× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1efd871e5b653d4c9f38edd56f05b54700fff082f9b59f75729fb4d9bfe361b
File name: AIG02377973-InsuranceInspectionArranged.doc
Detection ratio: 0 / 57
Analysis date: 2015-01-19 08:39:58 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150119
AegisLab 20150119
Yandex 20150118
AhnLab-V3 20150119
Alibaba 20150119
ALYac 20150119
Antiy-AVL 20150119
Avast 20150119
AVG 20150119
Avira (no cloud) 20150119
AVware 20150119
Baidu-International 20150119
BitDefender 20150119
Bkav 20150117
ByteHero 20150119
CAT-QuickHeal 20150119
ClamAV 20150119
CMC 20150119
Comodo 20150119
Cyren 20150119
DrWeb 20150119
Emsisoft 20150119
ESET-NOD32 20150119
F-Prot 20150119
F-Secure 20150119
Fortinet 20150119
GData 20150119
Ikarus 20150119
Jiangmin 20150118
K7AntiVirus 20150118
K7GW 20150117
Kaspersky 20150119
Kingsoft 20150119
Malwarebytes 20150119
McAfee 20150119
McAfee-GW-Edition 20150119
Microsoft 20150119
eScan 20150119
NANO-Antivirus 20150119
Norman 20150119
nProtect 20150116
Panda 20150118
Qihoo-360 20150119
Rising 20150118
Sophos AV 20150119
SUPERAntiSpyware 20150118
Symantec 20150119
Tencent 20150119
TheHacker 20150118
TotalDefense 20150118
TrendMicro 20150119
TrendMicro-HouseCall 20150119
VBA32 20150119
VIPRE 20150119
ViRobot 20150119
Zillya 20150119
Zoner 20150116
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2014-11-24 13:03:00
template
Normal.dot
author
1
page_count
1
last_saved
2014-11-24 13:03:00
revision_number
2
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5184
type_literal
stream
size
113
name
\x01CompObj
sid
12
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
444
name
Macros/PROJECT
sid
11
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
10
type_literal
stream
size
13423
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
3930
name
Macros/VBA/_VBA_PROJECT
sid
8
type_literal
stream
size
514
name
Macros/VBA/dir
sid
9
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 5693 bytes
auto-open create-ole environ handle-file obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
0

CreateDate
2014:11:24 12:03:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2014:11:24 12:03:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.9999

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 119f0030694bce7af3c2c1ba9fd5622d
SHA1 cd79149958b81dbc9baa705ad8872bf6ca862e67
SHA256 d1efd871e5b653d4c9f38edd56f05b54700fff082f9b59f75729fb4d9bfe361b
ssdeep
192:LVoz/66h/j6vMPtpHgUWSldtD3bxKsBf2/WZ0jE+wTQyf+tPInW6Na:LzvMsVGQGe/WZ0jE+wTQq+tPsR

File size 39.0 KB ( 39936 bytes )
File type MS Word Document
Magic literal
Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal.dot, Last Saved By: 1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Nov 23 12:03:00 2014, Last Saved Time/Date: Sun Nov 23 12:03:00 2014, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (45.7%)
Microsoft Excel sheet (42.8%)
Generic OLE2 / Multistream Compound File (11.4%)
Tags
obfuscated open-file auto-open handle-file doc macros environ attachment write-file create-ole

VirusTotal metadata
First submission 2015-01-19 08:02:52 UTC ( 2 years, 9 months ago )
Last submission 2017-07-22 21:12:32 UTC ( 2 months, 4 weeks ago )
File names 19TH JANUARY 2015.doc
985a1edfe5e89435e8b70c196d550a81
fae4c88d310339ba0bf6e5bbba533388
119f0030694bce7af3c2c1ba9fd5622d.doc
48344c5d6bfcc1e94e078cc012dc09ac
d7ff93398cc09d05374ebc3d343cb61d
bb9ddaba194cde9195aef243f29d791b
file-7931005_doc
19TH JANUARY 2015_1.doc
e07c556a2428ca7bf69df9031d2979cb
viewpart.doc
VirusShare_119f0030694bce7af3c2c1ba9fd5622d
dd4d898954f5ea583990f1f75797789d
f8198fe9c07ea21cded0484abe16218d
94743c74b12762563c8a7e13857fe11b
dec4bf4502801ad6d31ea55f57b13504
AIG02377973-InsuranceInspectionArranged.doc
AIG02377973-InsuranceInspectionArranged.doc
d2c4e13ecd085702f17b8d5586199b37
19TH JANUARY 2015.doc
03523fc2483dc5e9f1a67b003dc9c51d
ae74bd11465e4801271d9ab505016a4a
c32a070121b3ca959f3ceabe0ac055a2
fc76285eccb9a67aa4c7810dc2b8afbd
aaa.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!