× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8796bf34544175bc510413d6ef3c81e2027b37046fedfe1a7da883b015a17ea
File name: p002
Detection ratio: 14 / 59
Analysis date: 2018-12-19 07:23:35 UTC ( 4 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20181219
Endgame malicious (high confidence) 20181108
Fortinet VBA/Agent.LWI!tr.dldr 20181219
Ikarus Trojan.VBA.Agent 20181219
Kaspersky HEUR:Trojan-Downloader.MSOffice.SLoad.gen 20181219
McAfee W97M/Downloader!680765DEF58A 20181219
McAfee-GW-Edition BehavesLike.Downloader.nl 20181218
Microsoft Trojan:Script/Foretype.A!ml 20181218
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181219
Rising Macro.Agent.dx (CLASSIC) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ISB.Downloader!gen186 20181219
TACHYON Suspicious/W97M.Obfus.Gen.6 20181219
ZoneAlarm by Check Point HEUR:Trojan-Downloader.MSOffice.SLoad.gen 20181219
Acronis 20180726
Ad-Aware 20181219
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181218
Avast 20181219
Avast-Mobile 20181218
AVG 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181217
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181219
Cyren 20181219
DrWeb 20181219
eGambit 20181219
Emsisoft 20181219
ESET-NOD32 20181219
F-Prot 20181219
F-Secure 20181219
GData 20181219
Sophos ML 20181128
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kingsoft 20181219
Malwarebytes 20181219
MAX 20181219
eScan 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181218
Qihoo-360 20181219
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
Tencent 20181219
TheHacker 20181216
TotalDefense 20181218
Trapmine 20181205
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VBA32 20181218
ViRobot 20181218
Webroot 20181219
Yandex 20181218
Zillya 20181217
Zoner 20181219
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-12-19 06:58:00
revision_number
1
page_count
1
word_count
2
last_saved
2018-12-19 06:58:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
15
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
16
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
25600
type_literal
stream
sid
39
name
\x01CompObj
size
114
type_literal
stream
sid
12
name
\x05DocumentSummaryInformation
size
280
type_literal
stream
sid
11
name
\x05SummaryInformation
size
404
type_literal
stream
sid
10
name
1Table
size
7960
type_literal
stream
sid
1
name
Data
size
29684
type_literal
stream
sid
38
name
Macros/PROJECT
size
1254
type_literal
stream
sid
37
name
Macros/PROJECTwm
size
569
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/A09120795
size
678
type_literal
stream
sid
21
type
macro (only attributes)
name
Macros/VBA/C778537235433
size
682
type_literal
stream
sid
25
type
macro (only attributes)
name
Macros/VBA/E278181547
size
679
type_literal
stream
sid
29
type
macro (only attributes)
name
Macros/VBA/I719657549651
size
991
type_literal
stream
sid
31
type
macro (only attributes)
name
Macros/VBA/K17715104
size
988
type_literal
stream
sid
22
type
macro (only attributes)
name
Macros/VBA/K9829146080015
size
683
type_literal
stream
sid
26
type
macro (only attributes)
name
Macros/VBA/O4860898568
size
680
type_literal
stream
sid
30
type
macro (only attributes)
name
Macros/VBA/Q564627277327
size
993
type_literal
stream
sid
18
type
macro
name
Macros/VBA/S6815127
size
2940
type_literal
stream
sid
15
type
macro
name
Macros/VBA/T85003864
size
1474
type_literal
stream
sid
32
type
macro (only attributes)
name
Macros/VBA/W8964317312
size
990
type_literal
stream
sid
33
name
Macros/VBA/_VBA_PROJECT
size
6678
type_literal
stream
sid
35
name
Macros/VBA/__SRP_0
size
2329
type_literal
stream
sid
36
name
Macros/VBA/__SRP_1
size
242
type_literal
stream
sid
16
name
Macros/VBA/__SRP_2
size
428
type_literal
stream
sid
17
name
Macros/VBA/__SRP_3
size
142
type_literal
stream
sid
34
name
Macros/VBA/dir
size
1584
type_literal
stream
sid
20
type
macro (only attributes)
name
Macros/VBA/i09233453287623
size
684
type_literal
stream
sid
19
type
macro (only attributes)
name
Macros/VBA/m24336478
size
678
type_literal
stream
sid
28
type
macro (only attributes)
name
Macros/VBA/p3646675
size
987
type_literal
stream
sid
27
type
macro (only attributes)
name
Macros/VBA/u604212895191
size
993
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/z6862423
size
677
type_literal
stream
sid
6
name
ObjectPool/_1606715037/\x01CompObj
size
116
type_literal
stream
sid
8
name
ObjectPool/_1606715037/\x03OCXNAME
size
20
type_literal
stream
sid
7
name
ObjectPool/_1606715037/\x03ObjInfo
size
6
type_literal
stream
sid
5
name
ObjectPool/_1606715037/\x03PRINT
size
514
type_literal
stream
sid
9
name
ObjectPool/_1606715037/contents
size
896
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] T85003864.cls Macros/VBA/T85003864 29 bytes
[+] S6815127.bas Macros/VBA/S6815127 1249 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
16

CreateDate
2018:12:19 05:58:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2018:12:19 05:58:00

Characters
15

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
2

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 680765def58a7428414ed665ec257c29
SHA1 00d8834ac03622c7d6c7d685499f12c2469277ba
SHA256 e8796bf34544175bc510413d6ef3c81e2027b37046fedfe1a7da883b015a17ea
ssdeep
768:KVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFB0mqQGriMJOKbEgKMgtfQm3YPZoQ/J:Kocn1kp59gxBK85fB0z5kKGTQ/+a9

File size 90.5 KB ( 92672 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Dec 18 05:58:00 2018, Last Saved Time/Date: Tue Dec 18 05:58:00 2018, Number of Pages: 1, Number of Words: 2, Number of Characters: 15, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2018-12-19 07:23:35 UTC ( 4 months ago )
Last submission 2018-12-21 20:11:13 UTC ( 4 months ago )
File names attachment.doc
p002
49659219 Rechnung.doc
192_01_662 Rechnung.doc
Rg 134424.doc
emotet_e1_e8796bf34544175bc510413d6ef3c81e2027b37046fedfe1a7da883b015a17ea_2018-12-19__07:40:26.doc
0.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!