× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdcf47a004ab6850588b06613701a33243898e6e1b84598fc19579c0a341dfaa
File name: 29454.doc
Detection ratio: 3 / 54
Analysis date: 2017-01-18 21:48:14 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20170118
Fortinet WM/Agent.442B!tr 20170118
Qihoo-360 virus.office.gen.75 20170118
Ad-Aware 20170118
AegisLab 20170118
AhnLab-V3 20170118
Alibaba 20170118
ALYac 20170118
Antiy-AVL 20170118
Avast 20170118
AVG 20170118
Avira (no cloud) 20170118
AVware 20170118
Baidu 20170118
BitDefender 20170118
CAT-QuickHeal 20170118
ClamAV 20170118
CMC 20170118
Comodo 20170118
CrowdStrike Falcon (ML) 20161024
Cyren 20170118
DrWeb 20170118
Emsisoft 20170118
ESET-NOD32 20170118
F-Prot 20170118
F-Secure 20170118
GData 20170118
Ikarus 20170118
Sophos ML 20170111
Jiangmin 20170118
K7AntiVirus 20170118
K7GW 20170118
Kaspersky 20170118
Kingsoft 20170118
Malwarebytes 20170118
McAfee 20170118
McAfee-GW-Edition 20170118
Microsoft 20170118
eScan 20170118
NANO-Antivirus 20170118
nProtect 20170118
Panda 20170118
Rising 20170118
Sophos AV 20170118
SUPERAntiSpyware 20170118
Symantec 20170118
Tencent 20170118
TheHacker 20170117
TotalDefense 20170118
TrendMicro 20170118
TrendMicro-HouseCall 20170118
Trustlook 20170118
VBA32 20170118
VIPRE 20170118
ViRobot 20170118
WhiteArmor 20170117
Yandex 20170118
Zillya 20170117
Zoner 20170118
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
creation_datetime
2017-01-18 22:01:00
template
Normal
page_count
1
last_saved
2017-01-18 22:01:00
word_count
167
revision_number
1
application_name
Microsoft Office Word
character_count
956
code_page
Cyrillic
Document summary
line_count
7
characters_with_spaces
1121
version
917504
paragraph_count
2
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1152
type_literal
stream
size
114
name
\x01CompObj
sid
12
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
12082
name
1Table
sid
1
type_literal
stream
size
361
name
Macros/PROJECT
sid
11
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
10
type_literal
stream
size
50036
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
11314
name
Macros/VBA/_VBA_PROJECT
sid
8
type_literal
stream
size
517
name
Macros/VBA/dir
sid
9
type_literal
stream
size
6884
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 21916 bytes
create-ole
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
Title, 1, , 1

Template
Normal

CharCountWithSpaces
1121

CreateDate
2017:01:18 21:01:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:18 21:01:00

TitleOfParts
,

Characters
956

CodePage
Windows Cyrillic

RevisionNumber
1

MIMEType
application/msword

Words
167

FileType
DOC

Lines
7

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
2

File identification
MD5 26b637c42f2fe0d767ca45293219ec9e
SHA1 9feb14774fadbd403b38c89822f6e550517c77fe
SHA256 bdcf47a004ab6850588b06613701a33243898e6e1b84598fc19579c0a341dfaa
ssdeep
768:U6OTmnmWBH3FHucEliSnZH5/RQrs6peuybAX2ZmeMEIzlupy3g1sB2m6Qm:VemnmwH3YcEliS7D3bMZlF12m6

File size 93.0 KB ( 95232 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Template: Normal, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jan 17 21:01:00 2017, Last Saved Time/Date: Tue Jan 17 21:01:00 2017, Number of Pages: 1, Number of Words: 167, Number of Characters: 956, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-01-18 21:48:14 UTC ( 2 years, 3 months ago )
Last submission 2017-01-18 21:48:14 UTC ( 2 years, 3 months ago )
File names 29454.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!