× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d9dafbfdc72a9c2a3a7249878c95bf27608ab2ecb13ec5fab9a9daec34c424c5
File name: INV109929968144501.doc
Detection ratio: 23 / 59
Analysis date: 2018-06-06 22:21:42 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware VB:Trojan.VBS.Agent.AUJ 20180606
Arcabit HEUR.VBA.Trojan.e 20180606
AVware LooksLike.Macro.Malware.k (v) 20180606
Baidu VBA.Trojan-Downloader.Agent.cym 20180605
BitDefender VB:Trojan.VBS.Agent.AUJ 20180606
Emsisoft VB:Trojan.VBS.Agent.AUJ (B) 20180606
ESET-NOD32 VBA/TrojanDownloader.Agent.IPA 20180606
F-Secure VB:Trojan.VBS.Agent.AUJ 20180606
Fortinet VBA/Agent.23B8!tr.dldr 20180606
GData VB:Trojan.VBS.Agent.AUJ 20180606
Ikarus Trojan-Downloader.VBA.Agent 20180606
MAX malware (ai score=96) 20180606
McAfee W97M/Downloader.cpl 20180606
McAfee-GW-Edition BehavesLike.Downloader.cl 20180606
eScan VB:Trojan.VBS.Agent.AUJ 20180606
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180606
Qihoo-360 virus.office.qexvmc.1075 20180606
Symantec ISB.Downloader!gen69 20180606
TACHYON Suspicious/W97M.Obfus.Gen 20180604
Tencent Heur.Macro.Generic.Gen.f 20180606
TrendMicro HEUR_VBA.O.ELBP 20180606
VIPRE LooksLike.Macro.Malware.k (v) 20180606
Zoner Probably W97Obfuscated 20180605
AegisLab 20180606
AhnLab-V3 20180606
Alibaba 20180606
ALYac 20180606
Antiy-AVL 20180606
Avast 20180606
Avast-Mobile 20180606
AVG 20180606
Avira (no cloud) 20180606
Babable 20180406
Bkav 20180606
CAT-QuickHeal 20180605
ClamAV 20180606
CMC 20180605
Comodo 20180606
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20180606
Cyren 20180606
DrWeb 20180606
eGambit 20180606
Endgame 20180507
F-Prot 20180606
Sophos ML 20180601
Jiangmin 20180606
K7AntiVirus 20180606
K7GW 20180606
Kaspersky 20180606
Kingsoft 20180606
Malwarebytes 20180606
Microsoft 20180606
Palo Alto Networks (Known Signatures) 20180606
Panda 20180606
Rising 20180606
SentinelOne (Static ML) 20180225
Sophos AV 20180606
SUPERAntiSpyware 20180606
Symantec Mobile Insight 20180604
TheHacker 20180606
TrendMicro-HouseCall 20180606
Trustlook 20180606
VBA32 20180606
ViRobot 20180605
Webroot 20180606
Yandex 20180529
Zillya 20180606
ZoneAlarm by Check Point 20180606
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-06-06 15:09:00
author
80668Unoshep47104
title
3459Unoshepypafuzhesh22198
page_count
1
last_saved
2018-06-06 15:09:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
subject
53458Un83037
code_page
Latin I
template
Normal.dotm
Document summary
category
47095Unosh26902
line_count
1
company
84153Unoshep11500
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7296
type_literal
stream
size
114
name
\x01CompObj
sid
18
type_literal
stream
size
348
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
456
name
\x05SummaryInformation
sid
4
type_literal
stream
size
8306
name
1Table
sid
2
type_literal
stream
size
22255
name
Data
sid
1
type_literal
stream
size
430
name
Macros/PROJECT
sid
16
type_literal
stream
size
56
name
Macros/PROJECTwm
sid
17
type_literal
stream
size
3146
type
macro
name
Macros/VBA/JkEQPihD
sid
14
type_literal
stream
size
9151
name
Macros/VBA/_VBA_PROJECT
sid
15
type_literal
stream
size
1278
name
Macros/VBA/__SRP_0
sid
9
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
10
type_literal
stream
size
364
name
Macros/VBA/__SRP_2
sid
11
type_literal
stream
size
145
name
Macros/VBA/__SRP_3
sid
12
type_literal
stream
size
556
name
Macros/VBA/dir
sid
8
type_literal
stream
size
20983
type
macro
name
Macros/VBA/jjzQflwz
sid
13
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] JkEQPihD.cls Macros/VBA/JkEQPihD 1094 bytes
obfuscated run-file
[+] jjzQflwz.bas Macros/VBA/jjzQflwz 11774 bytes
ExifTool file metadata
Category
47095Unosh26902

SharedDoc
No

Author
80668Unoshep47104

CodePage
Windows Latin 1 (Western European)

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:06:06 22:09:00

ScaleCrop
No

Company
84153Unoshep11500

Title
3459Unoshepypafuzhesh22198

Characters
1

HyperlinksChanged
No

RevisionNumber
1

MIMEType
application/msword

Words
0

CreateDate
2018:06:06 22:09:00

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Warning
Truncated property list

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
53458Un83037

File identification
MD5 83cc80ce024cb042cc9d3f509e256955
SHA1 41d47511c578be348493646028a134f0d4d98af9
SHA256 d9dafbfdc72a9c2a3a7249878c95bf27608ab2ecb13ec5fab9a9daec34c424c5
ssdeep
1536:K6UBO23JLbS7tX0jf+agPC+noIweyZtN1:+vLmBueAHvZtN1

File size 100.0 KB ( 102400 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: 3459Unoshepypafuzhesh22198, Subject: 53458Un83037, Author: 80668Unoshep47104, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jun 05 23:09:00 2018, Last Saved Time/Date: Tue Jun 05 23:09:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-06-06 22:17:27 UTC ( 9 months, 2 weeks ago )
Last submission 2018-11-20 09:19:54 UTC ( 3 months, 4 weeks ago )
File names INV48621264420112.doc
RECH06918557904637.doc
index.html.4
INV008478090.doc
output.113396040.txt
RECH8332866.doc
output.113395882.txt
1O84445692868019.doc
RECH617079658139248.doc
output.113428332.txt
INV406195478806154168.doc
INV621588119432868.doc
2OAX07051537234399.doc
7A65111259493227.doc
2IQ73086053898820.doc
2J76486297026672.doc
INV89034800796.doc
RECH67182214.doc
5QN26675377909006.doc
RECH31551127515922.doc
output.113397127.txt
INV47321400558.doc
2IUL86757776858966.doc
4V30322524075178.doc
INV600961872624880680.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!