× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3e83cbfe2cfb722b4b109ac53f7af3d532fc9faf1f4affffd4efaab93cc6968
File name: output.114513095.txt
Detection ratio: 43 / 60
Analysis date: 2018-12-29 13:59:13 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.GXO 20181229
AhnLab-V3 DOC/Downloader 20181228
ALYac Trojan.Downloader.VBA.gen 20181229
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.jdr 20181229
Arcabit HEUR.VBA.Trojan.e 20181229
Avast VBS:Downloader-ATT [Trj] 20181229
AVG VBS:Downloader-ATT [Trj] 20181229
Avira (no cloud) HEUR/Macro.Downloader.AMER.Gen 20181229
Baidu VBA.Trojan-Downloader.Agent.dca 20181207
BitDefender W97M.Downloader.GXO 20181229
CAT-QuickHeal W97M.Downloader.31914 20181228
ClamAV Doc.Dropper.Agent-6596389-0 20181229
Comodo Malware@#1ax3xj3w8m4tp 20181229
Cyren W97M/Powload.gen 20181229
DrWeb W97M.DownLoader.3052 20181229
Emsisoft Trojan-Downloader.Macro.Generic (A) 20181229
Endgame malicious (high confidence) 20181108
ESET-NOD32 VBA/TrojanDownloader.Agent.JDR 20181229
F-Prot W97M/Powload.gen 20181229
F-Secure W97M.Downloader.GXO 20181229
Fortinet VBA/Agent.JDF!tr 20181229
GData W97M.Downloader.GXO 20181229
Ikarus Trojan.Word.Agent 20181229
K7AntiVirus Trojan ( 00536d111 ) 20181229
K7GW Trojan ( 00536d111 ) 20181229
Kaspersky HEUR:Trojan.Script.Agent.gen 20181229
McAfee W97M/Downloader.cqc 20181229
McAfee-GW-Edition BehavesLike.Downloader.dg 20181229
Microsoft TrojanDownloader:O97M/Donoff 20181229
eScan W97M.Downloader.GXO 20181229
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181229
Qihoo-360 virus.office.qexvmc.1085 20181229
Rising Downloader.Donoff!8.36C (TOPIS:E0:vSKvwLmxORQ) 20181229
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/DocDl-OPG 20181229
Symantec W97M.Downloader 20181228
TACHYON Suspicious/W97M.Obfus.Gen.6 20181229
Tencent Heur.Macro.Generic.Gen.h 20181229
TrendMicro W2KM_POWLOAD.SMGAH 20181229
TrendMicro-HouseCall W2KM_POWLOAD.SMGAH 20181229
ViRobot DOC.Z.Agent.252416.FL 20181228
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20181229
Zoner Probably W97Obfuscated 20181229
Acronis 20181227
AegisLab 20181229
Alibaba 20180921
Avast-Mobile 20181229
Babable 20180918
Bkav 20181227
CMC 20181228
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181229
eGambit 20181229
Sophos ML 20181128
Jiangmin 20181229
Kingsoft 20181229
Malwarebytes 20181229
MAX 20181229
Palo Alto Networks (Known Signatures) 20181229
Panda 20181228
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TheHacker 20181225
TotalDefense 20181229
Trapmine 20181205
Trustlook 20181229
VBA32 20181229
VIPRE None
Webroot 20181229
Yandex 20181229
Zillya 20181228
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-06-29 19:02:00
author
Ilekypibij-PC
title
74880Il8920
page_count
1
last_saved
2018-06-29 19:02:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
template
Normal.dotm
code_page
Latin I
subject
86104Il92778
Document summary
category
73177Il2849
line_count
1
company
31674Il41235
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5952
type_literal
stream
sid
18
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
340
type_literal
stream
sid
3
name
\x05SummaryInformation
size
404
type_literal
stream
sid
1
name
1Table
size
43149
type_literal
stream
sid
17
name
Macros/PROJECT
size
489
type_literal
stream
sid
16
name
Macros/PROJECTwm
size
98
type_literal
stream
sid
7
type
macro (only attributes)
name
Macros/VBA/SjJPQHzKnhUK
size
1111
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
16572
type_literal
stream
sid
14
name
Macros/VBA/__SRP_0
size
1285
type_literal
stream
sid
15
name
Macros/VBA/__SRP_1
size
110
type_literal
stream
sid
8
name
Macros/VBA/__SRP_2
size
220
type_literal
stream
sid
9
name
Macros/VBA/__SRP_3
size
66
type_literal
stream
sid
13
name
Macros/VBA/dir
size
627
type_literal
stream
sid
10
type
macro
name
Macros/VBA/mkzruoFud
size
27108
type_literal
stream
sid
11
type
macro (only attributes)
name
Macros/VBA/tYnNEBQf
size
677
type_literal
stream
sid
2
name
WordDocument
size
119793
Macros and VBA code streams
[+] mkzruoFud.bas Macros/VBA/mkzruoFud 14988 bytes
obfuscated run-file
ExifTool file metadata
Category
73177Il2849

SharedDoc
No

Author
Ilekypibij-PC

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:06:29 18:02:00

Company
31674Il41235

Title
74880Il8920

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:06:29 18:02:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
1Table, ExtChar

Subject
86104Il92778

File identification
MD5 bf109f9c883eb590ab6c884e49529472
SHA1 63264e53a823a0c8870f65a6e00d8caeb2702710
SHA256 d3e83cbfe2cfb722b4b109ac53f7af3d532fc9faf1f4affffd4efaab93cc6968
ssdeep
3072:aH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5QyXJm9YBmjDdKdRUsHVf2CeZ:aFVeEsjdXRC3jexGG6HYWofdKdR5U6

File size 246.5 KB ( 252416 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Ilekypibij-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Jun 28 18:02:00 2018, Last Saved Time/Date: Thu Jun 28 18:02:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0, Title: 74880Il8920, Subject: 86104Il92778

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-06-29 21:01:30 UTC ( 7 months, 3 weeks ago )
Last submission 2018-12-29 13:59:13 UTC ( 1 month, 2 weeks ago )
File names INV-2638098.doc
INV-9085402118.doc
INV-0241027920328.doc
INV-3534218968.doc
INV-7120828520.doc
INV-18706736293849.doc
INV-4022212184.doc
INV-1535682871604.doc
INV-793381645.doc
INV-5763182546.doc
INV-12609093.doc
33e45ad95b71d8bb8e57174b1c83a037921f4c99
INV-51236858905.doc
INV-29609144.doc
INV-5693471.doc
INV-1139500507148.doc
INV-18483020.doc
INV-76318148708149.doc
output.114513095.txt
INV-895384295115.doc
INV-75872879.doc
INV-928052361.doc
INV-69610168.doc
INV-4634155106586.doc
INV-49213447048839.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!