| SHA256: | bd14f73d7c14d0872a7ab05e395797fd2219675b2ff28c5dd9438997d18f2558 |
| File name: | RA-155447542500.doc |
| Detection ratio: | 6 / 58 |
| Analysis date: | 2018-04-04 10:00:28 UTC ( 10 months, 2 weeks ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Arcabit | HEUR.VBA.Trojan.e | 20180404 |
| Baidu | VBA.Trojan-Downloader.Agent.cpw | 20180404 |
| ESET-NOD32 | VBA/TrojanDownloader.Agent.HNJ | 20180404 |
| Fortinet | VBA/Agent.HIL!tr.dldr | 20180404 |
| Microsoft | Trojan:Script/Cloxer.D!cl | 20180404 |
| Zoner | Probably W97Obfuscated | 20180403 |
| Ad-Aware | 20180404 | |
| AegisLab | 20180404 | |
| AhnLab-V3 | 20180404 | |
| Alibaba | 20180404 | |
| ALYac | 20180404 | |
| Antiy-AVL | 20180404 | |
| Avast | 20180404 | |
| Avast-Mobile | 20180403 | |
| AVG | 20180404 | |
| Avira (no cloud) | 20180404 | |
| AVware | 20180404 | |
| BitDefender | 20180404 | |
| Bkav | 20180403 | |
| CAT-QuickHeal | 20180404 | |
| ClamAV | 20180404 | |
| CMC | 20180404 | |
| Comodo | 20180404 | |
| CrowdStrike Falcon (ML) | 20170201 | |
| Cybereason | None | |
| Cylance | 20180404 | |
| Cyren | 20180404 | |
| DrWeb | 20180404 | |
| eGambit | 20180404 | |
| Emsisoft | 20180404 | |
| Endgame | 20180403 | |
| F-Prot | 20180404 | |
| F-Secure | 20180404 | |
| GData | 20180404 | |
| Ikarus | 20180404 | |
| Sophos ML | 20180121 | |
| Jiangmin | 20180404 | |
| K7AntiVirus | 20180404 | |
| K7GW | 20180404 | |
| Kaspersky | 20180404 | |
| Kingsoft | 20180404 | |
| Malwarebytes | 20180404 | |
| MAX | 20180404 | |
| McAfee | 20180404 | |
| McAfee-GW-Edition | 20180404 | |
| eScan | 20180404 | |
| NANO-Antivirus | 20180404 | |
| nProtect | 20180404 | |
| Palo Alto Networks (Known Signatures) | 20180404 | |
| Panda | 20180403 | |
| Qihoo-360 | 20180404 | |
| Rising | 20180404 | |
| SentinelOne (Static ML) | 20180225 | |
| Sophos AV | 20180404 | |
| SUPERAntiSpyware | 20180404 | |
| Symantec | 20180404 | |
| Symantec Mobile Insight | 20180401 | |
| Tencent | 20180404 | |
| TheHacker | 20180330 | |
| TrendMicro | 20180404 | |
| TrendMicro-HouseCall | 20180404 | |
| Trustlook | 20180404 | |
| VBA32 | 20180403 | |
| VIPRE | 20180404 | |
| ViRobot | 20180404 | |
| WhiteArmor | 20180403 | |
| Yandex | 20180403 | |
| Zillya | 20180403 | |
| ZoneAlarm by Check Point | 20180404 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-04-04 07:09:00
author
Xaelijo
title
Xaelijo
page_count
1
last_saved
2018-04-04 07:09:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
template
Normal.dotm
code_page
Latin I
subject
Xaelijo
Document summary
category
Xaelijo
line_count
1
company
Xaelijo
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
Macros and VBA code streams
ExifTool file metadata
Category
Xaelijo
SharedDoc
No
Author
Xaelijo
CodePage
Windows Latin 1 (Western European)
System
Windows
LinksUpToDate
No
HeadingPairs
Title, 1
Identification
Word 8.0
Template
Normal.dotm
CharCountWithSpaces
1
Word97
No
LanguageCode
English (US)
CompObjUserType
Microsoft Word 97-2003 Document
ModifyDate
2018:04:04 06:09:00
Company
Xaelijo
Title
Xaelijo
Characters
1
HyperlinksChanged
No
RevisionNumber
1
MIMEType
application/msword
Words
0
CreateDate
2018:04:04 06:09:00
Lines
1
AppVersion
16.0
Security
None
Software
Microsoft Office Word
FileType
DOC
TotalEditTime
0
Pages
1
ScaleCrop
No
CompObjUserTypeLen
32
Warning
Truncated property list
FileTypeExtension
doc
Paragraphs
1
DocFlags
Has picture, 1Table, ExtChar
Subject
Xaelijo
File identification
MD5 7e8c13c61961e50d6b00e06ba8d385fa
SHA1 6abdcca65b8361277e42f646d378042ddbab73cb
SHA256 bd14f73d7c14d0872a7ab05e395797fd2219675b2ff28c5dd9438997d18f2558
ssdeep
1536:s0J0/JgNwajw/+a9oYOhwxJCZTK+y41ZKMMwBpVSzwE0U1N48L8mLAbmlhWNWOr5:lOSBDFh17y41ZKMMOaA6Ke8mdPIWowW
File size
141.0 KB ( 144384 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Xaelijo, Subject: Xaelijo, Author: Xaelijo, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Apr 03 06:09:00 2018, Last Saved Time/Date: Tue Apr 03 06:09:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
| TrID |
Microsoft Word document (54.2%) Microsoft Word document (old ver.) (32.2%) Generic OLE2 / Multistream Compound File (13.5%) |
Tags
obfuscated
macros
run-file
doc
create-ole
VirusTotal metadata
First submission
2018-04-04 10:00:28 UTC ( 10 months, 2 weeks ago )
Last submission
2018-05-04 13:13:58 UTC ( 9 months, 2 weeks ago )
| File names |
RA-155447542500.doc |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!