× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8ca4236c9461e40b9eb806b91bfda8c41691e71d43dc4b4ba68b0009de9df62
File name: 29172230_15.06.15.doc
Detection ratio: 3 / 57
Analysis date: 2015-06-15 10:05:01 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Macro.Malware.g (v) 20150615
CAT-QuickHeal W97M.Dropper.DZ 20150615
VIPRE LooksLike.Macro.Malware.g (v) 20150615
Ad-Aware 20150615
AegisLab 20150615
Yandex 20150614
AhnLab-V3 20150615
Alibaba 20150614
ALYac 20150615
Antiy-AVL 20150615
Arcabit 20150615
Avast 20150615
AVG 20150615
Avira (no cloud) 20150615
Baidu-International 20150615
BitDefender 20150615
Bkav 20150612
ByteHero 20150615
ClamAV 20150615
CMC 20150610
Comodo 20150615
Cyren 20150615
DrWeb 20150615
Emsisoft 20150615
ESET-NOD32 20150615
F-Prot 20150615
F-Secure 20150615
Fortinet 20150615
GData 20150615
Ikarus 20150615
Jiangmin 20150614
K7AntiVirus 20150615
K7GW 20150615
Kaspersky 20150615
Kingsoft 20150615
Malwarebytes 20150615
McAfee 20150615
McAfee-GW-Edition 20150614
Microsoft 20150615
eScan 20150615
NANO-Antivirus 20150614
nProtect 20150612
Panda 20150614
Qihoo-360 20150615
Rising 20150614
Sophos AV 20150615
SUPERAntiSpyware 20150615
Symantec 20150615
Tencent 20150615
TheHacker 20150614
TotalDefense 20150614
TrendMicro 20150615
TrendMicro-HouseCall 20150615
VBA32 20150613
ViRobot 20150615
Zillya 20150615
Zoner 20150612
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-06-15 09:59:00
revision_number
2
author
1
page_count
1
last_saved
2015-06-15 09:59:00
template
Normal
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
2880
type_literal
stream
sid
15
name
\x01CompObj
size
113
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
4416
type_literal
stream
sid
14
name
Macros/PROJECT
size
517
type_literal
stream
sid
13
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
4238
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module3
size
10372
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module5
size
6459
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1391
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
4889
type_literal
stream
sid
12
name
Macros/VBA/dir
size
619
type_literal
stream
sid
2
name
WordDocument
size
4142
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 103 bytes
[+] Module1.bas Macros/VBA/Module1 1732 bytes
create-ole obfuscated open-file
[+] Module5.bas Macros/VBA/Module5 3350 bytes
open-file
[+] Module3.bas Macros/VBA/Module3 5090 bytes
create-file enum-windows obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:06:15 08:59:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:06:15 08:59:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 ff0f01d7da2ab9a6cf5df80db7cc508a
SHA1 485b6f764d8e981eed67d0e294a25a0f7dc2bf04
SHA256 b8ca4236c9461e40b9eb806b91bfda8c41691e71d43dc4b4ba68b0009de9df62
ssdeep
768:5Qy8hFxKsk5hf2iLdL2A7/wRUurscVInYWwPO7Q5tdZ:j8hFxJk5hf2iLdLfb8UugcVInYWwPOcP

File size 50.0 KB ( 51200 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Jun 14 08:59:00 2015, Last Saved Time/Date: Sun Jun 14 08:59:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file enum-windows doc create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2015-06-15 09:11:16 UTC ( 3 years, 11 months ago )
Last submission 2015-06-24 01:00:19 UTC ( 3 years, 11 months ago )
File names 37622198_15.06.15.doc
81583716_15.06.15.doc
98429361_15.06.15.doc
98209748_15.06.15.doc
32238956_15.06.15.doc
76775388_15.06.15.doc
05199093_15.06.15.doc
08133804_15.06.15.doc
485b6f764d8e981eed67d0e294a25a0f7dc2bf04.doc
34228790_15.06.15.doc
47763887_15.06.15.doc
53483832_15.06.15.doc_
28302717_15.06.15.doc
48169699_15.06.15.doc
63296298_15.06.15.doc
23124798_15.06.15.doc
33042620_15.06.15.doc
35532768_15.06.15.doc
42273803_15.06.15.doc
75515858_15.06.15.doc
20150616__88464220_15.06.15.doc
73261713_15.06.15.doc
44526983_15.06.15.doc
90388924_15.06.15.doc
60584327_15.06.15.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!