× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de17dfbad569dac86a952b993f3df27d993e991f5189af002c883103d94d8b9e
File name: doc1_46.doc
Detection ratio: 3 / 59
Analysis date: 2017-11-14 12:03:26 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20171114
Fortinet VBA/Dloader.CNJ!tr 20171114
Qihoo-360 virus.office.qexvmc.1080 20171114
Ad-Aware 20171114
AegisLab 20171114
AhnLab-V3 20171114
Alibaba 20170911
ALYac 20171114
Arcabit 20171114
Avast 20171114
Avast-Mobile 20171114
AVG 20171114
Avira (no cloud) 20171114
AVware 20171114
Baidu 20171114
BitDefender 20171114
Bkav 20171114
CAT-QuickHeal 20171114
ClamAV 20171114
CMC 20171109
Comodo 20171114
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171114
Cyren 20171114
DrWeb 20171114
eGambit 20171114
Emsisoft 20171114
Endgame 20171024
ESET-NOD32 20171114
F-Prot 20171114
GData 20171114
Ikarus 20171114
Sophos ML 20170914
Jiangmin 20171114
K7AntiVirus 20171114
K7GW 20171114
Kaspersky 20171114
Kingsoft 20171114
Malwarebytes 20171114
MAX 20171114
McAfee 20171114
McAfee-GW-Edition 20171114
Microsoft 20171114
eScan 20171114
NANO-Antivirus 20171114
nProtect 20171114
Palo Alto Networks (Known Signatures) 20171114
Panda 20171113
Rising 20171114
SentinelOne (Static ML) 20171113
Sophos AV 20171114
SUPERAntiSpyware 20171114
Symantec 20171114
Symantec Mobile Insight 20171114
Tencent 20171114
TheHacker 20171112
TotalDefense 20171114
TrendMicro 20171114
TrendMicro-HouseCall 20171114
Trustlook 20171114
VBA32 20171114
VIPRE 20171114
ViRobot 20171114
Webroot 20171114
WhiteArmor 20171104
Yandex 20171113
Zillya 20171110
ZoneAlarm by Check Point 20171114
Zoner 20171114
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-11-14 11:04:00
revision_number
13
author
Longer
page_count
1
last_saved
2017-11-14 11:17:00
edit_time
480
word_count
33
template
Normal.dotm
application_name
Microsoft Office Word
character_count
190
code_page
Latin I
Document summary
line_count
1
company
Grizli777
characters_with_spaces
222
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
57152
type_literal
stream
sid
99
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7067
type_literal
stream
sid
1
name
Data
size
30378
type_literal
stream
sid
80
name
Macros/Dyjkmwtza/\x01CompObj
size
97
type_literal
stream
sid
81
name
Macros/Dyjkmwtza/\x03VBFrame
size
291
type_literal
stream
sid
78
name
Macros/Dyjkmwtza/f
size
334
type_literal
stream
sid
79
name
Macros/Dyjkmwtza/o
size
492
type_literal
stream
sid
85
name
Macros/Epygg5/\x01CompObj
size
97
type_literal
stream
sid
86
name
Macros/Epygg5/\x03VBFrame
size
291
type_literal
stream
sid
83
name
Macros/Epygg5/f
size
239
type_literal
stream
sid
84
name
Macros/Epygg5/o
size
224
type_literal
stream
sid
98
name
Macros/PROJECT
size
1251
type_literal
stream
sid
97
name
Macros/PROJECTwm
size
509
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Bppfhfmoi3
size
2446
type_literal
stream
sid
56
type
macro
name
Macros/VBA/Dyjkmwtza
size
2093
type_literal
stream
sid
59
type
macro (only attributes)
name
Macros/VBA/Epygg5
size
1418
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Gbk
size
1854
type_literal
stream
sid
20
type
macro
name
Macros/VBA/Jbvhof
size
1916
type_literal
stream
sid
23
type
macro
name
Macros/VBA/Jdtehjjjiq
size
1341
type_literal
stream
sid
26
type
macro
name
Macros/VBA/Luaurseoinqj
size
2558
type_literal
stream
sid
29
type
macro
name
Macros/VBA/Oasgmxbdh
size
4658
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1476
type_literal
stream
sid
47
type
macro
name
Macros/VBA/Wnudmdfct
size
2360
type_literal
stream
sid
68
name
Macros/VBA/_VBA_PROJECT
size
7076
type_literal
stream
sid
70
name
Macros/VBA/__SRP_0
size
5097
type_literal
stream
sid
71
name
Macros/VBA/__SRP_1
size
676
type_literal
stream
sid
30
name
Macros/VBA/__SRP_10
size
1276
type_literal
stream
sid
31
name
Macros/VBA/__SRP_11
size
157
type_literal
stream
sid
60
name
Macros/VBA/__SRP_12
size
590
type_literal
stream
sid
61
name
Macros/VBA/__SRP_13
size
66
type_literal
stream
sid
27
name
Macros/VBA/__SRP_14
size
354
type_literal
stream
sid
28
name
Macros/VBA/__SRP_15
size
176
type_literal
stream
sid
24
name
Macros/VBA/__SRP_16
size
208
type_literal
stream
sid
25
name
Macros/VBA/__SRP_17
size
103
type_literal
stream
sid
36
name
Macros/VBA/__SRP_18
