 20160721
Jiangmin WM/Trojan.agent.aj 20160721
K7AntiVirus Trojan ( 0001140e1 ) 20160721
K7GW Trojan ( 0001140e1 ) 20160721
Kaspersky Trojan.MSWord.Agent.aj 20160721
McAfee W97M/Downloader.afg 20160721
McAfee-GW-Edition W97M/Downloader.afg 20160721
Microsoft TrojanDownloader:W97M/Ledod 20160721
eScan W97M.Downloader.IS 20160721
NANO-Antivirus Trojan.Script.Agent.dsgapi 20160721
nProtect W97M.Downloader.IS 20160721
Panda W97M/Downloader 20160720
Qihoo-360 virus.office.gen.70 20160721
Sophos AV Troj/DocDl-JH 20160721
Symantec W97M.Downloader 20160721
Tencent Word.Trojan.Agent.Eyp 20160721
TotalDefense Tnega.XAZK!suspicious 20160721
TrendMicro W2KM_DLOADR.XTSU 20160721
TrendMicro-HouseCall W2KM_DLOADR.XTSU 20160721
VIPRE LooksLike.Macro.Malware.d (v) 20160721
ViRobot W97M.S.Agent.76288[h] 20160721
Alibaba 20160721
ALYac 20160721
Bkav 20160721
ClamAV 20160721
CMC 20160715
Kingsoft 20160721
Malwarebytes 20160721
SUPERAntiSpyware 20160721
TheHacker 20160720
VBA32 20160721
Yandex 20160717
Zillya 20160720
Zoner 20160721
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May execute code from Dynamically Linked Libraries.
Seems to contain deobfuscation code.
Summary
last_author
alex
creation_datetime
2015-01-19 17:07:00
template
Normal.dot
author
1
page_count
1
last_saved
2015-03-26 15:40:00
edit_time
15420
revision_number
420
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
20288
type_literal
stream
size
113
name
\x01CompObj
sid
54
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4207
name
1Table
sid
1
type_literal
stream
size
97
name
Macros/A2/\x01CompObj
sid
32
type_literal
stream
size
258
name
Macros/A2/\x03VBFrame
sid
33
type_literal
stream
size
58
name
Macros/A2/f
sid
30
type_literal
stream
size
0
name
Macros/A2/o
sid
31
type_literal
stream
size
971
name
Macros/PROJECT
sid
53
type_literal
stream
size
227
name
Macros/PROJECTwm
sid
52
type_literal
stream
size
97
name
Macros/SoaO/\x01CompObj
sid
27
type_literal
stream
size
392
name
Macros/SoaO/\x03VBFrame
sid
28
type_literal
stream
size
287
name
Macros/SoaO/f
sid
25
type_literal
stream
size
140
name
Macros/SoaO/o
sid
26
type_literal
stream
size
97
name
Macros/UserForm1/\x01CompObj
sid
50
type_literal
stream
size
292
name
Macros/UserForm1/\x03VBFrame
sid
51
type_literal
stream
size
151
name
Macros/UserForm1/f
sid
35
type_literal
stream
size
115
name
Macros/UserForm1/i01/\x01CompObj
sid
42
type_literal
stream
size
176
name
Macros/UserForm1/i01/f
sid
38
type_literal
stream
size
110
name
Macros/UserForm1/i01/i03/\x01CompObj
sid
49
type_literal
stream
size
96
name
Macros/UserForm1/i01/i03/f
sid
47
type_literal
stream
size
140
name
Macros/UserForm1/i01/i03/o
sid
48
type_literal
stream
size
110
name
Macros/UserForm1/i01/i04/\x01CompObj
sid
46
type_literal
stream
size
212
name
Macros/UserForm1/i01/i04/f
sid
44
type_literal
stream
size
192
name
Macros/UserForm1/i01/i04/o
sid
45
type_literal
stream
size
148
name
Macros/UserForm1/i01/o
sid
39
type_literal
stream
size
48
name
Macros/UserForm1/i01/x
sid
43
type_literal
stream
size
0
name
Macros/UserForm1/o
sid
36
type_literal
stream
size
806
type
macro (only attributes)
name
Macros/VBA/A1
sid
16
type_literal
stream
size
1343
type
macro (only attributes)
name
Macros/VBA/A2
sid
17
type_literal
stream
size
1084
type
macro (only attributes)
name
Macros/VBA/A3
sid
18
type_literal
stream
size
1095
type
macro (only attributes)
name
Macros/VBA/Class2
sid
14
type_literal
stream
size
4295
type
macro
name
Macros/VBA/HHAKKK
sid
12
type_literal
stream
size
2477
type
macro
name
Macros/VBA/HiMiMiIn
sid
11
type_literal
stream
size
1449
type
macro (only attributes)
name
Macros/VBA/SoaO
sid
13
type_literal
stream
size
1595
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
1327
type
macro (only attributes)
name
Macros/VBA/UserForm1
sid
19
type_literal
stream
size
7683
type
macro
name
Macros/VBA/VVDDD
sid
15
type_literal
stream
size
7983
name
Macros/VBA/_VBA_PROJECT
sid
20
type_literal
stream
size
1908
name
Macros/VBA/__SRP_0
sid
22
type_literal
stream
size
142
name
Macros/VBA/__SRP_1
sid
23
type_literal
stream
size
264
name
Macros/VBA/__SRP_2
sid
8
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
9
type_literal
stream
size
1151
name
Macros/VBA/dir
sid
21
type_literal
stream
size
6591
type
macro
name
Macros/VBA/xsdasvsd
sid
10
type_literal
stream
size
4151
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 31 bytes
[+] xsdasvsd.bas Macros/VBA/xsdasvsd 2323 bytes
exe-pattern obfuscated run-dll
[+] HiMiMiIn.bas Macros/VBA/HiMiMiIn 361 bytes
[+] HHAKKK.bas Macros/VBA/HHAKKK 1069 bytes
create-ole open-file
[+] VVDDD.bas Macros/VBA/VVDDD 1960 bytes
handle-file open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
alex

