× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb0c0d977c9c48528181640384aec3eff83dbd0d7ad8cbb9cfa4fcc1d17cd7a2
File name: HighlyEncryptedFax.doc
Detection ratio: 3 / 59
Analysis date: 2017-11-07 11:19:04 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20171107
Ikarus Win32.Outbreak 20171107
Qihoo-360 virus.office.qexvmc.1090 20171107
Ad-Aware 20171107
AegisLab 20171107
AhnLab-V3 20171106
Alibaba 20170911
ALYac 20171107
Antiy-AVL 20171103
Arcabit 20171107
Avast 20171107
Avast-Mobile 20171107
AVG 20171107
Avira (no cloud) 20171107
AVware 20171107
Baidu 20171107
BitDefender 20171107
Bkav 20171107
CAT-QuickHeal 20171107
ClamAV 20171106
CMC 20171104
Comodo 20171107
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171107
Cyren 20171107
DrWeb 20171107
eGambit 20171107
Emsisoft 20171107
Endgame 20171024
ESET-NOD32 20171107
F-Prot 20171107
Fortinet 20171107
GData 20171107
Sophos ML 20170914
Jiangmin 20171107
K7AntiVirus 20171107
K7GW 20171107
Kaspersky 20171107
Kingsoft 20171107
Malwarebytes 20171107
MAX 20171107
McAfee 20171107
McAfee-GW-Edition 20171107
Microsoft 20171107
eScan 20171107
NANO-Antivirus 20171107
nProtect 20171107
Palo Alto Networks (Known Signatures) 20171107
Panda 20171106
Rising 20171107
SentinelOne (Static ML) 20171019
Sophos AV 20171107
SUPERAntiSpyware 20171107
Symantec 20171107
Symantec Mobile Insight 20171107
Tencent 20171107
TheHacker 20171102
TrendMicro 20171107
TrendMicro-HouseCall 20171107
Trustlook 20171107
VBA32 20171104
VIPRE 20171107
ViRobot 20171107
Webroot 20171107
WhiteArmor 20171104
Yandex 20171102
Zillya 20171106
ZoneAlarm by Check Point 20171107
Zoner 20171107
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-11-07 10:40:00
template
Normal.dotm
author
Longer
page_count
1
last_saved
2017-11-07 10:57:00
edit_time
480
word_count
35
revision_number
13
application_name
Microsoft Office Word
character_count
206
code_page
Latin I
Document summary
line_count
1
company
Grizli777
characters_with_spaces
240
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
32896
type_literal
stream
size
160
name
\x01CompObj
sid
56
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7131
name
1Table
sid
2
type_literal
stream
size
4096
name
Data
sid
1
type_literal
stream
size
97
name
Macros/Imxpq/\x01CompObj
sid
37
type_literal
stream
size
286
name
Macros/Imxpq/\x03VBFrame
sid
38
type_literal
stream
size
327
name
Macros/Imxpq/f
sid
35
type_literal
stream
size
436
name
Macros/Imxpq/o
sid
36
type_literal
stream
size
97
name
Macros/Izlpqkjqfdo/\x01CompObj
sid
42
type_literal
stream
size
291
name
Macros/Izlpqkjqfdo/\x03VBFrame
sid
43
type_literal
stream
size
327
name
Macros/Izlpqkjqfdo/f
sid
40
type_literal
stream
size
444
name
Macros/Izlpqkjqfdo/o
sid
41
type_literal
stream
size
1254
name
Macros/PROJECT
sid
55
type_literal
stream
size
458
name
Macros/PROJECTwm
sid
54
type_literal
stream
size
1611
type
macro
name
Macros/VBA/Acsqkruzgg
sid
9
type_literal
stream
size
851
type
macro
name
Macros/VBA/Eguf
sid
14
type_literal
stream
size
1413
type
macro
name
Macros/VBA/Imxpq
sid
15
type_literal
stream
size
1793
type
macro
name
Macros/VBA/Izlpqkjqfdo
sid
16
type_literal
stream
size
1471
type
macro
name
Macros/VBA/Jzfj
sid
17
type_literal
stream
size
861
type
macro
name
Macros/VBA/Lzjax8
sid
19
type_literal
stream
size
1037
type
macro
name
Macros/VBA/Mmgv_t
sid
20
type_literal
stream
size
1239
type
macro
name
Macros/VBA/Module1
sid
23
type_literal
stream
size
1278
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
864
type
macro
name
Macros/VBA/Tjeraz7
sid
22
type_literal
stream
size
1405
type
macro
name
Macros/VBA/Wzpk
sid
25
type_literal
stream
size
6662
name
Macros/VBA/_VBA_PROJECT
sid
27
type_literal
stream
size
863
type
macro
name
Macros/VBA/bmiaahxckg
sid
10
type_literal
stream
size
909
type
macro
name
Macros/VBA/bturb
sid
11
type_literal
stream
size
1177
type
macro (only attributes)
name
Macros/VBA/cvguljzww_9
sid
12
type_literal
stream
size
1216
type
macro
name
Macros/VBA/cxsigr
sid
13
type_literal
stream
size
1531
name
Macros/VBA/dir
sid
28
type_literal
stream
size
1025
type
macro
name
Macros/VBA/kgi_mv
sid
18
type_literal
stream
size
1761
type
macro
name
Macros/VBA/qxlbbfxarwp4
sid
21
type_literal
stream
size
1167
type
macro (only attributes)
name
Macros/VBA/vkx
sid
24
type_literal
stream
size
1166
type
macro (only attributes)
name
Macros/VBA/ziu4
sid
26
type_literal
stream
size
97
name
Macros/cvguljzww_9/\x01CompObj
sid
32
type_literal
stream
size
295
name
Macros/cvguljzww_9/\x03VBFrame
sid
33
type_literal
stream
size
239
name
Macros/cvguljzww_9/f
sid
30
type_literal
stream
size
224
name
Macros/cvguljzww_9/o
sid
31
type_literal
stream
size
97
name
Macros/vkx/\x01CompObj
sid
47
type_literal
stream
size
284
name
Macros/vkx/\x03VBFrame
sid
48
type_literal
stream
size
283
name
Macros/vkx/f
sid
45
type_literal
stream
size
292
name
Macros/vkx/o
sid
46
type_literal
stream
size
97
name
Macros/ziu4/\x01CompObj
sid
52
type_literal
stream
size
287
name
Macros/ziu4/\x03VBFrame
sid
53
type_literal
stream
size
182
name
Macros/ziu4/f
sid
50
type_literal
stream
size
260
name
Macros/ziu4/o
sid
51
type_literal
stream
size
120998
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 71 bytes
[+] Acsqkruzgg.bas Macros/VBA/Acsqkruzgg 489 bytes
[+] bmiaahxckg.bas Macros/VBA/bmiaahxckg 52 bytes
[+] bturb.bas Macros/VBA/bturb 58 bytes
[+] cxsigr.bas Macros/VBA/cxsigr 256 bytes
[+] Eguf.bas Macros/VBA/Eguf 46 bytes
[+] Imxpq.frm Macros/VBA/Imxpq 91 bytes
create-ole
[+] Izlpqkjqfdo.frm Macros/VBA/Izlpqkjqfdo 271 bytes
[+] Jzfj.bas Macros/VBA/Jzfj 369 bytes
[+] kgi_mv.bas Macros/VBA/kgi_mv 111 bytes
[+] Lzjax8.bas Macros/VBA/Lzjax8 57 bytes
[+] Mmgv_t.bas Macros/VBA/Mmgv_t 121 bytes
[+] qxlbbfxarwp4.bas Macros/VBA/qxlbbfxarwp4 445 bytes
[+] Tjeraz7.bas Macros/VBA/Tjeraz7 51 bytes
[+] Module1.bas Macros/VBA/Module1 210 bytes
[+] Wzpk.bas Macros/VBA/Wzpk 345 bytes
ExifTool file metadata
SharedDoc
No

