× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ceb007931bb5b6219960d813008c28421b7b7abfcc05d0813df212ddcfa5b64f
File name: UXPCX080300012.doc
Detection ratio: 11 / 58
Analysis date: 2019-02-12 19:42:16 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20190212
Endgame malicious (high confidence) 20181108
Ikarus Trojan-Downloader.VBA.Agent 20190212
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20190212
Qihoo-360 virus.office.qexvmc.1075 20190212
SentinelOne (Static ML) static engine - malicious 20190203
TACHYON Suspicious/WOX.Obfus.Gen.6 20190212
Tencent Heur.Macro.Generic.Gen.f 20190212
TrendMicro-HouseCall Possible_OLEGTAD 20190212
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20190212
Zoner Probably W97Obfuscated 20190212
Acronis 20190208
Ad-Aware 20190212
AegisLab 20190212
AhnLab-V3 20190212
Alibaba 20180921
ALYac 20190212
Antiy-AVL 20190212
Avast 20190212
Avast-Mobile 20190212
AVG 20190212
Avira (no cloud) 20190212
Babable 20180918
Baidu 20190202
BitDefender 20190212
Bkav 20190201
CAT-QuickHeal 20190212
ClamAV 20190212
CMC 20190212
Comodo 20190212
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20190212
Cyren 20190212
DrWeb 20190212
eGambit 20190212
Emsisoft 20190212
ESET-NOD32 20190212
F-Prot 20190212
F-Secure 20190212
Fortinet 20190212
GData 20190212
Sophos ML 20181128
Jiangmin 20190212
K7AntiVirus 20190212
K7GW 20190212
Kaspersky 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190218
McAfee 20190212
McAfee-GW-Edition 20190212
Microsoft 20190212
eScan 20190212
Palo Alto Networks (Known Signatures) 20190212
Panda 20190212
Rising 20190212
Sophos AV 20190212
SUPERAntiSpyware 20190206
Symantec 20190212
Symantec Mobile Insight 20190207
TheHacker 20190212
Trapmine 20190123
Trustlook 20190212
VBA32 20190212
ViRobot 20190212
Webroot 20190212
Yandex 20190212
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 487 bytes
run-file
[+] pEIks4Soz.bas word/vbaProject.bin VBA/pEIks4Soz 600 bytes
[+] CaRVjU.bas word/vbaProject.bin VBA/CaRVjU 91 bytes
[+] v1R5eIS.bas word/vbaProject.bin VBA/v1R5eIS 582 bytes
obfuscated
Content types
bin
rels
jpeg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
Admin
cp:lastModifiedBy
Admin
cp:revision
2
dcterms:created
2019-02-12T19:00:00Z
dcterms:modified
2019-02-12T19:00:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
1
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
1
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Admin

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2019:02:12 19:00:00Z

ZipCRC
0x93647052

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2019:02:12 19:00:00Z

Lines
1

AppVersion
16.0

ZipUncompressedSize
1769

ZipCompressedSize
422

Characters
1

CharactersWithSpaces
1

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
Admin

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
17
Uncompressed size
298772
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
12
bin
1
Contained files by type
XML
15
Microsoft Office
1
JPG
1
File identification
MD5 79213aafca83f6ccbb6c5b45caa7433a
SHA1 9e6d01e9af067014aa64ba03ab87152d22af2b8a
SHA256 ceb007931bb5b6219960d813008c28421b7b7abfcc05d0813df212ddcfa5b64f
ssdeep
3072:rX0gPv0gPqJDRqHgIhqRQfMS7G4UB4IsspevHfXgvoUXIakRdIvN+Dud0:rxpqhRqHg/aN7GjsspevHf8fkkl+Di0

File size 242.4 KB ( 248234 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated macros run-file docx

VirusTotal metadata
First submission 2019-02-12 19:29:29 UTC ( 1 month, 1 week ago )
Last submission 2019-02-13 14:13:17 UTC ( 1 month ago )
File names PAY88893360590802173.doc
9244566090964_2019.doc
SCLS39846074352075201232_2019.doc
US302807486674804.doc
764540884391359.doc
51341619076389843.doc
US571538068.doc
913360787359.doc
PAY4024874855926.doc
PAY62758153565055.doc
ACC84325920614.doc
PAY7215954939.doc
PAY0990023494521752713.doc
45573983679.doc
598660024.doc
S15211328467.doc
07194391059570.doc
PAY9721918263.doc
PAY74424094685150651.doc
PAY87965599601488.doc
PAY7177614830551041.doc
VJ148865027.doc
S131569703086413.doc
UIQK267665647.doc
ACC7908750245260025110.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!