× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7671740298c5af7c38f599f17a8516180681fb48fd4fb9ac977b1257282219d
File name: EE84C5D626BF8450782F24FD7D2F3AE6
Detection ratio: 33 / 54
Analysis date: 2014-06-28 08:31:39 UTC ( 10 months ago )
Antivirus Result Update
AVG Exploit.CVE-2009-0563 20140628
Ad-Aware Exploit.CVE-2009-0563.Gen 20140628
AhnLab-V3 Dropper/Ms09-027 20140627
AntiVir EXP/Word.Exploit.Gen 20140627
Antiy-AVL Trojan[Exploit]/Office.CVE-2009-0563.a 20140628
Avast MacOS:CallMe-F [Trj] 20140628
BitDefender Exploit.CVE-2009-0563.Gen 20140628
CAT-QuickHeal Shell.Gen.AT 20140627
ClamAV Osx.Exploit.CVE_2009_0563 20140628
Commtouch Exploit/WRD.gen 20140628
Comodo UnclassifiedMalware 20140628
DrWeb Exploit.MS09-027.3 20140628
ESET-NOD32 Win32/Exploit.CVE-2009-0563.A 20140628
Emsisoft Exploit.CVE-2009-0563.Gen (B) 20140628
F-Prot Exploit/WRD.gen 20140628
F-Secure Exploit:OSX/MS09027.A 20140628
Fortinet MSWord/CVE20090563.A!exploit 20140628
GData Exploit.CVE-2009-0563.Gen 20140628
Ikarus Exploit.Win32.MS09 20140628
Kaspersky Exploit.OSX.CVE-2009-0563.a 20140628
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.W97.CodeExec.O 20140627
MicroWorld-eScan Exploit.CVE-2009-0563.Gen 20140628
Microsoft Exploit:Win32/MS09-027 20140628
NANO-Antivirus Exploit.MSWord.CVE-2009-0563.cfdhsc 20140628
Norman CVE_2009_0563.A 20140628
Qihoo-360 virus.exp.20133934 20140628
Sophos Troj/DocOSXDr-B 20140628
Symantec Bloodhound.Olemacho 20140628
Tencent Win32.Exploit.Cve-2009-0563.Anpk 20140628
TrendMicro TROJ_MDROP.OSX 20140628
VIPRE Exploit.Win32.MS09027.a (v) 20140628
ViRobot DOC.S.CVE-2009-0563.204010 20140628
nProtect Exploit.CVE-2009-0563.Gen 20140627
AegisLab 20140628
Agnitum 20140627
Baidu-International 20140628
Bkav 20140625
ByteHero 20140628
CMC 20140627
Jiangmin 20140628
K7AntiVirus 20140627
K7GW 20140627
Kingsoft 20140628
Malwarebytes 20140628
McAfee 20140628
Panda 20140627
Rising 20140623
SUPERAntiSpyware 20140628
TheHacker 20140624
TotalDefense 20140627
TrendMicro-HouseCall 20140628
VBA32 20140627
Zillya 20140627
Zoner 20140626
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Summary
last_author
IUHRDF
creation_datetime
2010-08-22 11:37:00
template
Normal.dotm
author
IUHRDF
page_count
1
last_saved
2010-08-22 11:37:00
revision_number
2
application_name
Microsoft Office Word
code_page
Arabic
Document summary
line_count
1
paragraph_count
1
version
786432
code_page
Arabic
OLE Streams
kids
\\x01CompObj, \\x05DocumentSummaryInformation, \\x05SummaryInformation, 1Table, Data, WordDocument
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
size
128
type_literal
stream
md5
f716ba7502cd102ffe5ef73a0f6ef358
entropy
0.247189879286
name
Data
size
4096
type_literal
stream
md5
55fa381979c6595261a95f4f53632c2f
entropy
5.98897825892
name
1Table
size
6373
type_literal
stream
md5
5899ca9d9c8b14e6232e55fae3d05146
entropy
2.57300796927
name
WordDocument
size
4096
type_literal
stream
md5
d193246bb84212d8de255ee4bb4125e3
entropy
0.466635125335
name
\\x05SummaryInformation
size
4096
type_literal
stream
md5
9cc5c3cf87eb237b55ac7b377a54649d
entropy
0.303303914687
name
\\x05DocumentSummaryInformation
size
4096
type_literal
stream
md5
fdd55237cb3827facd544771c4d3b939
entropy
4.36374049783
name
\\x01CompObj
size
121
ExifTool file metadata
SharedDoc
No

Author
IUHRDF

CodePage
Windows Arabic

LinksUpToDate
No

LastModifiedBy
IUHRDF

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
0

CreateDate
2010:08:22 10:37:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2010:08:22 10:37:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

FileAccessDate
2014:06:28 09:33:20+01:00

Security
None

FileCreateDate
2014:06:28 09:33:20+01:00

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
39

Paragraphs
1

File identification
MD5 ee84c5d626bf8450782f24fd7d2f3ae6
SHA1 92adf2ac068c119c4ad61fbb86b76749173c6a42
SHA256 e7671740298c5af7c38f599f17a8516180681fb48fd4fb9ac977b1257282219d
ssdeep
3072:iOT9JqaOge1SFhvkv71bIN666nPKKDDtqRa3REW+obsXD:hOg3pkvJIcdnPKKDDtqIREW+CU

File size 199.2 KB ( 204010 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1256, Author: IUHRDF, Template: Normal.dotm, Last Saved By: IUHRDF, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sat Aug 21 10:37:00 2010, Last Saved Time/Date: Sat Aug 21 10:37:00 2010, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
doc exploit cve-2009-0563

VirusTotal metadata
First submission 2013-04-11 02:02:37 UTC ( 2 years ago )
Last submission 2014-06-11 16:52:56 UTC ( 10 months, 2 weeks ago )
File names EE84C5D626BF8450782F24FD7D2F3AE6
PROGRAM DRAFT.doc
poadasjkdasuodrr.doc
file-5420024_doc
vti-rescan
e7671740298c5af7c38f599f17a8516180681fb48fd4fb9ac977b1257282219d
ee84c5d626bf8450782f24fd7d2f3ae6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!