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2015:01:19 16:07:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:03:26 14:40:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
420

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
4.3 hours

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 0d0f79e6894beca87b72f54b0463dbdb
SHA1 21c73b7436b79f0017111743fe33a204c9f7c399
SHA256 b4319a6f2bc4b60783e83a169b73a3705aabbe6ac70320bb554cd2da4528d243
ssdeep
768:UEzlrs0UHHJMR3p5zyYpTYO10K47OUHCvnX2pypiYi1:XJwi3p5zH+qf0UGsMYi1

File size 74.5 KB ( 76288 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: alex, Revision Number: 420, Name of Creating Application: Microsoft Office Word, Total Editing Time: 04:17:00, Create Time/Date: Sun Jan 18 16:07:00 2015, Last Saved Time/Date: Wed Mar 25 14:40:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file exe-pattern handle-file doc macros run-dll attachment write-file create-ole

VirusTotal metadata
First submission 2015-03-27 09:02:29 UTC ( 2 years, 5 months ago )
Last submission 2016-07-21 11:47:42 UTC ( 1 year, 1 month ago )
File names bb499fa07a8633626d704d5cf16658e9
0d0f79e6894beca87b72f54b0463dbdb.doc
ejemplar 2 22328_201512.doc
suspect.doc
1c288f77930ead1c1f75156e97599bf4
c936fc00136f36e7faae6a0b3fa3951c
aceda84eb2c7d4d19ddccaa5d8cc7918
532ef6e931569de0b456170355d75a30
e383526445c2ff25b6983fee26bad33a
22328_201512.doc
22328_201512c.doc
21c73b7436b79f0017111743fe33a204c9f7c399.exe
VirusShare_0d0f79e6894beca87b72f54b0463dbdb
sample22328_201512.doc
9fea8741e53e3f1a0bb6eaecd097c096
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!