× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da2cac6b46e2ca605dc8afa5d9c8a75e813c1c0d276c65b55bf16254fdcf4057
File name: 12 October 2015 Invoice Summary-01.doc
Detection ratio: 8 / 56
Analysis date: 2015-10-12 12:22:55 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151012
Avira (no cloud) HEUR/Macro.Downloader 20151012
AVware LooksLike.Macro.Malware.g (v) 20151012
Fortinet WM/Agent!tr 20151012
GData Macro.Trojan-Downloader.Agent.FZ 20151012
NANO-Antivirus Trojan.Script.Agent.dsgamf 20151012
Qihoo-360 heur.macro.download.cc 20151012
VIPRE LooksLike.Macro.Malware.g (v) 20151012
Ad-Aware 20151012
AegisLab 20151012
Yandex 20151011
AhnLab-V3 20151011
Alibaba 20151012
ALYac 20151012
Antiy-AVL 20151012
Avast 20151012
AVG 20151012
Baidu-International 20151012
BitDefender 20151012
Bkav 20151012
ByteHero 20151012
CAT-QuickHeal 20151012
ClamAV 20151012
CMC 20151012
Comodo 20151012
Cyren 20151012
DrWeb 20151012
Emsisoft 20151012
ESET-NOD32 20151012
F-Prot 20151012
F-Secure 20151012
Ikarus 20151012
Jiangmin 20151011
K7AntiVirus 20151012
K7GW 20151010
Kaspersky 20151012
Kingsoft 20151012
Malwarebytes 20151011
McAfee 20151012
McAfee-GW-Edition 20151012
Microsoft 20151012
eScan 20151012
nProtect 20151008
Panda 20151012
Rising 20151011
Sophos AV 20151012
SUPERAntiSpyware 20151012
Symantec 20151011
Tencent 20151012
TheHacker 20151010
TrendMicro 20151012
TrendMicro-HouseCall 20151012
VBA32 20151012
ViRobot 20151012
Zillya 20151011
Zoner 20151012
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-12 07:32:00
revision_number
4
author
Alex
page_count
1
last_saved
2015-10-12 08:51:00
template
Normal
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
company
Home
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
2560
type_literal
stream
sid
15
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
9976
type_literal
stream
sid
14
name
Macros/PROJECT
size
507
type_literal
stream
sid
13
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
11477
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module2
size
15792
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module3
size
13803
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1099
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
6935
type_literal
stream
sid
12
name
Macros/VBA/dir
size
616
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 35 bytes
[+] Module1.bas Macros/VBA/Module1 6692 bytes
create-file create-ole handle-file open-file write-file
[+] Module2.bas Macros/VBA/Module2 10402 bytes
exe-pattern open-file run-file
[+] Module3.bas Macros/VBA/Module3 7715 bytes
exe-pattern url-pattern create-ole download obfuscated open-file run-file send-keys
ExifTool file metadata
SharedDoc
No

Author
Alex

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:12 06:32:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:12 07:51:00

Company
Home

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 40d4c1771caba32a2a25e4236f80b548
SHA1 17459661c9c8db7f611093aacf4adab4da8002d2
SHA256 da2cac6b46e2ca605dc8afa5d9c8a75e813c1c0d276c65b55bf16254fdcf4057
ssdeep
1536:xd2xU7NBxcfEE1utJX8sqKpRCovIpKOzUoD:T2xU7N/cfEEEtJX8sjccIpKOzUW

File size 76.0 KB ( 77824 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: Alex, Template: Normal, Last Saved By: 1, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Oct 11 06:32:00 2015, Last Saved Time/Date: Sun Oct 11 07:51:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file exe-pattern handle-file url-pattern create-file open-file macros doc download write-file send-keys create-ole

VirusTotal metadata
First submission 2015-10-12 08:09:56 UTC ( 3 years, 7 months ago )
Last submission 2015-10-19 05:56:26 UTC ( 3 years, 7 months ago )
File names 807e3dec78f9eb6302b57ba0556453d0
30181121d4737393467d84e83f96e37c
44b460bb35ad66e70d69f9d84c4a0915
55dfa77b76b312f9f216547bfa2550ed
92ee866e6cd573140cd4d54f7451d64f
24730f52fb0d942aee4bf89110f425b3
1faf7c584f0291e9978bd03578d8c8bf
SKMBT_C36014102815580.doc
12 October 2015 Invoice Summary.doc
aadf731b547572ab656dca5cfec642be
e3f9cd824221c9eaaf895c5f9909bc4f
b2b14c26321f34bc4f836a147b7ef298
471730c63cee239bbae60cd381c5b73b
cf6ee421942b9783c0dbe2c875e81236
eb599ece585952969f69c9f916770c9e
12 October 2015 Invoice Summary-01.doc
9df992a5e3656b452b7484557d4030a2
8ec343093d75e041325221bda13a0b6e
SKMBT_C36014102815580-2.doc
220ea21eb7a149f224f93e8e4f97be88
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!