× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1c069f1c029c9ba18d27f970f92156a999ee0780b06c41658e31431c4b5f6bb
File name: Westpac-payment-5555.doc
Detection ratio: 5 / 54
Analysis date: 2016-11-17 05:36:42 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20161117
AVware LooksLike.Macro.Malware.k (v) 20161117
McAfee W97M/Downloader.bqy 20161117
McAfee-GW-Edition W97M/Downloader.bqy 20161116
VIPRE LooksLike.Macro.Malware.k (v) 20161117
Ad-Aware 20161117
AegisLab 20161117
AhnLab-V3 20161116
Alibaba 20161117
ALYac 20161117
Antiy-AVL 20161117
Avast 20161117
AVG 20161117
Avira (no cloud) 20161116
Baidu 20161116
BitDefender 20161117
Bkav 20161116
CAT-QuickHeal 20161117
ClamAV 20161117
CMC 20161116
Comodo 20161117
CrowdStrike Falcon (ML) 20161024
Cyren 20161117
DrWeb 20161117
Emsisoft 20161117
ESET-NOD32 20161117
F-Prot 20161117
F-Secure 20161117
Fortinet 20161117
GData 20161117
Ikarus 20161116
Sophos ML 20161018
Jiangmin 20161116
K7AntiVirus 20161116
K7GW 20161117
Kaspersky 20161117
Kingsoft 20161117
Malwarebytes 20161117
Microsoft 20161117
eScan 20161117
NANO-Antivirus 20161117
nProtect 20161117
Panda 20161115
Qihoo-360 20161117
Rising 20161117
Sophos AV 20161117
SUPERAntiSpyware 20161117
Symantec 20161117
Tencent 20161117
TheHacker 20161115
TrendMicro 20161117
TrendMicro-HouseCall 20161117
VBA32 20161115
ViRobot 20161117
Yandex 20161116
Zillya 20161116
Zoner 20161117
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
user
creation_datetime
2016-11-07 19:26:00
template
Normal
author
LaLka
page_count
1
last_saved
2016-11-16 22:06:00
edit_time
4440
revision_number
78
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RL-TEAM.NET
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
20032
type_literal
stream
size
121
name
\x01CompObj
sid
34
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
7422
name
1Table
sid
1
type_literal
stream
size
667
name
Macros/PROJECT
sid
33
type_literal
stream
size
152
name
Macros/PROJECTwm
sid
32
type_literal
stream
size
1523
type
macro
name
Macros/VBA/ThisDocument
sid
11
type_literal
stream
size
4243
name
Macros/VBA/_VBA_PROJECT
sid
23
type_literal
stream
size
2889
name
Macros/VBA/__SRP_0
sid
25
type_literal
stream
size
222
name
Macros/VBA/__SRP_1
sid
26
type_literal
stream
size
312
name
Macros/VBA/__SRP_2
sid
12
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
13
type_literal
stream
size
988
name
Macros/VBA/__SRP_4
sid
15
type_literal
stream
size
103
name
Macros/VBA/__SRP_5
sid
16
type_literal
stream
size
1244
name
Macros/VBA/__SRP_6
sid
18
type_literal
stream
size
140
name
Macros/VBA/__SRP_7
sid
19
type_literal
stream
size
540
name
Macros/VBA/__SRP_8
sid
21
type_literal
stream
size
103
name
Macros/VBA/__SRP_9
sid
22
type_literal
stream
size
934
name
Macros/VBA/dir
sid
24
type_literal
stream
size
1837
type
macro
name
Macros/VBA/hafghgagdsfg
sid
17
type_literal
stream
size
1579
type
macro
name
Macros/VBA/qweqwe
sid
20
type_literal
stream
size
3998
type
macro
name
Macros/VBA/usdfjkggkskkjghd
sid
14
type_literal
stream
size
97
name
Macros/hafghgagdsfg/\x01CompObj
sid
30
type_literal
stream
size
291
name
Macros/hafghgagdsfg/\x03VBFrame
sid
31
type_literal
stream
size
441
name
Macros/hafghgagdsfg/f
sid
28
type_literal
stream
size
480
name
Macros/hafghgagdsfg/o
sid
29
type_literal
stream
size
218
name
MsoDataStore/\xd6I\xd5W\xd0\xcaF\xd5IEC\xcdJ\xdaFCO\xc6\xcd\xc6\xd6\xc0==/Item
sid
7
type_literal
stream
size
341
name
MsoDataStore/\xd6I\xd5W\xd0\xcaF\xd5IEC\xcdJ\xdaFCO\xc6\xcd\xc6\xd6\xc0==/Properties
sid
8
type_literal
stream
size
41994
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 32 bytes
[+] usdfjkggkskkjghd.bas Macros/VBA/usdfjkggkskkjghd 433 bytes
run-file
[+] hafghgagdsfg.frm Macros/VBA/hafghgagdsfg 72 bytes
[+] qweqwe.bas Macros/VBA/qweqwe 283 bytes
ExifTool file metadata
SharedDoc
No

Author
LaLka

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1, , 1

Template
Normal

CharCountWithSpaces
1

CreateDate
2016:11:07 18:26:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2016:11:16 21:06:00

TitleOfParts
,

Company
RL-TEAM.NET

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
78

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1.2 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 b05a67c92ed2e7476eafd97e2752436b
SHA1 1f093ced8da0d5bc8e605816fbe778ac211ae8e4
SHA256 e1c069f1c029c9ba18d27f970f92156a999ee0780b06c41658e31431c4b5f6bb
ssdeep
1536:4Jc5C7U9KCP6pBQGsHHSXfSLHbxCHiP6JTD03N6Z9GJ45bzd:4Jc51syUQdHyXAbxCpZ3d

File size 89.0 KB ( 91136 bytes )
File type MS Word Document
Magic literal
Windows, Version 5.1, Code page: 1251, Author: LaLka, Template: Normal, Last Saved By: user, Revision Number: 78, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:14:00, Create Time/Date: Sun Nov 06 18:26:00 2016, Last Saved Time/Date: Tue Nov 15 21:06:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file doc

VirusTotal metadata
First submission 2016-11-17 00:43:20 UTC ( 2 years, 2 months ago )
Last submission 2016-11-17 12:20:29 UTC ( 2 years, 2 months ago )
File names ANZ-payment-1111.doc
Commbank-payment-1111.doc
Commbank-payment-9999.doc
Suncorp-payment-4444.doc
ANZ-payment-2222.doc
Suncorp-payment-2222.doc
(e1c069f1c029c9ba18d27f970f92156a999ee0780b06c41658e31431c4b5f6bb) - ANZ-payment-6666.doc
Suncorp-payment-1111.doc
ANZ-payment-4444.doc
Westpac-payment-5555.doc
Commbank-payment-4444.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!