× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba6d262078773bc03d984984e6abc905e10b699766a6b0ed67092d454bb4d266
File name: Westpac-payment-8888.doc
Detection ratio: 6 / 54
Analysis date: 2016-10-31 05:37:32 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20161031
Qihoo-360 macro.ole.jork.4j 20161031
Rising Macro.Downloader.t (classic) 20161031
Tencent Macro.Trojan.Dropperd.Auto 20161031
TrendMicro W2KM_DLOADR.YYSUM 20161031
TrendMicro-HouseCall W2KM_DLOADR.YYSUM 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161030
Alibaba 20161031
ALYac 20161031
Antiy-AVL 20161031
Avast 20161031
AVG 20161031
Avira (no cloud) 20161030
AVware 20161031
Baidu 20161031
BitDefender 20161031
Bkav 20161030
CAT-QuickHeal 20161029
ClamAV 20161031
CMC 20161031
Comodo 20161031
CrowdStrike Falcon (ML) 20161024
Cyren 20161031
DrWeb 20161031
Emsisoft 20161031
ESET-NOD32 20161030
F-Prot 20161031
F-Secure 20161031
Fortinet 20161031
GData 20161031
Ikarus 20161030
Sophos ML 20161018
Jiangmin 20161031
K7AntiVirus 20161030
K7GW 20161031
Kaspersky 20161031
Kingsoft 20161031
Malwarebytes 20161031
McAfee 20161031
McAfee-GW-Edition 20161031
Microsoft 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161030
Sophos AV 20161030
SUPERAntiSpyware 20161030
Symantec 20161031
TheHacker 20161029
VBA32 20161029
VIPRE 20161031
ViRobot 20161031
Yandex 20161030
Zillya 20161028
Zoner 20161031
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May perform operations with other files.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
dood
creation_datetime
2016-10-30 20:55:00
author
admin
title
page_count
1
last_saved
2016-10-30 20:55:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dot
Document summary
line_count
1
company
Salve
characters_with_spaces
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3968
type_literal
stream
size
113
name
\x01CompObj
sid
17
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
4096
name
1Table
sid
2
type_literal
stream
size
38552
name
Data
sid
1
type_literal
stream
size
373
name
Macros/PROJECT
sid
16
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
15
type_literal
stream
size
160702
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
24259
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
1339
name
Macros/VBA/__SRP_0
sid
13
type_literal
stream
size
116
name
Macros/VBA/__SRP_1
sid
14
type_literal
stream
size
852
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
433
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
522
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4148
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 68199 bytes
create-ole handle-file obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
admin

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
dood

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
1

CreateDate
2016:10:30 19:55:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:10:30 19:55:00

Company
Salve

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 448739be540660e6cb34d3bce0ab2fc1
SHA1 b1a3ccdaae746fd26be5867104669ec35271dbab
SHA256 ba6d262078773bc03d984984e6abc905e10b699766a6b0ed67092d454bb4d266
ssdeep
6144:FRdH+sCRhLIeHOYLMJnlxTXccp4Cno2rW3GY6:FRdenvUeuYI9XXcG4x9

File size 245.0 KB ( 250880 bytes )
File type MS Word Document
Magic literal
Windows, Version 6.1, Code page: 1251, Title: , Author: admin, Template: Normal.dot, Last Saved By: dood, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sat Oct 29 19:55:00 2016, Last Saved Time/Date: Sat Oct 29 19:55:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated run-file handle-file doc macros create-ole

VirusTotal metadata
First submission 2016-10-30 21:47:37 UTC ( 2 years, 5 months ago )
Last submission 2016-11-28 18:37:00 UTC ( 2 years, 4 months ago )
File names Commbank-payment-3333.doc
Nab-payment-0000.doc
Westpac-payment-8888.doc
ANZ-payment-8888.doc
Commbank-payment-9999.doc
b1a3ccdaae746fd26be5867104669ec35271dbab.doc
Westpac-payment-7777.doc
Westpac-payment-2222.doc
Suncorp-payment-6666.doc
ANZ-payment-9999.doc
Nab-payment-4444.doc
Nab-payment-7777.doc
Commbank-payment-4444.doc
ANZ-payment-0000.doc
Nab-payment-3333.doc
Commbank-payment-8888.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!