× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b92bc482eaaab3b855e9b3fc79cb2579609f6badcc7aca6a1d990c91a69405fe
File name: Customer statement.doc
Detection ratio: 42 / 55
Analysis date: 2016-09-24 13:31:13 UTC ( 5 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Doc.Downloader.IW 20160924
AegisLab Troj.Downloader.Vbs.Agent|2|65!c 20160924
AhnLab-V3 W97M/Downloader 20160924
ALYac Trojan.Downloader.VBA.gen 20160922
Antiy-AVL Trojan[Downloader]/VBS.Agent.bcm 20160924
Arcabit HEUR.VBA.Trojan.d 20160924
Avast VBA:Downloader-AIK [Trj] 20160924
AVG W97M/Generic 20160924
Avira (no cloud) WM/Agent.12347 20160924
AVware LooksLike.Macro.Malware.n (v) 20160924
Baidu VBA.Trojan-Downloader.Agent.vr 20160924
BitDefender Trojan.Doc.Downloader.IW 20160924
CAT-QuickHeal W97M.Dropper.SO 20160924
Comodo UnclassifiedMalware 20160924
Cyren W97M/Downloader.DX 20160924
DrWeb W97M.DownLoader.827 20160924
Emsisoft Trojan-Downloader.VBA.Agent (A) 20160924
ESET-NOD32 VBA/TrojanDownloader.Agent.API 20160924
F-Prot W97M/Downloader.DX 20160924
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160924
Fortinet WM/TrojanDownloader.210C!tr 20160924
GData Trojan.Doc.Downloader.IW 20160924
Ikarus Trojan-Downloader.VBA.Agent 20160924
K7AntiVirus Trojan ( 0001140e1 ) 20160924
K7GW Trojan ( 0001140e1 ) 20160924
Kaspersky Trojan-Downloader.VBS.Agent.bcm 20160924
McAfee W97M/Downloader.avi 20160923
McAfee-GW-Edition W97M/Downloader.h 20160924
Microsoft TrojanDownloader:O97M/Donoff 20160924
eScan Trojan.Doc.Downloader.IW 20160924
NANO-Antivirus Trojan.Script.Donoff.dzvvsf 20160924
nProtect Trojan-Downloader/W97M.Bronco 20160924
Panda O97M/Downloader 20160924
Qihoo-360 virus.office.obfuscated.1 20160924
Rising Macro.Agent.dd (classic) 20160924
Sophos Troj/DocDl-AYI 20160924
Symantec W97M.Downloader 20160924
Tencent Win32.Trojan-downloader.Agent.Aisc 20160924
TrendMicro-HouseCall W2KM_DRIDEX.SMX3 20160924
VIPRE LooksLike.Macro.Malware.n (v) 20160924
ViRobot W97M.S.Downloader.47616.E[h] 20160924
Yandex Exploit.Agent.Gen.AGZ 20160923
Alibaba 20160923
Bkav 20160924
ClamAV 20160924
CMC 20160921
Jiangmin 20160924
Kingsoft 20160924
Malwarebytes 20160924
SUPERAntiSpyware 20160924
TheHacker 20160922
TrendMicro 20160924
VBA32 20160923
Zillya 20160924
Zoner 20160924
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
User
creation_datetime
2014-09-03 18:55:00
author
Adder
title
Title
page_count
1
last_saved
2016-01-21 10:39:00
edit_time
175320
word_count
67
revision_number
756
application_name
Microsoft Office Word
character_count
387
code_page
Cyrillic
template
Normal.dot
Document summary
byte_count
60416
company
Nsoft
characters_with_spaces
453
line_count
3
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
11200
type_literal
stream
size
113
name
\x01CompObj
sid
20
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
6820
name
1Table
sid
1
type_literal
stream
size
550
name
Macros/PROJECT
sid
19
type_literal
stream
size
74
name
Macros/PROJECTwm
sid
18
type_literal
stream
size
97
name
Macros/Tower/\x01CompObj
sid
16
type_literal
stream
size
282
name
Macros/Tower/\x03VBFrame
sid
17
type_literal
stream
size
199
name
Macros/Tower/f
sid
14
type_literal
stream
size
160
name
Macros/Tower/o
sid
15
type_literal
stream
size
4245
type
macro
name
Macros/VBA/Main
sid
7
type_literal
stream
size
1156
type
macro (only attributes)
name
Macros/VBA/Tower
sid
10
type_literal
stream
size
4914
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
3849
type
macro
name
Macros/VBA/bronco
sid
8
type_literal
stream
size
989
name
Macros/VBA/dir
sid
12
type_literal
stream
size
3288
type
macro
name
Macros/VBA/venus
sid
9
type_literal
stream
size
5684
name
WordDocument
sid
2
Macros and VBA code streams
[+] Main.cls Macros/VBA/Main 1386 bytes
exe-pattern create-ole obfuscated run-file
[+] bronco.bas Macros/VBA/bronco 1533 bytes
create-ole obfuscated open-file
[+] venus.bas Macros/VBA/venus 1190 bytes
create-ole obfuscated open-file
ExifTool file metadata
SharedDoc
No

