× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd4c565d0a8bf23145c23853b5f8a3390ae989e42fb6294af45ca275e145e51d
File name: 02-Fixed Penalty Receipt.docm
Detection ratio: 3 / 54
Analysis date: 2016-02-12 11:14:56 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160212
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160212
Fortinet WM/Agent!tr 20160212
Ad-Aware 20160212
AegisLab 20160212
Yandex 20160211
AhnLab-V3 20160212
Alibaba 20160204
ALYac 20160211
Antiy-AVL 20160211
Avast 20160212
AVG 20160212
Avira (no cloud) 20160212
Baidu-International 20160212
BitDefender 20160212
Bkav 20160204
ByteHero 20160212
CAT-QuickHeal 20160212
ClamAV 20160212
CMC 20160205
Comodo 20160212
Cyren 20160212
DrWeb 20160212
Emsisoft 20160212
ESET-NOD32 20160212
F-Prot 20160212
GData 20160212
Ikarus 20160212
Jiangmin 20160212
K7AntiVirus 20160212
K7GW 20160212
Kaspersky 20160212
Malwarebytes 20160212
McAfee 20160212
McAfee-GW-Edition 20160212
Microsoft 20160212
eScan 20160212
NANO-Antivirus 20160212
nProtect 20160211
Panda 20160210
Qihoo-360 20160212
Rising 20160212
Sophos AV 20160212
SUPERAntiSpyware 20160212
Symantec 20160211
Tencent 20160212
TheHacker 20160212
TrendMicro 20160212
TrendMicro-HouseCall 20160212
VBA32 20160212
VIPRE 20160212
ViRobot 20160212
Zillya 20160211
Zoner 20160212
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 44 bytes
[+] Module2.bas word/vbaProject.bin VBA/Module2 3680 bytes
create-file create-ole handle-file obfuscated open-file write-file
[+] Module1.bas word/vbaProject.bin VBA/Module1 3956 bytes
create-ole obfuscated
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2016-02-12T08:30:00Z
dcterms:modified
2016-02-12T08:30:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ru-ru
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:02:12 08:30:00Z

ZipRequiredVersion
20

ModifyDate
2016:02:12 08:30:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
83568
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 49a20631d5f30fea100656bec077aa16
SHA1 3ba24572bdc52e4b8744604212a4d5af0c09a0cc
SHA256 dd4c565d0a8bf23145c23853b5f8a3390ae989e42fb6294af45ca275e145e51d
ssdeep
768:3HJE4Gi+zVIA7q2/K0od1IFNj2RQfsblKQbP6r7MNMRn:3CtY2/Edkd2GfsbdbQ4in

File size 31.5 KB ( 32247 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file handle-file create-file docx macros attachment via-tor write-file create-ole

VirusTotal metadata
First submission 2016-02-12 09:59:15 UTC ( 3 years, 3 months ago )
Last submission 2016-03-14 08:28:38 UTC ( 3 years, 2 months ago )
File names Fixed Penalty Receipt-2.docm
base64.bin
dd4c565d0a8bf23145c23853b5f8a3390ae989e42fb6294af45ca275e145e51d.dat
0002_.b64.zip
02-Fixed Penalty Receipt.docm
Fixed Penalty Receipt.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!