× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c166aff46cadce2db642047cdca65234c32c6634d9ed822eeeb2a911178d6cc3
File name: doc_98E350A8A6C443C72FA6DB1FBC0B79AD
Detection ratio: 19 / 55
Analysis date: 2014-09-09 19:38:52 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
AVware LooksLike.SWF.Malware.b (v) 20140909
Avast SWF:CVE-2012-5054-A [Expl] 20140909
Avira EXP/SWF.CZ.2 20140909
Comodo UnclassifiedMalware 20140909
Cyren CVE135331 20140909
DrWeb Exploit.SWF.232 20140909
ESET-NOD32 SWF/Exploit.CVE-2012-5054.B 20140909
F-Prot CVE135331 20140909
F-Secure Exploit:SWF/CVE-2012-5054.A 20140909
Kaspersky HEUR:Exploit.SWF.Agent.gen 20140909
McAfee Generic Exploit.f 20140909
McAfee-GW-Edition Generic Exploit.f 20140909
NANO-Antivirus Exploit.Swf.CVE-2012-5054.cgyubt 20140909
Qihoo-360 Trojan.Generic 20140909
Sophos Troj/SWFExp-CI 20140909
Symantec Trojan.Mdropper 20140909
Tencent Win32.Exploit.Agent.Hwwh 20140909
TrendMicro TROJ_MDROP.USR 20140909
VIPRE LooksLike.SWF.Malware.b (v) 20140909
AVG 20140909
Ad-Aware 20140909
AegisLab 20140909
Agnitum 20140909
AhnLab-V3 20140909
Antiy-AVL 20140909
Baidu-International 20140909
BitDefender 20140909
Bkav 20140909
ByteHero 20140909
CAT-QuickHeal 20140909
CMC 20140908
ClamAV 20140908
Emsisoft 20140909
Fortinet 20140909
GData 20140909
Ikarus 20140909
Jiangmin 20140909
K7AntiVirus 20140909
K7GW 20140909
Kingsoft 20140909
Malwarebytes 20140909
MicroWorld-eScan 20140909
Microsoft 20140909
Norman 20140909
Panda 20140909
Rising 20140909
SUPERAntiSpyware 20140909
TheHacker 20140908
TotalDefense 20140909
TrendMicro-HouseCall 20140909
VBA32 20140909
ViRobot 20140909
Zillya 20140909
Zoner 20140908
nProtect 20140907
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Summary
last_author
1785429
creation_datetime
2012-05-15 11:39:00
author
.......
title
page_count
1
last_saved
2012-05-15 11:39:00
word_count
7
revision_number
2
application_name
Microsoft Office Word
character_count
41
code_page
Latin I
template
Normal.dot
Document summary
line_count
1
company
Leibniz
characters_with_spaces
47
version
730895
paragraph_count
1
code_page
Latin I
OLE Streams
kids
\\x01CompObj, \\x05DocumentSummaryInformation, \\x05SummaryInformation, 1Table, Data, ObjectPool, WordDocument
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
size
3840
type_literal
stream
size
4096
entropy
0.569970384176
name
Data
md5
bd0b5598f662d3ad011fd7038a13d340
type_literal
stream
size
4146
entropy
1.1936491262
name
WordDocument
md5
4bf87afe6766a0715447f21df25f8085
type_literal
storage
kids
_1398590705
name
ObjectPool
size
0
kids
\\x01CompObj, \\x01Ole, \\x02OlePres000, \\x03OCXNAME, \\x03ObjInfo, contents
name
_1398590705
clsid
d27cdb6e-ae6d-11cf-96b8-444553540000
type_literal
storage
clsid_literal
Adobe Flash
size
0
type_literal
stream
size
145
entropy
4.1482786175
name
\\x01CompObj
md5
f7c201a6e922343bee3a9b636efddbaf
type_literal
stream
size
2336
entropy
2.1297244041
name
1Table
md5
16b772118f1e411b882ac3e486a2286c
type_literal
stream
size
412
entropy
3.20630686399
name
\\x05SummaryInformation
md5
3afb74090bc84a63921d6be95babde57
type_literal
stream
size
284
entropy
2.66386891138
name
\\x05DocumentSummaryInformation
md5
8a6d92aeefa1eaa29c8829866a9b4586
type_literal
stream
size
113
entropy
4.1482786175
name
\\x01CompObj
md5
f7c201a6e922343bee3a9b636efddbaf
ExifTool file metadata
SharedDoc
No

Author
.......

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
1785429

HeadingPairs
Title, 1

Template
Normal.dot

CharCountWithSpaces
47

CreateDate
2012:05:15 10:39:00

CompObjUserType
Microsoft Office Word Document

ModifyDate
2012:05:15 10:39:00

Company
Leibniz

HyperlinksChanged
No

Characters
41

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
7

FileType
DOC

Lines
1

AppVersion
11.9999

FileAccessDate
2014:06:24 10:08:16+01:00

Security
None

FileCreateDate
2014:06:24 10:08:16+01:00

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

Paragraphs
1

File identification
MD5 98e350a8a6c443c72fa6db1fbc0b79ad
SHA1 07f5d6032c3fb1b834f10689efdf3327f0909c3f
SHA256 c166aff46cadce2db642047cdca65234c32c6634d9ed822eeeb2a911178d6cc3
ssdeep
192:Zvy2FjEyitZwosXGGluLqCU2w5ZuiMCMhOrDPjTF7L90txhLip:lHytZhmGGluLc2q5Djh7CtXL

File size 32.0 KB ( 32768 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: , Author: ......., Template: Normal.dot, Last Saved By: 1785429, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon May 14 10:39:00 2012, Last Saved Time/Date: Mon May 14 10:39:00 2012, Number of Pages: 1, Number of Words: 7, Number of Characters: 41, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
doc exploit cve-2012-5054

VirusTotal metadata
First submission 2012-09-10 07:44:43 UTC ( 2 years, 11 months ago )
Last submission 2014-09-09 19:38:52 UTC ( 11 months, 3 weeks ago )
File names 98E350A8A6C443C72FA6DB1FBC0B79AD.doc
98E350A8A6C443C72FA6DB1FBC0B79AD.doc.malware
رسالة الكوفحي.doc
vti-rescan
file-4486633_doc
doc_98E350A8A6C443C72FA6DB1FBC0B79AD
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!