size
208
type_literal
stream
sid
37
name
Macros/VBA/__SRP_19
size
103
type_literal
stream
sid
57
name
Macros/VBA/__SRP_1a
size
1104
type_literal
stream
sid
58
name
Macros/VBA/__SRP_1b
size
103
type_literal
stream
sid
39
name
Macros/VBA/__SRP_1c
size
396
type_literal
stream
sid
40
name
Macros/VBA/__SRP_1d
size
112
type_literal
stream
sid
54
name
Macros/VBA/__SRP_1e
size
700
type_literal
stream
sid
55
name
Macros/VBA/__SRP_1f
size
66
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
352
type_literal
stream
sid
66
name
Macros/VBA/__SRP_20
size
590
type_literal
stream
sid
67
name
Macros/VBA/__SRP_21
size
66
type_literal
stream
sid
48
name
Macros/VBA/__SRP_22
size
496
type_literal
stream
sid
49
name
Macros/VBA/__SRP_23
size
121
type_literal
stream
sid
45
name
Macros/VBA/__SRP_24
size
208
type_literal
stream
sid
46
name
Macros/VBA/__SRP_25
size
103
type_literal
stream
sid
18
name
Macros/VBA/__SRP_26
size
342
type_literal
stream
sid
19
name
Macros/VBA/__SRP_27
size
140
type_literal
stream
sid
42
name
Macros/VBA/__SRP_28
size
232
type_literal
stream
sid
43
name
Macros/VBA/__SRP_29
size
112
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
21
name
Macros/VBA/__SRP_4
size
232
type_literal
stream
sid
22
name
Macros/VBA/__SRP_5
size
103
type_literal
stream
sid
63
name
Macros/VBA/__SRP_6
size
1154
type_literal
stream
sid
64
name
Macros/VBA/__SRP_7
size
103
type_literal
stream
sid
12
name
Macros/VBA/__SRP_8
size
342
type_literal
stream
sid
13
name
Macros/VBA/__SRP_9
size
140
type_literal
stream
sid
15
name
Macros/VBA/__SRP_a
size
612
type_literal
stream
sid
16
name
Macros/VBA/__SRP_b
size
112
type_literal
stream
sid
51
name
Macros/VBA/__SRP_c
size
168
type_literal
stream
sid
52
name
Macros/VBA/__SRP_d
size
103
type_literal
stream
sid
33
name
Macros/VBA/__SRP_e
size
168
type_literal
stream
sid
34
name
Macros/VBA/__SRP_f
size
103
type_literal
stream
sid
53
type
macro (only attributes)
name
Macros/VBA/aecsuutexpu
size
1434
type_literal
stream
sid
11
type
macro
name
Macros/VBA/ahv
size
1913
type_literal
stream
sid
69
name
Macros/VBA/dir
size
1376
type_literal
stream
sid
62
type
macro
name
Macros/VBA/fnx
size
2524
type_literal
stream
sid
32
type
macro
name
Macros/VBA/oidfstbbwh
size
1297
type_literal
stream
sid
65
type
macro (only attributes)
name
Macros/VBA/psxf
size
1417
type_literal
stream
sid
35
type
macro
name
Macros/VBA/tknbc
size
1345
type_literal
stream
sid
38
type
macro
name
Macros/VBA/upmyeirsme2
size
2090
type_literal
stream
sid
41
type
macro
name
Macros/VBA/uxn1
size
1516
type_literal
stream
sid
44
type
macro
name
Macros/VBA/vbfsei7
size
1334
type_literal
stream
sid
50
type
macro
name
Macros/VBA/wnzy5
size
1298
type_literal
stream
sid
75
name
Macros/aecsuutexpu/\x01CompObj
size
97
type_literal
stream
sid
76
name
Macros/aecsuutexpu/\x03VBFrame
size
290
type_literal
stream
sid
73
name
Macros/aecsuutexpu/f
size
283
type_literal
stream
sid
74
name
Macros/aecsuutexpu/o
size
292
type_literal
stream
sid
90
name
Macros/fnx/\x01CompObj
size
97
type_literal
stream
sid
91
name
Macros/fnx/\x03VBFrame
size
284
type_literal
stream
sid
88
name
Macros/fnx/f
size
327
type_literal
stream
sid
89
name
Macros/fnx/o
size
444
type_literal
stream
sid
95
name
Macros/psxf/\x01CompObj
size
97
type_literal
stream
sid
96
name
Macros/psxf/\x03VBFrame
size
288
type_literal
stream
sid
93
name
Macros/psxf/f
size
182
type_literal
stream
sid
94
name
Macros/psxf/o
size
260
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 78 bytes
[+] ahv.bas Macros/VBA/ahv 130 bytes
[+] Bppfhfmoi3.bas Macros/VBA/Bppfhfmoi3 485 bytes
[+] Gbk.bas Macros/VBA/Gbk 120 bytes
[+] Jbvhof.bas Macros/VBA/Jbvhof 49 bytes
[+] Jdtehjjjiq.bas Macros/VBA/Jdtehjjjiq 50 bytes
[+] Luaurseoinqj.bas Macros/VBA/Luaurseoinqj 182 bytes
[+] Oasgmxbdh.bas Macros/VBA/Oasgmxbdh 557 bytes
[+] oidfstbbwh.bas Macros/VBA/oidfstbbwh 79 bytes
[+] tknbc.bas Macros/VBA/tknbc 64 bytes
[+] upmyeirsme2.bas Macros/VBA/upmyeirsme2 267 bytes
[+] uxn1.bas Macros/VBA/uxn1 74 bytes
[+] vbfsei7.bas Macros/VBA/vbfsei7 48 bytes
[+] Wnudmdfct.bas Macros/VBA/Wnudmdfct 458 bytes
[+] wnzy5.bas Macros/VBA/wnzy5 76 bytes
[+] Dyjkmwtza.frm Macros/VBA/Dyjkmwtza 90 bytes
create-ole
[+] fnx.frm Macros/VBA/fnx 244 bytes
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
222

