× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd
File name: SKM_4050151222162800-00.doc
Detection ratio: 3 / 54
Analysis date: 2016-01-22 09:26:31 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160122
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160122
Fortinet WM/Agent!tr 20160122
Ad-Aware 20160122
AegisLab 20160122
Yandex 20160121
AhnLab-V3 20160121
Alibaba 20160122
ALYac 20160122
Antiy-AVL 20160122
Avast 20160122
AVG 20160121
Avira (no cloud) 20160122
Baidu-International 20160122
BitDefender 20160122
Bkav 20160121
ByteHero 20160122
CAT-QuickHeal 20160122
ClamAV 20160122
CMC 20160111
Comodo 20160122
Cyren 20160122
DrWeb 20160122
Emsisoft 20160122
ESET-NOD32 20160122
F-Prot 20160122
GData 20160122
Ikarus 20160122
Jiangmin 20160122
K7AntiVirus 20160122
K7GW 20160122
Kaspersky 20160122
Malwarebytes 20160122
McAfee 20160122
McAfee-GW-Edition 20160122
Microsoft 20160122
eScan 20160122
NANO-Antivirus 20160122
nProtect 20160121
Panda 20160121
Qihoo-360 20160122
Rising 20160122
Sophos AV 20160122
SUPERAntiSpyware 20160122
Symantec 20160121
Tencent 20160122
TheHacker 20160119
TrendMicro 20160122
TrendMicro-HouseCall 20160122
VBA32 20160121
VIPRE 20160122
ViRobot 20160122
Zillya 20160121
Zoner 20160122
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2016-01-22 09:10:00
revision_number
4
author
3
page_count
2
last_saved
2016-01-22 09:11:00
word_count
2
template
Normal
application_name
Microsoft Office Word
character_count
16
code_page
Cyrillic
subject
3
Document summary
category
2
line_count
1
company
Home
characters_with_spaces
17
content_status
2
version
917504
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
2944
type_literal
stream
sid
14
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
7070
type_literal
stream
sid
13
name
Macros/PROJECT
size
464
type_literal
stream
sid
12
name
Macros/PROJECTwm
size
89
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
18820
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module2
size
8809
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1504
type_literal
stream
sid
10
name
Macros/VBA/_VBA_PROJECT
size
9666
type_literal
stream
sid
11
name
Macros/VBA/dir
size
595
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 35 bytes
[+] Module2.bas Macros/VBA/Module2 2698 bytes
obfuscated open-file run-file write-file
[+] Module1.bas Macros/VBA/Module1 6209 bytes
exe-pattern create-file create-ole download open-file run-file
ExifTool file metadata
Category
2

HyperlinkBase
4

SharedDoc
No

Author
3

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
17

CreateDate
2016:01:22 08:10:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2016:01:22 08:11:00

Company
Home

HyperlinksChanged
No

Characters
16

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Subject
3

File identification
MD5 c42d1fdb61706b00df487d9144b2a5f2
SHA1 f631b591658b216aae9e1f8d7a35ee1dd8d14171
SHA256 d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd
ssdeep
768:SzJgzjZ/PjFTvvlfpkpIQ8KeqASROmbO:xHJPhnK7Rx

File size 62.5 KB ( 64000 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Subject: 3, Author: 3, Template: Normal, Last Saved By: 1, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Jan 21 08:10:00 2016, Last Saved Time/Date: Thu Jan 21 08:11:00 2016, Number of Pages: 2, Number of Words: 2, Number of Characters: 16, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file exe-pattern doc create-file run-file macros attachment download write-file create-ole

VirusTotal metadata
First submission 2016-01-22 08:53:39 UTC ( 1 year, 10 months ago )
Last submission 2017-11-23 23:07:18 UTC ( 13 hours, 32 minutes ago )
File names 9bf2369ab1dde3606d06d776ae8fdb75
SKM_4050151222162800-00.doc
68222b7b4391f690a90670c9bb1581b0
cea8d16c240d59a93f1741b454216804
6293b3f5da97d027fa2f512ec6f51b50
Malware_MSOLE2_d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd
4b1742cf7aecf131cccb8d100c8155e9
0a9a6cf2d20e10bccef3613612e6ea33
7e406dcb7765e0a0bb632430d0adf11b
6e07a50fcdfc6b514c3d80ad5f8ba482
SKM_4050151222162800_virus!!!!!!!!!!!!!.doc
75c608e77a6ef443dfa9779bfc8ff0be
51b1fb847ed1053e771c30891301dea5
37d5f9b6badbd5a3f31c4072f8714a85
288723216601-107-0_attach.1.SKM_4050151222162800.doc
SKM_4050151222162800.doc
skm_4050151222162800.doc
9490c31d092a20e479fb80572e1386d1
SKM_4050151222162800.dxx
2e77f4e1fc07167264c4813fd1486eb0
SKM_4050151222162800.doc_
DecodedBase64(3).bin
TEST_VIRUS.doc
SKM_4050151222162800.doc
SKM_4050151222162800.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!