× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6b5c9d6909c68ba5cfd4e62434b415998cd9609ce3b753ddd0ab4250778c21c
File name: archive-0910001923884.docm
Detection ratio: 3 / 55
Analysis date: 2016-02-24 10:24:04 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Macro.Troj.Downloader!c 20160224
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160224
GData Macro.Trojan-Downloader.Agent.MT 20160224
Ad-Aware 20160224
Yandex 20160221
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Arcabit 20160224
Avast 20160224
AVG 20160224
Avira (no cloud) 20160224
AVware 20160224
Baidu-International 20160224
BitDefender 20160224
Bkav 20160223
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
DrWeb 20160224
Emsisoft 20160224
ESET-NOD32 20160224
F-Prot 20160224
Fortinet 20160224
Ikarus 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
Kaspersky 20160224
Malwarebytes 20160224
McAfee 20160224
McAfee-GW-Edition 20160224
Microsoft 20160224
eScan 20160224
NANO-Antivirus 20160224
nProtect 20160223
Panda 20160223
Qihoo-360 20160224
Rising 20160224
Sophos AV 20160224
SUPERAntiSpyware 20160224
Symantec 20160223
Tencent 20160224
TheHacker 20160222
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VBA32 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160223
Zoner 20160224
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 40 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 3379 bytes
create-ole obfuscated open-file
[+] Module2.bas word/vbaProject.bin VBA/Module2 4727 bytes
obfuscated open-file
[+] Module3.bas word/vbaProject.bin VBA/Module3 4770 bytes
create-ole obfuscated open-file
[+] Module4.bas word/vbaProject.bin VBA/Module4 1392 bytes
create-ole obfuscated
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
Microsoft Office
lastModifiedBy
1
revision
2
created
2016-02-24T08:59:00Z
modified
2016-02-24T08:59:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Microsoft Corporation
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
ru-ru
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:02:24 08:59:00Z

ZipRequiredVersion
20

ModifyDate
2016:02:24 08:59:00Z

ZipCRC
0x4dc12e6a

Company
Microsoft Corporation

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
Microsoft Office

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
114222
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 52678316c4ac8f492fba28cdf0952b99
SHA1 fcab1c4440aee1b3d11a15dcdd39c287f65a0434
SHA256 b6b5c9d6909c68ba5cfd4e62434b415998cd9609ce3b753ddd0ab4250778c21c
ssdeep
768:31MVTXUdrRxwK5xlM8OrG6Qn8TH/24Wp/YwCjuH9aEO0RwF6jUQo:31CXywr836Qn8LEYwCjuHw

File size 41.3 KB ( 42327 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (65.4%)
Word Microsoft Office Open XML Format document (29.5%)
ZIP compressed archive (5.0%)
Tags
obfuscated macros open-file docx create-ole

VirusTotal metadata
First submission 2016-02-24 10:09:42 UTC ( 1 year, 8 months ago )
Last submission 2016-05-17 12:58:30 UTC ( 1 year, 6 months ago )
File names 0004_.b64.zip
archive-0910001923884.docm
52678316c4ac8f492fba28cdf0952b99.docm
archive-0910001923884.docm
p004
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!