× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d8259073a5f3f0019bd5047fcb5149c0450ff8a6743f3e415db491389edc5344
File name: Cleaning022958-02.doc
Detection ratio: 5 / 55
Analysis date: 2015-10-23 10:25:02 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151023
AVware LooksLike.Macro.Malware.gen!d1 (v) 20151023
Panda W97M/Downloader 20151022
Sophos AV Troj/DocDl-ACU 20151023
VIPRE LooksLike.Macro.Malware.gen!d1 (v) 20151023
Ad-Aware 20151023
AegisLab 20151023
Yandex 20151023
AhnLab-V3 20151023
Alibaba 20151023
ALYac 20151023
Antiy-AVL 20151023
Avast 20151023
AVG 20151023
Avira (no cloud) 20151023
Baidu-International 20151023
BitDefender 20151023
Bkav 20151022
ByteHero 20151023
CAT-QuickHeal 20151023
ClamAV 20151023
CMC 20151021
Comodo 20151023
Cyren 20151023
DrWeb 20151026
Emsisoft 20151023
ESET-NOD32 20151023
F-Prot 20151023
F-Secure 20151023
Fortinet 20151023
GData 20151023
Ikarus 20151023
Jiangmin 20151023
K7AntiVirus 20151023
K7GW 20151023
Kaspersky 20151023
Malwarebytes 20151023
McAfee 20151023
McAfee-GW-Edition 20151023
Microsoft 20151023
eScan 20151023
NANO-Antivirus 20151023
nProtect 20151023
Qihoo-360 20151023
Rising 20151022
SUPERAntiSpyware 20151023
Symantec 20151022
Tencent 20151023
TheHacker 20151020
TrendMicro 20151023
TrendMicro-HouseCall 20151023
VBA32 20151022
ViRobot 20151023
Zillya 20151022
Zoner 20151023
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-21 07:15:00
template
Normal
author
1
page_count
1
last_saved
2015-10-23 08:03:00
edit_time
2100
revision_number
95
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3328
type_literal
stream
size
114
name
\x01CompObj
sid
15
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
9944
name
1Table
sid
1
type_literal
stream
size
509
name
Macros/PROJECT
sid
14
type_literal
stream
size
113
name
Macros/PROJECTwm
sid
13
type_literal
stream
size
15483
type
macro
name
Macros/VBA/Module1
sid
8
type_literal
stream
size
11903
type
macro
name
Macros/VBA/Module2
sid
9
type_literal
stream
size
9977
type
macro
name
Macros/VBA/Module3
sid
10
type_literal
stream
size
1902
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
9468
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
617
name
Macros/VBA/dir
sid
12
type_literal
stream
size
4096
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 170 bytes
[+] Module1.bas Macros/VBA/Module1 8695 bytes
exe-pattern create-file create-ole download obfuscated open-file run-file
[+] Module2.bas Macros/VBA/Module2 6905 bytes
open-file write-file
[+] Module3.bas Macros/VBA/Module3 5283 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
1

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:21 06:15:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:23 07:03:00

Company
Home

Characters
0

CodePage
Windows Cyrillic

RevisionNumber
95

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
35.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 16fabe48278f84f8ae1bc682a3bd71d7
SHA1 7752b95167e93792d40ba948bc3682c4b952b32f
SHA256 d8259073a5f3f0019bd5047fcb5149c0450ff8a6743f3e415db491389edc5344
ssdeep
768:PRJgpJ8uadpm33camSsprF7MduhlEDoJcIZfVfvfdfE7bNemif0fINw6WaWPVkWw:M0Fm33KSMFquhlEMfCnsm0EnSWw

File size 76.5 KB ( 78336 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: 1, Template: Normal, Last Saved By: 1, Revision Number: 95, Name of Creating Application: Microsoft Office Word, Total Editing Time: 35:00, Create Time/Date: Tue Oct 20 06:15:00 2015, Last Saved Time/Date: Thu Oct 22 07:03:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file exe-pattern doc create-file run-file macros attachment download write-file create-ole

VirusTotal metadata
First submission 2015-10-23 08:22:10 UTC ( 3 years, 7 months ago )
Last submission 2016-05-20 19:02:54 UTC ( 3 years ago )
File names 16fabe48278f84f8ae1bc682a3bd71d7.doc
eeb58cc92c41ec04e1a0e6f17a6c441c
e66b41bbe99d7eb4f3c121a39f70f1a0
Cleaning022958-02.doc
22102015160213-0001.doc
f507201ab409c5c420701be55dd56419
f29ae0111835b401d221f92884d835cc
dfa5ea91584849d5561a3f2a93f55997
87420284ef92e7573d9dc442adfbde0f
91affa821540f6b92bbfae60491a9cf2
0930767788.doc
1886ae0a87070598958460e7eed9e888
766b543c35f9a5cfe1d6ca3f1cdd165e
15dbc5438e82c0c3c85403a7890851a8
2c8a5ef214659b5b94b821b93d497e0c
45b99ea8ae1063168178bed3e8117260
19045687cd3bfc9f7a0eb6f5cd97008e
Cleaning022958.doc
b9f74c06e925bd9c16d24230beff287a
3de51ec08df0726fd827e2bb14837c6e
0e384e5c360f6f53767558ca197aba89
11c37a3da2f496ab5e4f0b1aeb7a44ab
Cleaning022958.doc
f34ce4e5e168d79cd73f5d21acd2b7ab
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!