× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4984fb2fb373ff4ceaf3f6cc40dbfdb092a03df8a58f123136761e821c0cc99
Detection ratio: 16 / 59
Analysis date: 2017-10-27 09:23:46 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Downloader.Msoffice!c 20171027
Baidu VBA.Trojan-Downloader.Agent.byu 20171027
CAT-QuickHeal W97M.Downloader.VBA.3420 20171027
ClamAV Doc.Dropper.Agent-6357884-0 20171027
DrWeb modification of W97M.Suspicious.1 20171027
ESET-NOD32 VBA/Kryptik.T 20171027
Fortinet VBA/Agent.BYU!tr.dldr 20171027
GData Generic.Trojan.Agent.MT4L0C 20171027
Ikarus Trojan.VBA.Crypt 20171027
Kaspersky HEUR:Trojan-Downloader.MSOffice.Generic 20171027
McAfee RDN/Generic Downloader.x 20171027
Qihoo-360 virus.office.qexvmc.1080 20171027
Sophos AV Troj/DocDl-LBZ 20171027
Symantec W97M.Downloader 20171027
TrendMicro W2KM_HANCITOR.YYSYY 20171027
ZoneAlarm by Check Point HEUR:Trojan-Downloader.MSOffice.Generic 20171027
Ad-Aware 20171027
AhnLab-V3 20171027
Alibaba 20170911
ALYac 20171027
Antiy-AVL 20171027
Arcabit 20171027
Avast 20171027
Avast-Mobile 20171027
AVG 20171027
Avira (no cloud) 20171027
AVware 20171027
BitDefender 20171027
Bkav 20171025
CMC 20171026
Comodo 20171027
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171027
Cyren 20171027
eGambit 20171027
Emsisoft 20171027
Endgame 20171024
F-Prot 20171027
F-Secure 20171027
Sophos ML 20170914
Jiangmin 20171027
K7AntiVirus 20171027
K7GW 20171027
Kingsoft 20171027
Malwarebytes 20171027
MAX 20171027
McAfee-GW-Edition 20171027
Microsoft 20171027
eScan 20171027
NANO-Antivirus 20171027
nProtect 20171027
Palo Alto Networks (Known Signatures) 20171027
Panda 20171026
Rising 20171027
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171027
Symantec Mobile Insight 20171027
Tencent 20171027
TheHacker 20171024
Trustlook 20171027
VBA32 20171026
VIPRE 20171027
ViRobot 20171027
Webroot 20171027
WhiteArmor 20171024
Yandex 20171026
Zillya 20171026
Zoner 20171027
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
creation_datetime
2017-10-26 05:52:00
revision_number
1
page_count
2
last_saved
2017-10-26 05:52:00
template
Normal
application_name
Microsoft Office Word
character_count
5
security
12
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
5
version
983040
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5568
type_literal
stream
sid
24
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8040
type_literal
stream
sid
1
name
Data
size
85701
type_literal
stream
sid
23
name
Macros/PROJECT
size
631
type_literal
stream
sid
22
name
Macros/PROJECTwm
size
146
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
8691
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
10730
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
6484
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
1551
type_literal
stream
sid
14
name
Macros/VBA/dir
size
955
type_literal
stream
sid
11
type
macro
name
Macros/VBA/fifos
size
10764
type_literal
stream
sid
10
type
macro (only attributes)
name
Macros/VBA/goodkinghenry
size
1403
type_literal
stream
sid
9
type
macro
name
Macros/VBA/maggoty
size
6056
type_literal
stream
sid
12
type
macro
name
Macros/VBA/pompos
size
14300
type_literal
stream
sid
20
name
Macros/goodkinghenry/\x01CompObj
size
97
type_literal
stream
sid
21
name
Macros/goodkinghenry/\x03VBFrame
size
298
type_literal
stream
sid
18
name
Macros/goodkinghenry/f
size
135
type_literal
stream
sid
19
name
Macros/goodkinghenry/o
size
16500
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 2436 bytes
[+] maggoty.bas Macros/VBA/maggoty 568 bytes
[+] fifos.bas Macros/VBA/fifos 3273 bytes
exe-pattern run-dll
[+] pompos.bas Macros/VBA/pompos 5377 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
5

CreateDate
2017:10:26 12:52:00

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:10:26 12:52:00

Characters
5

CodePage
Windows Cyrillic

RevisionNumber
1

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
15.0

Security
Read-only enforced, Locked for annotations

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 1621f341e058349973f8d71a3242dd9a
SHA1 1f9d7ff6562a433282aade6ec78523c5109606e2
SHA256 e4984fb2fb373ff4ceaf3f6cc40dbfdb092a03df8a58f123136761e821c0cc99
ssdeep
3072:hI1VNTBTI8JK3YDtbTUkFNzeT6pUpmX+9PetrIWFy5653:QV/TLFDtXlNzjtO5nsh

File size 188.5 KB ( 193024 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Template: Normal, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Oct 25 13:52:00 2017, Last Saved Time/Date: Wed Oct 25 13:52:00 2017, Number of Pages: 2, Number of Words: 0, Number of Characters: 5, Security: 12

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-10-26 15:31:03 UTC ( 1 year, 4 months ago )
Last submission 2018-05-02 23:39:21 UTC ( 10 months, 3 weeks ago )
File names notice_628467.doc
notice_312224.doc
notice_559196.doc
notice_254372.doc
notice_469342.doc
notice_528483.doc
notice_233454.doc
notice_327521.doc
notice_694266.doc
notice_969808.doc
notice_951988.doc
notice_213906.doc
notice_283194.doc
notice_137763.doc
notice_871823.doc
notice_373286.doc
notice_957735.doc
notice_139150.doc
notice_998780.doc
notice_531623.doc
notice_283126.doc
notice_180196.doc
notice_706600.doc
notice_205876.doc
notice_929012.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!