Author
Adder

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
User

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
453

CreateDate
2014:09:03 17:55:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:01:21 09:39:00

TitleOfParts
Title

Company
Nsoft

Title
Title

HyperlinksChanged
No

Characters
387

ScaleCrop
No

RevisionNumber
756

MIMEType
application/msword

Words
67

Lines
3

FileType
DOC

Bytes
60416

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
2.0 days

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 75b6411071a27959394ffba9ecdea4a7
SHA1 18b92e780fd2dbbfa44994559f4cff4689022d9c
SHA256 b92bc482eaaab3b855e9b3fc79cb2579609f6badcc7aca6a1d990c91a69405fe
ssdeep
384:+TB4v44F3vMun4KcrtoyvVmn7nYXvWPbxpet4a0rpzpX0j+LmAA3Gq:me4K0tN9YYfWLpN7A3v

File size 46.5 KB ( 47616 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Title: Title, Author: Adder, Template: Normal.dot, Last Saved By: User, Revision Number: 756, Name of Creating Application: Microsoft Office Word, Total Editing Time: 2d+00:42:00, Create Time/Date: Tue Sep 02 17:55:00 2014, Last Saved Time/Date: Wed Jan 20 09:39:00 2016, Number of Pages: 1, Number of Words: 67, Number of Characters: 387, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated run-file exe-pattern doc open-file macros attachment create-ole

VirusTotal metadata
First submission 2016-01-21 10:20:54 UTC ( 1 year, 2 months ago )
Last submission 2016-02-01 09:57:41 UTC ( 1 year, 1 month ago )
File names Customer statement.doc
Invoice_316103_Jul_2013.doc
Invoice_316103_Jul_2013.doc
Invoice_316103_Jul_2013_2_doc
X.doc
Invoice_316103_Jul_2013.doc
VIRUS__Invoice_316103_Jul_2013.txt
Customer statement (1).doc
21025141820-107-0_attach.1.Customer statement.doc
Customer statement.doc
mal.doc
07ad03d04c3f5a92b14a8fd2259067b3
OL_00120726.doc
Invoice_316103_Jul_20131453374078653.doc
273024_75b6411071a27959394ffba9ecdea4a7.doc
Invoice_316103_Jul_2013_2.doc
370cdd5d543d704837edce2dfa6a09d6
Invoice_316103_Jul_2013.doc.VIRUS.doc
Test2.doc
Invoice_316103_Jul_2013_1.doc
Invoice_316103_Jul_2013.doc
1248f1446ed11fdfb5409d4ab2e7cf8b
e984a8ee81faaf2626814243719a4fe7
Customer statement.doc
virus_Invoice_316103_Jul_2013.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!