Author
Longer

CodePage
Unicode (UTF-8)

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
240

CreateDate
2017:11:07 09:40:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:11:07 09:57:00

ScaleCrop
No

Company
Grizli777

Characters
206

HyperlinksChanged
No

RevisionNumber
13

MIMEType
application/msword

Words
35

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
8 minutes

Pages
1

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
1Table, ExtChar

Compressed bundles
File identification
MD5 e07152045cfc0ff9960692cef801b7ae
SHA1 fc3dd332097aa499a86df4f64a9f815145b4a87a
SHA256 eb0c0d977c9c48528181640384aec3eff83dbd0d7ad8cbb9cfa4fcc1d17cd7a2
ssdeep
3072:WFUbM9zy5YK3sJtyE88nJOZ1rqLmEUWLHfEJ2:eh0gtyv8nJOmnHfEJ2

File size 189.0 KB ( 193536 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 13, Name of Creating Application: Microsoft Office Word, Total Editing Time: 08:00, Create Time/Date: Mon Nov 06 09:40:00 2017, Last Saved Time/Date: Mon Nov 06 09:57:00 2017, Number of Pages: 1, Number of Words: 35, Number of Characters: 206, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-11-07 09:57:21 UTC ( 1 year, 4 months ago )
Last submission 2018-09-20 06:46:58 UTC ( 6 months ago )
File names Highly Encrypted Fax.doc
e07152045cfc0ff9960692cef801b7ae.doc
e07152045cfc0ff9960692cef801b7ae_HighlyEncryptedFax.doc.bin
1032-fc3dd332097aa499a86df4f64a9f815145b4a87a
SAMPLES 07_11_2017 (25)
HighlyEncryptedFax.doc
e07152045cfc0ff9960692cef801b7ae_doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!