| SHA256: | bdd1a401cbc4ae5309e7e282ebb21194bbe126b114ea31a237c0fd22e2e73f7c |
| File name: | Invoice.doc |
| Detection ratio: | 10 / 57 |
| Analysis date: | 2018-08-20 17:35:40 UTC ( 2 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Emsisoft | Trojan-Downloader.Macro.Generic.H (A) | 20180820 |
| Endgame | malicious (high confidence) | 20180730 |
| ESET-NOD32 | VBA/TrojanDownloader.Agent.KAI | 20180820 |
| Fortinet | VBA/Agent.JZV!tr.dldr | 20180820 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20180820 |
| Qihoo-360 | virus.office.qexvmc.1070 | 20180820 |
| TACHYON | Suspicious/W97M.Obfus.Gen | 20180820 |
| Tencent | Heur.Macro.Generic.Gen.f | 20180820 |
| TrendMicro-HouseCall | TROJ_FRS.VSN14H18 | 20180820 |
| Zoner | Probably W97Obfuscated | 20180819 |
| Ad-Aware | 20180820 | |
| AegisLab | 20180820 | |
| AhnLab-V3 | 20180820 | |
| Alibaba | 20180713 | |
| ALYac | 20180820 | |
| Antiy-AVL | 20180820 | |
| Arcabit | 20180820 | |
| Avast | 20180820 | |
| Avast-Mobile | 20180820 | |
| AVG | 20180820 | |
| Avira (no cloud) | 20180820 | |
| AVware | 20180820 | |
| Babable | 20180725 | |
| Baidu | 20180820 | |
| BitDefender | 20180820 | |
| Bkav | 20180820 | |
| CAT-QuickHeal | 20180820 | |
| ClamAV | 20180820 | |
| CMC | 20180817 | |
| Comodo | 20180820 | |
| CrowdStrike Falcon (ML) | 20180202 | |
| Cybereason | 20180308 | |
| Cylance | 20180820 | |
| Cyren | 20180820 | |
| DrWeb | 20180820 | |
| eGambit | 20180820 | |
| F-Prot | 20180820 | |
| F-Secure | 20180820 | |
| GData | 20180820 | |
| Sophos ML | 20180717 | |
| Jiangmin | 20180820 | |
| K7AntiVirus | 20180820 | |
| K7GW | 20180820 | |
| Kaspersky | 20180820 | |
| Kingsoft | 20180820 | |
| Malwarebytes | 20180820 | |
| MAX | 20180820 | |
| McAfee | 20180820 | |
| McAfee-GW-Edition | 20180820 | |
| Microsoft | 20180820 | |
| eScan | 20180820 | |
| Palo Alto Networks (Known Signatures) | 20180820 | |
| Panda | 20180820 | |
| Rising | 20180820 | |
| SentinelOne (Static ML) | 20180701 | |
| Sophos AV | 20180820 | |
| SUPERAntiSpyware | 20180820 | |
| Symantec | 20180820 | |
| Symantec Mobile Insight | 20180814 | |
| TheHacker | 20180818 | |
| TrendMicro | 20180820 | |
| Trustlook | 20180820 | |
| VBA32 | 20180820 | |
| VIPRE | 20180820 | |
| ViRobot | 20180820 | |
| Webroot | 20180820 | |
| Yandex | 20180818 | |
| ZoneAlarm by Check Point | 20180820 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-08-20 13:14:00
template
Normal.dotm
author
Eshabenem-PC
page_count
1
last_saved
2018-08-20 13:14:00
word_count
5
revision_number
1
application_name
Microsoft Office Word
character_count
33
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
37
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
Macros and VBA code streams
ExifTool file metadata
SharedDoc
No
Author
Eshabenem-PC
CodePage
Windows Latin 1 (Western European)
System
Windows
LinksUpToDate
No
HeadingPairs
Title, 1
Identification
Word 8.0
Template
Normal.dotm
CharCountWithSpaces
37
CreateDate
2018:08:20 12:14:00
Word97
No
LanguageCode
English (US)
CompObjUserType
Microsoft Word 97-2003 Document
ModifyDate
2018:08:20 12:14:00
ScaleCrop
No
Characters
33
HyperlinksChanged
No
RevisionNumber
1
MIMEType
application/msword
Words
5
FileType
DOC
Lines
1
AppVersion
16.0
Security
None
Software
Microsoft Office Word
TotalEditTime
0
Pages
1
CompObjUserTypeLen
32
FileTypeExtension
doc
Paragraphs
1
LastPrinted
0000:00:00 00:00:00
DocFlags
Has picture, 1Table, ExtChar
File identification
MD5 9bcbb7623ef7eb3165710b7073be1c23
SHA1 56ffd29f6645aad78314b0dc483f43e7943dde03
SHA256 bdd1a401cbc4ae5309e7e282ebb21194bbe126b114ea31a237c0fd22e2e73f7c
ssdeep
1536:XptJlmrJpmxlRw99NBY+aSxUY+X24bELaKi:5te2dw99fLB+mi8Vi
File size
92.8 KB ( 94976 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Eshabenem-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Aug 19 12:14:00 2018, Last Saved Time/Date: Sun Aug 19 12:14:00 2018, Number of Pages: 1, Number of Words: 5, Number of Characters: 33, Security: 0
| TrID |
Microsoft Word document (54.2%) Microsoft Word document (old ver.) (32.2%) Generic OLE2 / Multistream Compound File (13.5%) |
Tags
obfuscated
macros
run-file
doc
VirusTotal metadata
First submission
2018-08-20 17:35:40 UTC ( 2 months ago )
Last submission
2018-08-20 17:35:40 UTC ( 2 months ago )
| File names |
SWIFT #972967VGQC.doc Invoice.doc BIZ #8369YDZV.doc PAY #82552XIUHUHQ.doc SEP #9791178VA.doc PAY #2843684DYPNPA.doc PAYMENT #3588142IJ.doc PAYMENT #16TPEVGEG.doc PAYMENT #41420OLYQC.doc SWIFT #349B.doc Review invoice required.doc PAY #920PSEKIZ.doc PAY #3493312ABCGZPGJ.doc PAYMENT #6172261G.doc SEP #130777RG.doc PAYROLL #9133776SWRRXAI.doc |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!