× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c21f0f6ca73c0c30e205074e7a5c73850eb72bf7361d0105c0b72b4247800029
File name: CMS Collateral Report_20151027173233.doc
Detection ratio: 4 / 55
Analysis date: 2015-10-27 19:41:28 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Avast VBA:Downloader-RQ [Trj] 20151027
McAfee W97M/Dropper.x 20151027
McAfee-GW-Edition Artemis!FCB8647D5AB8 20151027
Rising PE:Malware.Obscure!1.9C59 [F] 20151027
Ad-Aware 20151027
AegisLab 20151027
Yandex 20151027
AhnLab-V3 20151027
Alibaba 20151027
ALYac 20151027
Antiy-AVL 20151027
Arcabit 20151027
AVG 20151027
Avira (no cloud) 20151027
AVware 20151027
Baidu-International 20151027
BitDefender 20151027
Bkav 20151027
ByteHero 20151027
CAT-QuickHeal 20151027
ClamAV 20151027
CMC 20151026
Comodo 20151027
Cyren 20151027
DrWeb 20151027
Emsisoft 20151027
ESET-NOD32 20151027
F-Prot 20151027
F-Secure 20151027
Fortinet 20151027
GData 20151027
Ikarus 20151027
Jiangmin 20151026
K7AntiVirus 20151027
K7GW 20151027
Kaspersky 20151027
Malwarebytes 20151027
Microsoft 20151027
eScan 20151027
NANO-Antivirus 20151027
nProtect 20151027
Panda 20151027
Qihoo-360 20151027
Sophos 20151027
SUPERAntiSpyware 20151027
Symantec 20151026
Tencent 20151027
TheHacker 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
VBA32 20151027
VIPRE 20151027
ViRobot 20151027
Zillya 20151027
Zoner 20151027
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
creation_datetime
2015-10-27 19:16:00
template
Normal.dotm
page_count
1
last_saved
2015-10-27 17:04:00
word_count
409
revision_number
1
application_name
Microsoft Office Word
character_count
2337
code_page
Latin I
Document summary
line_count
19
characters_with_spaces
2741
version
786432
paragraph_count
5
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
4928
type_literal
stream
size
121
name
\x01CompObj
sid
17
type_literal
stream
size
320
name
\x05DocumentSummaryInformation
sid
9
type_literal
stream
size
404
name
\x05SummaryInformation
sid
8
type_literal
stream
size
8601
name
1Table
sid
7
type_literal
stream
size
31685
name
Data
sid
1
type_literal
stream
size
432
name
Macros/PROJECT
sid
15
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
5306
type
macro
name
Macros/VBA/ThisDocument
sid
13
type_literal
stream
size
2818
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
515
name
Macros/VBA/dir
sid
12
type_literal
stream
size
87507
name
ObjectPool/_1507476967/\x01Ole10Native
sid
6
type_literal
stream
size
6
name
ObjectPool/_1507476967/\x03ObjInfo
sid
5
type_literal
stream
size
47424
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 1775 bytes
exe-pattern auto-open create-ole environ open-file run-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
Title, 1, , 1

Template
Normal.dotm

CharCountWithSpaces
2741

CreateDate
2015:10:27 18:16:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2015:10:27 16:04:00

TitleOfParts
,

Characters
2337

CodePage
Unicode (UTF-8)

RevisionNumber
1

MIMEType
application/msword

Words
409

FileType
DOC

Lines
19

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
5

Compressed bundles
File identification
MD5 d26b5cc191fcb1593372651ecbcf60e1
SHA1 76936f9952b2992fd83ee8c5812ac09fc6a6575e
SHA256 c21f0f6ca73c0c30e205074e7a5c73850eb72bf7361d0105c0b72b4247800029
ssdeep
1536:azbLRkjBor70GHL1kLOAgA9UBh1hnKxOzg2bVP/uCkhNNls30do1u4R4NuOukif8:a6ar71kLEAw1loegSqN63io3T00C3

File size 187.0 KB ( 191488 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 26 18:16:00 2015, Last Saved Time/Date: Mon Oct 26 16:04:00 2015, Number of Pages: 1, Number of Words: 409, Number of Characters: 2337, Security: 0

TrID Microsoft Word document (45.7%)
Microsoft Excel sheet (42.8%)
Generic OLE2 / Multistream Compound File (11.4%)
Tags
open-file auto-open exe-pattern doc run-file macros environ create-ole

VirusTotal metadata
First submission 2015-10-27 16:30:21 UTC ( 1 year, 6 months ago )
Last submission 2015-10-30 07:54:15 UTC ( 1 year, 6 months ago )
File names CMS Collateral Report_20151027180312.doc
e0d3178107a3da4ef936832944499699
CMS Collateral Report_20151027160548.doc
ateral_Report_20151027161451.doc
CMS Collateral Report_20151027162218.doc
CMS Collateral Report_20151027194946.doc
0003_.b64.doc
CMS Collateral Report_20151027170018.doc
CMS Collateral Report_20151027173233.doc
CMS Collateral Report_20151027170308.doc
CMS Collateral Report_20151027165600.doc
CMS Collateral Report_20151027172003.doc
CMS Collateral Report_20151027162625.doc
CMS Collateral Report_20151027164513.doc
virus CMS Collateral Report_20151027153551.doc
CMS Collateral Report_20151027165158.doc
CMS Collateral Report_20151027161451.doc
CMS Collateral Report_20151027154922.doc
CMS Collateral Report_20151027154611.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!