CreateDate
2017:11:14 10:04:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:11:14 10:17:00

Company
Grizli777

Characters
190

CodePage
Unicode (UTF-8)

RevisionNumber
13

MIMEType
application/msword

Words
33

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
8.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 b858b2222604fd993863ef10bf1b1f4e
SHA1 2d396f310bc33e2307c32b22f7fad70e1faa12da
SHA256 de17dfbad569dac86a952b993f3df27d993e991f5189af002c883103d94d8b9e
ssdeep
1536:vvNExCwsNrlK7G9Npbi2Ha00IrmUxonbGJmR4a6FpMDywVRzJWuS:vvNExCw6H6wmUxwbGE6IjVRz0

File size 140.0 KB ( 143363 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 13, Name of Creating Application: Microsoft Office Word, Total Editing Time: 08:00, Create Time/Date: Mon Nov 13 10:04:00 2017, Last Saved Time/Date: Mon Nov 13 10:17:00 2017, Number of Pages: 1, Number of Words: 33, Number of Characters: 190, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-11-14 12:03:26 UTC ( 1 year, 4 months ago )
Last submission 2018-05-07 00:30:15 UTC ( 10 months, 3 weeks ago )
File names doc1_46.doc
1024-2d396f310bc33e2307c32b22f7fad70e1faa12da
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!