× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e470428e5c12292e0e6723c22c9b1deefa94ec8d182179118474239db192002d
File name: eternityusa.doc
Detection ratio: 22 / 60
Analysis date: 2018-11-26 00:08:18 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) VBA/Dldr.Agent.uvbld 20181125
Cyren W97M/Macro.gen 20181125
Endgame malicious (high confidence) 20181108
ESET-NOD32 VBA/TrojanDownloader.Agent.LMS 20181125
F-Prot W97M/Macro.gen 20181125
Fortinet VBA/Agent.LKT!tr.dldr 20181125
GData Generic.Trojan.Agent.R1QKAZ 20181125
Ikarus Trojan-Downloader.PS.Agent 20181125
K7AntiVirus Trojan ( 00536d111 ) 20181125
K7GW Trojan ( 00536d111 ) 20181125
Kaspersky HEUR:Trojan.MSOffice.SAgent.gen 20181125
McAfee Artemis!777FC60A4730 20181125
McAfee-GW-Edition Artemis 20181125
Microsoft Trojan:O97M/Obfuse.BH 20181126
Qihoo-360 virus.office.obfuscated.4 20181126
SentinelOne (Static ML) static engine - malicious 20181011
Symantec W97M.Downloader 20181125
TACHYON Suspicious/W97M.Obfus.Gen.6 20181125
Tencent Heur.Macro.Generic.Gen.h 20181126
TrendMicro HEUR_VBA.O.ELBP 20181126
ZoneAlarm by Check Point HEUR:Trojan.MSOffice.SAgent.gen 20181126
Zoner Probably W97Obfuscated 20181126
Ad-Aware 20181126
AegisLab 20181125
AhnLab-V3 20181125
Alibaba 20180921
ALYac 20181126
Antiy-AVL 20181125
Arcabit 20181125
Avast 20181126
Avast-Mobile 20181125
AVG 20181126
Babable 20180918
Baidu 20181123
BitDefender 20181125
Bkav 20181123
CAT-QuickHeal 20181125
ClamAV 20181125
CMC 20181125
Comodo 20181125
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181126
DrWeb 20181125
eGambit 20181126
Emsisoft 20181126
F-Secure 20181125
Sophos ML 20181108
Jiangmin 20181125
Kingsoft 20181126
Malwarebytes 20181126
MAX 20181126
eScan 20181125
NANO-Antivirus 20181125
Palo Alto Networks (Known Signatures) 20181126
Panda 20181125
Rising 20181125
Sophos AV 20181125
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TheHacker 20181118
TotalDefense 20181125
Trapmine 20180918
TrendMicro-HouseCall 20181125
Trustlook 20181126
VBA32 20181123
VIPRE 20181125
ViRobot 20181125
Webroot 20181126
Yandex 20181123
Zillya 20181123
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2018-04-19 20:59:00
revision_number
9
author
008.637.4384 x5885
page_count
1
last_saved
2018-11-22 23:15:00
edit_time
120
template
Normal
application_name
Microsoft Office Word
title
Object-based mobile groupware
character_count
2
subject
Minnesota Waino
code_page
Cyrillic
comments
Ameliorated neutral database
Document summary
byte_count
23552
company
Turner-Rosenbaum Mrs. Meaghan Koepp
characters_with_spaces
2
line_count
1
manager
Cedrick Stoltenberg
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1856
type_literal
stream
size
114
name
\x01CompObj
sid
17
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
8471
name
1Table
sid
2
type_literal
stream
size
44882
name
Data
sid
1
type_literal
stream
size
365
name
Macros/PROJECT
sid
15
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
10252
type
macro
name
Macros/VBA/ThisDocument
sid
13
type_literal
stream
size
4447
name
Macros/VBA/_VBA_PROJECT
sid
14
type_literal
stream
size
513
name
Macros/VBA/dir
sid
12
type_literal
stream
size
306
name
MsoDataStore/I\xd8\xd5OX\xcf\xc2L4U\xc2V\xda\xc3H\xd0IR\xc4\xdc\xd3\xc0==/Item
sid
8
type_literal
stream
size
341
name
MsoDataStore/I\xd8\xd5OX\xcf\xc2L4U\xc2V\xda\xc3H\xd0IR\xc4\xdc\xd3\xc0==/Properties
sid
9
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 5559 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
008.637.4384 x5885

CodePage
Windows Cyrillic

System
Windows

Comments
Ameliorated neutral database

LastModifiedBy
Windows

HeadingPairs
Title, 1, , 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
2

Word97
No

LanguageCode
Russian

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:11:22 22:15:00

TitleOfParts
,

Company
Turner-Rosenbaum Mrs. Meaghan Koepp

Title
Object-based mobile groupware

Characters
2

ScaleCrop
No

HyperlinksChanged
No

RevisionNumber
9

MIMEType
application/msword

Words
0

Bytes
23552

CreateDate
2018:04:19 18:59:00

Lines
1

AppVersion
16.0

LinksUpToDate
No

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
2 minutes

Pages
1

CompObjUserTypeLen
32

Manager
Cedrick Stoltenberg

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Subject
Minnesota Waino

File identification
MD5 777fc60a4730da5123cdd60aa05e9791
SHA1 4025bfcb397f35c483a9e830f14a2a1196fbba39
SHA256 e470428e5c12292e0e6723c22c9b1deefa94ec8d182179118474239db192002d
ssdeep
1536:fAu3e6rfzRHtPJWU+TyIVIYQyEwDZ3zw3:4o9d2nVIYQsw

File size 86.0 KB ( 88064 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Title: Object-based mobile groupware, Subject: Minnesota Waino, Author: 008.637.4384 x5885, Comments: Ameliorated neutral database, Template: Normal, Last Saved By: ������������ Windows, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Wed Apr 18 19:59:00 2018, Last Saved Time/Date: Wed Nov 21 22:15:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 2, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2018-11-23 11:56:46 UTC ( 4 months, 4 weeks ago )
Last submission 2018-11-23 11:56:46 UTC ( 4 months, 4 weeks ago )
File names eternityusa.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!