× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d50f6b6cd94eaa6cc86b4f90bc2c2b956cda19a68a2f9f27e4b05f3bdd21bb10
File name: DespatchNote_-_252576_160615_063107663.doc
Detection ratio: 38 / 54
Analysis date: 2017-03-28 04:56:25 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Doc.Downloader.DE 20170328
AegisLab Troj.Downloader.MSWord.Agent.mn!c 20170328
AhnLab-V3 W97M/Downloader 20170328
ALYac Trojan.Doc.Downloader.DE 20170328
Antiy-AVL Trojan[Downloader]/MSWord.Agent.mn 20170328
Arcabit HEUR.VBA.Trojan.d 20170328
Avast VBA:Downloader-DA [Trj] 20170328
Avira (no cloud) W97M/Adnel.hsd.3 20170327
AVware Lookslike.Macro.Downloader.c (v) 20170328
Baidu MSWord.Trojan-Downloader.Agent.t 20170328
BitDefender Trojan.Doc.Downloader.DE 20170328
CAT-QuickHeal W97M.Dropper.DZ 20170327
ClamAV Doc.Macro.ObfuscatedHeuristic-5931994-0 20170328
Comodo UnclassifiedMalware 20170328
Cyren W97M/Donoff 20170328
DrWeb W97M.DownLoader.428 20170327
Emsisoft Trojan.Doc.Downloader.DE (B) 20170328
ESET-NOD32 VBA/TrojanDownloader.Agent.UP 20170328
F-Prot New or modified W97M/Donoff 20170328
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170328
Fortinet WM/Agent.UP!tr.dldr 20170328
GData Trojan.Doc.Downloader.DE 20170328
Ikarus Trojan-Downloader.VBA.Agent 20170327
Kaspersky Trojan-Downloader.MSWord.Agent.mn 20170327
McAfee W97M/Downloader.aix 20170328
McAfee-GW-Edition W97M/Downloader.aix 20170328
Microsoft TrojanDownloader:O97M/Donoff 20170327
eScan Trojan.Doc.Downloader.DE 20170328
NANO-Antivirus Trojan.Script.Agent.dttwbq 20170328
Panda W97M/Downloader 20170327
Qihoo-360 virus.office.obfuscated.1 20170328
Rising Macro.Agent.ev (classic) 20170328
Sophos Troj/DocDl-QH 20170328
Symantec W97M.Downloader 20170327
Tencent Word.Trojan-downloader.Agent.Lose 20170328
VIPRE Lookslike.Macro.Downloader.c (v) 20170328
ViRobot W97M.S.Downloader.65536.C[h] 20170328
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.mn 20170328
Alibaba 20170328
AVG 20170328
CMC 20170327
CrowdStrike Falcon (ML) 20170130
Endgame 20170317
Invincea 20170203
Jiangmin 20170328
K7AntiVirus 20170327
K7GW 20170328
Kingsoft 20170328
Malwarebytes 20170328
nProtect 20170328
Palo Alto Networks (Known Signatures) 20170328
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170328
Symantec Mobile Insight 20170326
TheHacker 20170327
TotalDefense 20170328
TrendMicro 20170328
Trustlook 20170328
VBA32 20170327
Webroot 20170328
WhiteArmor 20170327
Yandex 20170327
Zoner 20170328
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-06-16 06:12:00
template
Normal
author
1
page_count
1
last_saved
2015-06-16 06:14:00
revision_number
6
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
line_count
1
version
726502
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3456
type_literal
stream
size
113
name
\x01CompObj
sid
15
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4420
name
1Table
sid
1
type_literal
stream
size
515
name
Macros/PROJECT
sid
14
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
13
type_literal
stream
size
6847
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
11692
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
15833
type
macro
name
Macros/VBA/Module5
sid
9
type_literal
stream
size
1965
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
6128
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
616
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 101 bytes
[+] Module1.bas Macros/VBA/Module1 1357 bytes
[+] Module5.bas Macros/VBA/Module5 5318 bytes
obfuscated open-file
[+] Module3.bas Macros/VBA/Module3 3474 bytes
create-file create-ole enum-windows obfuscated open-file write-file
ExifTool file metadata
SharedDoc
No

Author
1

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:06:16 05:12:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2015:06:16 05:14:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
6

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
11.5606

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 3bf88b9faab0105ecab967aee6d1bfad
SHA1 f09e3875f300a5d313653a8d6be3379c27247f42
SHA256 d50f6b6cd94eaa6cc86b4f90bc2c2b956cda19a68a2f9f27e4b05f3bdd21bb10
ssdeep
1536:1ozl8BrbRzj34h1s1ozQ2yuw6Slhba/S:14l8BrbRzj34Q1oU2jIh4

File size 64.0 KB ( 65536 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 6, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Jun 15 05:12:00 2015, Last Saved Time/Date: Mon Jun 15 05:14:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated open-file enum-windows doc create-file macros attachment write-file create-ole

VirusTotal metadata
First submission 2015-06-16 07:32:41 UTC ( 1 year, 11 months ago )
Last submission 2017-02-22 02:59:26 UTC ( 3 months ago )
File names 1f79a97f09b2ae15f05e465df4893877
b0ee69a2e57f6f05538ae9019b4dc89b
d50f6b6cd94eaa6cc86b4f90bc2c2b956cda19a68a2f9f27e4b05f3bdd21bb10.doc.000
801a9516ad08cd242c8015ec89f94c26
EC_40845072_96506486.doc
9f03f055e1ac59b2e4453a7e862e5fc5
EC_57189582_23590885.doc
74524757bec12a59a4c1beed9de2797b
Travel Order Confirmation - 0300202959.doc
DespatchNote_-_252576_160615_063107663.doc
c030a724e01ae50dc0fdcbed68a5870a
e368538d52edd6dcd621067fcac39de5
7b2bdae5302b4970e8abcc068c71e119
ba27fbe46f679f75009d5a16f2ff4a74
5b842fb6b5c6f27aed929c6c962df737
EC_29781913_36072112.doc
1bbe50a379c17e8015e074241f778e86
EC_22760888_72131670.doc
4961199d5404abbb3714b59c9b87cc28_doc
75be4ec8e1c626949fdc5a82a5058bad
d3ddc2d79f2edba06bccecdf1289d5f7
3bf88b9faab0105ecab967aee6d1bfad.doc
1d809a6ab58402b0933d19b0873c06bc
3bf88b9faab0105ecab967aee6d1bfad.malware
4961199d5404abbb3714b59c9b87cc28.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!