× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
File name: FTC_kelly.doc
Detection ratio: 5 / 56
Analysis date: 2017-04-17 17:46:31 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
DrWeb modification of W97M.Suspicious.1 20170417
Fortinet WM/Agent.JU!tr 20170417
McAfee W97M/Dropper.da 20170417
McAfee-GW-Edition W97M/Dropper.da 20170417
Qihoo-360 virus.office.qexvmc.1065 20170417
Ad-Aware 20170417
AegisLab 20170417
AhnLab-V3 20170417
Alibaba 20170417
ALYac 20170417
Antiy-AVL 20170417
Arcabit 20170417
Avast 20170417
AVG 20170417
Avira (no cloud) 20170417
AVware 20170417
Baidu 20170417
BitDefender 20170417
Bkav 20170415
CAT-QuickHeal 20170417
ClamAV 20170417
CMC 20170417
Comodo 20170417
CrowdStrike Falcon (ML) 20170130
Cyren 20170417
Emsisoft 20170417
Endgame 20170413
ESET-NOD32 20170417
F-Prot 20170417
F-Secure 20170417
GData 20170417
Ikarus 20170417
Sophos ML 20170413
Jiangmin 20170417
K7AntiVirus 20170417
K7GW 20170417
Kaspersky 20170417
Kingsoft 20170417
Malwarebytes 20170417
Microsoft 20170417
eScan 20170417
NANO-Antivirus 20170416
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170417
Panda 20170417
Rising 20170417
SentinelOne (Static ML) 20170330
Sophos AV 20170417
SUPERAntiSpyware 20170417
Symantec 20170417
Symantec Mobile Insight 20170414
Tencent 20170417
TheHacker 20170416
TrendMicro 20170417
TrendMicro-HouseCall 20170417
Trustlook 20170417
VBA32 20170417
VIPRE 20170417
ViRobot 20170417
Webroot 20170417
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
ZoneAlarm by Check Point 20170417
Zoner 20170417
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
last_author
admin
creation_datetime
2017-04-17 10:17:00
author
White
title
page_count
1
last_saved
2017-04-17 10:22:00
edit_time
180
word_count
250
revision_number
4
application_name
Microsoft Office Word
character_count
1426
security
8
code_page
Cyrillic
template
Normal
Document summary
byte_count
11000
characters_with_spaces
1673
line_count
11
version
730895
paragraph_count
3
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8640
type_literal
stream
sid
24
name
\x01CompObj
size
113
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6163
type_literal
stream
sid
1
name
Data
size
29704
type_literal
stream
sid
17
name
Macros/PROJECT
size
530
type_literal
stream
sid
23
name
Macros/PROJECTwm
size
101
type_literal
stream
sid
15
type
macro
name
Macros/VBA/ThisDocument
size
10570
type_literal
stream
sid
16
name
Macros/VBA/_VBA_PROJECT
size
11273
type_literal
stream
sid
9
name
Macros/VBA/__SRP_0
size
3474
type_literal
stream
sid
10
name
Macros/VBA/__SRP_1
size
848
type_literal
stream
sid
11
name
Macros/VBA/__SRP_6
size
362
type_literal
stream
sid
12
name
Macros/VBA/__SRP_7
size
66
type_literal
stream
sid
8
name
Macros/VBA/dir
size
882
type_literal
stream
sid
14
type
macro
name
Macros/VBA/nonfissile
size
16172
type_literal
stream
sid
13
type
macro (only attributes)
name
Macros/VBA/provided
size
1384
type_literal
stream
sid
21
name
Macros/provided/\x01CompObj
size
97
type_literal
stream
sid
22
name
Macros/provided/\x03VBFrame
size
286
type_literal
stream
sid
19
name
Macros/provided/f
size
98
type_literal
stream
sid
20
name
Macros/provided/o
size
12228
type_literal
stream
sid
3
name
WordDocument
size
54805
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4171 bytes
[+] nonfissile.bas Macros/VBA/nonfissile 7665 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

Author
White

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
1673

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:04:17 09:22:00

Characters
1426

CodePage
Windows Cyrillic

RevisionNumber
4

MIMEType
application/msword

Words
250

Lines
11

CreateDate
2017:04:17 09:17:00

Bytes
11000

AppVersion
11.9999

Security
Locked for annotations

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
3.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
3

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 5d05405bc55702acc7784e30c9dac56e
SHA1 da6be008dc8443e57d9364397e84f247cc859959
SHA256 c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
ssdeep
3072:8T+57zn6BGMjmVNKe5Y7OnPOyqHPnyeachEh46mIJ0cZNF8RF8:8T+5q8MBe5VO/vnyeaYEh46zXNFYF

File size 163.0 KB ( 166912 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: White, Template: Normal, Last Saved By: admin, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Sun Apr 16 09:17:00 2017, Last Saved Time/Date: Sun Apr 16 09:22:00 2017, Number of Pages: 1, Number of Words: 250, Number of Characters: 1426, Security: 8

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-04-17 14:32:14 UTC ( 1 year, 6 months ago )
Last submission 2018-07-23 21:49:59 UTC ( 2 months, 3 weeks ago )
File names FTC_i.rzayev.doc
FTC_daniel.v.snyder.doc
FTC_jeroen.murre.doc
FTC_jennie.r.sadosky.doc
FTC_nicole.kinskofer.doc
FTC_skr-gst.doc
FTC_autumn.b.humphrey.doc
FTC_dano.doc
FTC_schan.doc
FTC_birgitta.danielson.doc
FTC_thorsdal.doc
FTC_kyoko.yokoyama.doc
FTC_michelle.soliz.doc
FTC_briley.doc
FTC_dennis.healy.doc
FTC_karasvn.doc
FTC_bethany.aiardo.doc
FTC_yoyaku.doc
FTC_woodhaml.doc
FTC_sbakos.doc
FTC_helpdesk.bstl.doc
FTC_bruce.weaver.doc
FTC_lholbeche.doc
FTC_joel.butler.doc
FTC_kelly.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!