× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5e474fa2b48f6dd2b04796e1ae5fe4ac6af5e488a753ce33c7f4dc5b1486a6c
File name: SCL40MKUQPN.doc
Detection ratio: 4 / 56
Analysis date: 2016-03-10 07:24:32 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20160310
Fortinet WM/Agent.FZ!tr 20160310
Ikarus Trojan-Downloader.O97M.Donoff 20160310
NANO-Antivirus Trojan.Script.MulDrop.eawivh 20160310
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160309
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Avast 20160310
AVG 20160310
Avira (no cloud) 20160310
AVware 20160310
Baidu 20160310
Baidu-International 20160309
BitDefender 20160310
Bkav 20160309
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
GData 20160310
Jiangmin 20160310
K7AntiVirus 20160309
K7GW 20160310
Kaspersky 20160310
Malwarebytes 20160310
McAfee 20160310
McAfee-GW-Edition 20160309
Microsoft 20160310
eScan 20160310
nProtect 20160309
Panda 20160309
Qihoo-360 20160310
Rising 20160310
Sophos AV 20160310
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160310
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160309
VIPRE 20160310
ViRobot 20160310
Zillya 20160309
Zoner 20160310
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute code from Dynamically Linked Libraries.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 115971 bytes
run-dll run-file
Content types
bin
rels
gif
jpg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
Test7
cp:lastModifiedBy
RePack by Diakov
cp:revision
2
dcterms:created
2016-03-09T15:27:00Z
dcterms:modified
2016-03-09T19:46:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
3287
Characters
18740
Application
Microsoft Office Word
DocSecurity
0
Lines
156
Paragraphs
43
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
21984
SharedDoc
false
HyperlinksChanged
false
AppVersion
15.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
RePack by Diakov

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:03:09 19:46:00Z

ZipCRC
0x05c25d03

Words
3287

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:03:09 15:27:00Z

Lines
156

AppVersion
15.0

ZipUncompressedSize
1554

ZipCompressedSize
409

Characters
18740

CharactersWithSpaces
21984

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Creator
Test7

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
43

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
312522
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
jpg
1
gif
1
Contained files by type
XML
13
GIF
1
Microsoft Office
1
JPG
1
File identification
MD5 a76259533ca5640a41570ed3e1b0db87
SHA1 57fd7482a3aacc1a98f20b933ac693fd72f6155c
SHA256 e5e474fa2b48f6dd2b04796e1ae5fe4ac6af5e488a753ce33c7f4dc5b1486a6c
ssdeep
3072:bo0DFFW4pBzv8F/0LJY3YNkSAZdXevcvnNSt+SDktC5FktX:bocxpGYvkZZdXBN8+Sl5oX

File size 165.1 KB ( 169051 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
macros run-file run-dll docx

VirusTotal metadata
First submission 2016-03-10 07:24:32 UTC ( 3 years, 2 months ago )
Last submission 2016-04-04 17:40:10 UTC ( 3 years, 1 month ago )
File names sample1.doc
SCL40MKUQPN.doc
a76259533ca5640a41570ed3e1b0db87.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!