× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
File name: VirusShare_5d05405bc55702acc7784e30c9dac56e
Detection ratio: 37 / 57
Analysis date: 2017-07-22 06:52:27 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware VB:Trojan.Valyria.385 20170722
AegisLab Troj.Script.Agent!c 20170722
AhnLab-V3 W97M/Inject 20170721
ALYac VB:Trojan.Valyria.385 20170722
Antiy-AVL Trojan[Downloader]/MSOffice.Agent 20170722
Arcabit VB:Trojan.Valyria.385 20170722
Avira (no cloud) W97M/Agent.88345255 20170722
AVware Trojan.OLE.Generic.a (v) 20170721
Baidu VBA.Trojan.Kryptik.at 20170721
BitDefender VB:Trojan.Valyria.385 20170722
CAT-QuickHeal W97M.Downloader.AIV 20170721
ClamAV Doc.Dropper.Agent-6296402-0 20170722
Cyren W97M/Hancitor 20170722
DrWeb modification of W97M.Suspicious.1 20170722
Emsisoft VB:Trojan.Valyria.385 (B) 20170722
ESET-NOD32 VBA/Kryptik.AP 20170722
F-Prot New or modified W97M/Hancitor 20170722
F-Secure VB:Trojan.Valyria.385 20170722
Fortinet WM/Kryptik.AP!tr 20170722
GData VB:Trojan.Valyria.385 20170722
Ikarus Trojan-Downloader.VBA.Agent 20170721
Kaspersky HEUR:Trojan.Script.Agent.gen 20170722
MAX malware (ai score=99) 20170722
McAfee W97M/Downloader.bqh 20170722
McAfee-GW-Edition W97M/Downloader.bqh 20170722
Microsoft TrojanDropper:O97M/Damatak 20170722
eScan VB:Trojan.Valyria.385 20170722
NANO-Antivirus Trojan.Script.Agent.enzcue 20170722
Panda W97M/Downloader 20170721
Qihoo-360 virus.office.qexvmc.1100 20170722
Rising Dropper.Damatak!8.E44E (topis:AYfg9Q1HeSV) 20170722
Sophos AV Troj/DocDl-IRD 20170722
Symantec W97M.Downloader 20170721
TrendMicro W2KM_HANCITOR.YYSXU 20170722
TrendMicro-HouseCall W2KM_HANCITOR.YYSXU 20170722
VIPRE Trojan.OLE.Generic.a (v) 20170722
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170722
Alibaba 20170721
Avast 20170722
AVG 20170722
CMC 20170721
Comodo 20170722
CrowdStrike Falcon (ML) 20170710
Cylance 20170722
Endgame 20170721
Sophos ML 20170607
Jiangmin 20170722
K7AntiVirus 20170722
K7GW 20170722
Kingsoft 20170722
Malwarebytes 20170722
nProtect 20170722
Palo Alto Networks (Known Signatures) 20170722
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170722
Symantec Mobile Insight 20170720
Tencent 20170722
TheHacker 20170719
TotalDefense 20170722
Trustlook 20170722
VBA32 20170721
ViRobot 20170722
Webroot 20170722
WhiteArmor 20170721
Yandex 20170721
Zillya 20170721
Zoner 20170722
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
last_author
admin
creation_datetime
2017-04-17 10:17:00
author
White
title
page_count
1
last_saved
2017-04-17 10:22:00
edit_time
180
word_count
250
revision_number
4
application_name
Microsoft Office Word
character_count
1426
security
8
code_page
Cyrillic
template
Normal
Document summary
byte_count
11000
characters_with_spaces
1673
line_count
11
version
730895
paragraph_count
3
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8640
type_literal
stream
size
113
name
\x01CompObj
sid
24
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
6163
name
1Table
sid
2
type_literal
stream
size
29704
name
Data
sid
1
type_literal
stream
size
530
name
Macros/PROJECT
sid
17
type_literal
stream
size
101
name
Macros/PROJECTwm
sid
23
type_literal
stream
size
10570
type
macro
name
Macros/VBA/ThisDocument
sid
15
type_literal
stream
size
11273
name
Macros/VBA/_VBA_PROJECT
sid
16
type_literal
stream
size
3474
name
Macros/VBA/__SRP_0
sid
9
type_literal
stream
size
848
name
Macros/VBA/__SRP_1
sid
10
type_literal
stream
size
362
name
Macros/VBA/__SRP_6
sid
11
type_literal
stream
size
66
name
Macros/VBA/__SRP_7
sid
12
type_literal
stream
size
882
name
Macros/VBA/dir
sid
8
type_literal
stream
size
16172
type
macro
name
Macros/VBA/nonfissile
sid
14
type_literal
stream
size
1384
type
macro (only attributes)
name
Macros/VBA/provided
sid
13
type_literal
stream
size
97
name
Macros/provided/\x01CompObj
sid
21
type_literal
stream
size
286
name
Macros/provided/\x03VBFrame
sid
22
type_literal
stream
size
98
name
Macros/provided/f
sid
19
type_literal
stream
size
12228
name
Macros/provided/o
sid
20
type_literal
stream
size
54805
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4171 bytes
[+] nonfissile.bas Macros/VBA/nonfissile 7665 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

Author
White

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
1673

CreateDate
2017:04:17 09:17:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:04:17 09:22:00

HyperlinksChanged
No

Characters
1426

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
250

Bytes
11000

FileType
DOC

Lines
11

AppVersion
11.9999

Security
Locked for annotations

Software
Microsoft Office Word

TotalEditTime
3.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
3

Compressed bundles
File identification
MD5 5d05405bc55702acc7784e30c9dac56e
SHA1 da6be008dc8443e57d9364397e84f247cc859959
SHA256 c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
ssdeep
3072:8T+57zn6BGMjmVNKe5Y7OnPOyqHPnyeachEh46mIJ0cZNF8RF8:8T+5q8MBe5VO/vnyeaYEh46zXNFYF

File size 163.0 KB ( 166912 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: White, Template: Normal, Last Saved By: admin, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Sun Apr 16 09:17:00 2017, Last Saved Time/Date: Sun Apr 16 09:22:00 2017, Number of Pages: 1, Number of Words: 250, Number of Characters: 1426, Security: 8

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-04-17 14:32:14 UTC ( 5 months, 1 week ago )
Last submission 2017-07-22 06:52:27 UTC ( 2 months ago )
File names FTC_i.rzayev.doc
FTC_daniel.v.snyder.doc
FTC_jeroen.murre.doc
FTC_jennie.r.sadosky.doc
FTC_nicole.kinskofer.doc
FTC_saltman.doc
FTC_skr-gst.doc
FTC_autumn.b.humphrey.doc
FTC_dano.doc
FTC_schan.doc
FTC_birgitta.danielson.doc
FTC_thorsdal.doc
FTC_kyoko.yokoyama.doc
FTC_michelle.soliz.doc
FTC_briley.doc
FTC_dennis.healy.doc
FTC_karasvn.doc
FTC_bethany.aiardo.doc
FTC_yoyaku.doc
FTC_woodhaml.doc
FTC_sbakos.doc
FTC_helpdesk.bstl.doc
FTC_bruce.weaver.doc
FTC_lholbeche.doc
FTC_joel.butler.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!