× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcbe3da40fb46c6ae214a3e2b07ffeea422c9e8a937ed3caab5ac36cc0b61ba5
File name: FedEx.doc
Detection ratio: 5 / 53
Analysis date: 2016-11-24 17:11:10 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 W97M/Downloader 20161124
Avast VBA:Downloader-DSE [Trj] 20161124
AVware LooksLike.Macro.Malware.k (v) 20161124
Ikarus Win32.SuspectCrc 20161124
VIPRE LooksLike.Macro.Malware.k (v) 20161124
Ad-Aware 20161124
AegisLab 20161124
Alibaba 20161124
ALYac 20161124
Antiy-AVL 20161124
Arcabit 20161124
AVG 20161124
Avira (no cloud) 20161124
Baidu 20161124
BitDefender 20161124
Bkav 20161124
CAT-QuickHeal 20161124
ClamAV 20161124
CMC 20161124
Comodo 20161124
CrowdStrike Falcon (ML) 20161024
Cyren 20161124
DrWeb 20161124
Emsisoft 20161124
ESET-NOD32 20161124
F-Prot 20161124
F-Secure 20161124
Fortinet 20161124
GData 20161124
Sophos ML 20161018
Jiangmin 20161124
K7AntiVirus 20161124
K7GW 20161124
Kaspersky 20161124
Kingsoft 20161124
Malwarebytes 20161124
McAfee 20161124
McAfee-GW-Edition 20161124
Microsoft 20161124
eScan 20161124
NANO-Antivirus 20161124
nProtect 20161124
Panda 20161124
Qihoo-360 20161124
Rising 20161124
Sophos AV 20161124
SUPERAntiSpyware 20161124
Symantec 20161124
Tencent 20161124
TheHacker 20161124
TrendMicro 20161124
TrendMicro-HouseCall 20161124
Trustlook 20161124
VBA32 20161124
ViRobot 20161124
WhiteArmor 20161018
Yandex 20161124
Zillya 20161124
Zoner 20161124
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
slave
creation_datetime
2016-08-19 14:14:00
revision_number
579
author
slave
page_count
1
last_saved
2016-11-24 09:16:00
edit_time
23280
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RePack by SPecialiST
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8128
type_literal
stream
sid
18
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8630
type_literal
stream
sid
1
name
Data
size
38552
type_literal
stream
sid
17
name
Macros/PROJECT
size
485
type_literal
stream
sid
16
name
Macros/PROJECTwm
size
65
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module1
size
6870
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1703
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
3221
type_literal
stream
sid
14
name
Macros/VBA/__SRP_0
size
1209
type_literal
stream
sid
15
name
Macros/VBA/__SRP_1
size
106
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
304
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
13
name
Macros/VBA/dir
size
571
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 271 bytes
run-file
[+] Module1.bas Macros/VBA/Module1 2866 bytes
ExifTool file metadata
SharedDoc
No

Author
slave

CodePage
Windows Cyrillic

System
Windows

LinksUpToDate
No

LastModifiedBy
slave

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Office Word 97-2003

ModifyDate
2016:11:24 08:16:00

Company
RePack by SPecialiST

Characters
1

HyperlinksChanged
No

RevisionNumber
579

MIMEType
application/msword

Words
0

CreateDate
2016:08:19 13:14:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
6.5 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 cfaead6efec6ed5d50bd6033a1cc6442
SHA1 8781ab346ba00f55b633e4a4b957f94ec0680353
SHA256 bcbe3da40fb46c6ae214a3e2b07ffeea422c9e8a937ed3caab5ac36cc0b61ba5
ssdeep
1536:zJc5C7U9KCP6pBQGsHHSXfSLHbxCxIpCL2M:zJc51syUQdHyXAbxCxLL2

File size 78.0 KB ( 79872 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: slave, Template: Normal.dotm, Last Saved By: slave, Revision Number: 579, Name of Creating Application: Microsoft Office Word, Total Editing Time: 06:28:00, Create Time/Date: Thu Aug 18 13:14:00 2016, Last Saved Time/Date: Wed Nov 23 08:16:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2016-11-24 12:50:02 UTC ( 2 years, 2 months ago )
Last submission 2019-01-01 13:52:14 UTC ( 1 month, 2 weeks ago )
File names 3ff5f83ad29ae3ba5930cc3af2b40857
fe2254e3cf62c916b5cb091aab4506a6
062c75d10919f86a41e4025ee2d8b1cd
4cbe6cf79dff2a7c6426baa555e05700
bcbe3da40fb46c6ae214a3e2b07ffeea422c9e8a937ed3caab5ac36cc0b61ba5.bin
bcbe3da40fb46c6ae214a3e2b07ffeea422c9e8a937ed3caab5ac36cc0b61ba5.dat
c9801497cd9f3fe8f5712e476e97d9b0
c41719753e300ac8a1f65e83ac3b6f76
173ec16d9630950e32d3f1b12d7f9a5c
FedEx.doc
cfaead6efec6ed5d50bd6033a1cc6442.doc
237f10a20a5225fb0e82b1f90ed0cc91
50bdef3c7b9201c40e8a118bc6edd0eb
f1634390e2d28d31afff529e4e3d87fd
FedEx.doc.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!