× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c251d3619f202292dacfdcb6bfebac0172db74fffa69a36239d28a56d0f663f5
File name: rbs1523574523-32567.doc
Detection ratio: 5 / 58
Analysis date: 2017-10-18 10:25:58 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20171018
Fortinet VBA/Agent.ESO!tr.dldr 20171018
Ikarus Win32.Outbreak 20171018
Qihoo-360 virus.office.qexvmc.1085 20171018
Tencent Macro.Trojan.Dropperd.Auto 20171018
Ad-Aware 20171018
AegisLab 20171018
AhnLab-V3 20171018
Alibaba 20170911
ALYac 20171018
Arcabit 20171017
Avast 20171018
Avast-Mobile 20171018
AVG 20171018
Avira (no cloud) 20171018
AVware 20171018
Baidu 20171018
BitDefender 20171018
Bkav 20171017
CAT-QuickHeal 20171018
ClamAV 20171018
CMC 20171018
Comodo 20171017
CrowdStrike Falcon (ML) 20170804
Cylance 20171018
Cyren 20171018
eGambit 20171018
Emsisoft 20171018
Endgame 20171016
ESET-NOD32 20171018
F-Prot 20171018
GData 20171018
Sophos ML 20170914
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kaspersky 20171018
Kingsoft 20171018
Malwarebytes 20171018
MAX 20171018
McAfee 20171018
McAfee-GW-Edition 20171018
Microsoft 20171018
eScan 20171018
NANO-Antivirus 20171018
nProtect 20171018
Palo Alto Networks (Known Signatures) 20171018
Panda 20171017
Rising 20171018
SentinelOne (Static ML) 20171001
Sophos AV 20171018
SUPERAntiSpyware 20171018
Symantec 20171018
Symantec Mobile Insight 20171011
TheHacker 20171017
TrendMicro 20171018
TrendMicro-HouseCall 20171018
Trustlook 20171018
VBA32 20171017
VIPRE 20171018
ViRobot 20171018
Webroot 20171018
WhiteArmor 20171016
Yandex 20171017
Zillya 20171018
ZoneAlarm by Check Point 20171018
Zoner 20171018
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-10-18 08:50:00
revision_number
3
author
Longer
page_count
1
last_saved
2017-10-18 08:55:00
edit_time
300
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
company
diakov.net
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
33536
type_literal
stream
sid
56
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6902
type_literal
stream
sid
1
name
Data
size
113697
type_literal
stream
sid
55
name
Macros/PROJECT
size
1233
type_literal
stream
sid
54
name
Macros/PROJECTwm
size
509
type_literal
stream
sid
37
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
38
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
35
name
Macros/UserForm1/f
size
395
type_literal
stream
sid
36
name
Macros/UserForm1/o
size
604
type_literal
stream
sid
42
name
Macros/UserForm2/\x01CompObj
size
97
type_literal
stream
sid
43
name
Macros/UserForm2/\x03VBFrame
size
291
type_literal
stream
sid
40
name
Macros/UserForm2/f
size
251
type_literal
stream
sid
41
name
Macros/UserForm2/o
size
292
type_literal
stream
sid
47
name
Macros/UserForm3/\x01CompObj
size
97
type_literal
stream
sid
48
name
Macros/UserForm3/\x03VBFrame
size
291
type_literal
stream
sid
45
name
Macros/UserForm3/f
size
147
type_literal
stream
sid
46
name
Macros/UserForm3/o
size
72
type_literal
stream
sid
52
name
Macros/UserForm4/\x01CompObj
size
97
type_literal
stream
sid
53
name
Macros/UserForm4/\x03VBFrame
size
291
type_literal
stream
sid
50
name
Macros/UserForm4/f
size
147
type_literal
stream
sid
51
name
Macros/UserForm4/o
size
108
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Module10
size
1146
type_literal
stream
sid
18
type
macro
name
Macros/VBA/Module11
size
1504
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Module12
size
1433
type_literal
stream
sid
20
type
macro
name
Macros/VBA/Module13
size
877
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Module14
size
875
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module2
size
921
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module4
size
1427
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module5
size
878
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module6
size
1042
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Module7
size
1432
type_literal
stream
sid
15
type
macro
name
Macros/VBA/Module8
size
1039
type_literal
stream
sid
16
type
macro
name
Macros/VBA/Module9
size
901
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1205
type_literal
stream
sid
23
type
macro
name
Macros/VBA/UserForm1
size
1434
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/UserForm2
size
1251
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/UserForm3
size
1263
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/UserForm4
size
1263
type_literal
stream
sid
27
name
Macros/VBA/_VBA_PROJECT
size
6687
type_literal
stream
sid
9
type
macro
name
Macros/VBA/dfhyjy
size
1733
type_literal
stream
sid
28
name
Macros/VBA/dir
size
1310
type_literal
stream
sid
22
type
macro
name
Macros/VBA/myform1
size
2641
type_literal
stream
sid
32
name
Macros/myform1/\x01CompObj
size
97
type_literal
stream
sid
33
name
Macros/myform1/\x03VBFrame
size
289
type_literal
stream
sid
30
name
Macros/myform1/f
size
311
type_literal
stream
sid
31
name
Macros/myform1/o
size
444
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 30 bytes
[+] dfhyjy.bas Macros/VBA/dfhyjy 383 bytes
[+] Module2.bas Macros/VBA/Module2 66 bytes
[+] Module4.bas Macros/VBA/Module4 289 bytes
[+] Module5.bas Macros/VBA/Module5 52 bytes
[+] Module6.bas Macros/VBA/Module6 114 bytes
[+] Module7.bas Macros/VBA/Module7 296 bytes
[+] Module8.bas Macros/VBA/Module8 116 bytes
[+] Module9.bas Macros/VBA/Module9 52 bytes
[+] Module10.bas Macros/VBA/Module10 136 bytes
[+] Module11.bas Macros/VBA/Module11 296 bytes
[+] Module12.bas Macros/VBA/Module12 214 bytes
[+] Module13.bas Macros/VBA/Module13 51 bytes
[+] Module14.bas Macros/VBA/Module14 52 bytes
[+] myform1.frm Macros/VBA/myform1 602 bytes
[+] UserForm1.frm Macros/VBA/UserForm1 86 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:10:18 08:50:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:10:18 08:55:00

Company
diakov.net

Characters
1

CodePage
Unicode (UTF-8)

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
5 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 6159deac86bdfc04c622fb9bd89fad33
SHA1 23ba5d13a8d7a4723e951c4e97d274464831bba8
SHA256 c251d3619f202292dacfdcb6bfebac0172db74fffa69a36239d28a56d0f663f5
ssdeep
3072:hO/o31uh6Ry484UyUqDV7LnjH/vVBB8knt+OgoH+7zB73/BNA:E/o31uh60484UyUqDV/jHXV3XJgs+7zW

File size 182.5 KB ( 186882 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Tue Oct 17 08:50:00 2017, Last Saved Time/Date: Tue Oct 17 08:55:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-10-18 10:25:58 UTC ( 1 year, 4 months ago )
Last submission 2018-05-05 12:30:21 UTC ( 9 months, 2 weeks ago )
File names rbs1523574523-32567.doc
__substg1.0_37010102
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!