| SHA256: | ef1b29f3883e13d43f69b081735d4b23f53e8590de1a956e1ddca5df379dde8c |
| File name: | fax_61277.doc |
| Detection ratio: | 9 / 58 |
| Analysis date: | 2018-05-16 17:56:21 UTC ( 9 months, 1 week ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AegisLab | W97M.Gen!c | 20180516 |
| F-Secure | Trojan:W97M/Nastjencro.A | 20180516 |
| Fortinet | VBA/Agent.YPEZ!tr.dldr | 20180516 |
| Ikarus | Trojan-Downloader.PowerShell.Agent | 20180516 |
| McAfee-GW-Edition | BehavesLike.Downloader.mr | 20180516 |
| Microsoft | TrojanDownloader:O97M/Powdow.KE | 20180516 |
| Qihoo-360 | virus.office.qexvmc.1070 | 20180516 |
| Symantec | W97M.Downloader!g28 | 20180516 |
| ZoneAlarm by Check Point | HEUR:Trojan-Downloader.Script.Generic | 20180516 |
| Ad-Aware | 20180516 | |
| AhnLab-V3 | 20180516 | |
| Alibaba | 20180516 | |
| ALYac | 20180516 | |
| Antiy-AVL | 20180516 | |
| Arcabit | 20180516 | |
| Avast | 20180516 | |
| Avast-Mobile | 20180516 | |
| AVG | 20180516 | |
| Avira (no cloud) | 20180516 | |
| AVware | 20180428 | |
| Babable | 20180406 | |
| Baidu | 20180511 | |
| BitDefender | 20180516 | |
| Bkav | 20180516 | |
| CAT-QuickHeal | 20180516 | |
| ClamAV | 20180516 | |
| CMC | 20180516 | |
| Comodo | 20180516 | |
| CrowdStrike Falcon (ML) | 20180418 | |
| Cybereason | None | |
| Cylance | 20180516 | |
| Cyren | 20180516 | |
| eGambit | 20180516 | |
| Emsisoft | 20180516 | |
| Endgame | 20180507 | |
| ESET-NOD32 | 20180516 | |
| F-Prot | 20180516 | |
| GData | 20180516 | |
| Sophos ML | 20180503 | |
| Jiangmin | 20180516 | |
| K7AntiVirus | 20180516 | |
| K7GW | 20180516 | |
| Kaspersky | 20180516 | |
| Kingsoft | 20180516 | |
| Malwarebytes | 20180516 | |
| MAX | 20180516 | |
| McAfee | 20180516 | |
| eScan | 20180516 | |
| NANO-Antivirus | 20180516 | |
| nProtect | 20180516 | |
| Palo Alto Networks (Known Signatures) | 20180516 | |
| Panda | 20180516 | |
| Rising | 20180516 | |
| SentinelOne (Static ML) | 20180225 | |
| Sophos AV | 20180516 | |
| SUPERAntiSpyware | 20180516 | |
| Symantec Mobile Insight | 20180516 | |
| Tencent | 20180516 | |
| TheHacker | 20180516 | |
| TrendMicro | 20180516 | |
| TrendMicro-HouseCall | 20180516 | |
| Trustlook | 20180516 | |
| VBA32 | 20180516 | |
| VIPRE | 20180516 | |
| ViRobot | 20180516 | |
| Webroot | 20180516 | |
| Yandex | 20180516 | |
| Zillya | 20180516 | |
| Zoner | 20180516 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Longer
creation_datetime
2018-05-16 17:17:00
revision_number
30
author
Longer
page_count
1
last_saved
2018-05-16 17:55:00
edit_time
2280
word_count
27
template
Normal.dotm
application_name
Microsoft Office Word
character_count
154
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
180
version
786432
paragraph_count
1
code_page
-535
OLE Streams
Macros and VBA code streams
ExifTool file metadata
SharedDoc
No
Author
Longer
HyperlinksChanged
No
System
Windows
LinksUpToDate
No
LastModifiedBy
Longer
HeadingPairs
, 1
Identification
Word 8.0
Template
Normal.dotm
CharCountWithSpaces
180
CreateDate
2018:05:16 16:17:00
Word97
No
LanguageCode
English (US)
ModifyDate
2018:05:16 16:55:00
Characters
154
CodePage
Unicode (UTF-8)
RevisionNumber
30
MIMEType
application/msword
Words
27
FileType
DOC
Lines
1
AppVersion
12.0
Security
None
Software
Microsoft Office Word
TotalEditTime
38.0 minutes
Pages
1
ScaleCrop
No
CompObjUserTypeLen
0
FileTypeExtension
doc
Paragraphs
1
DocFlags
Has picture, 1Table, ExtChar
File identification
MD5 81b7490c76dc990292c22e4fb38ffef9
SHA1 9dc7a909cbda8e63876caf197b825486d62abf0c
SHA256 ef1b29f3883e13d43f69b081735d4b23f53e8590de1a956e1ddca5df379dde8c
ssdeep
768:MTXUAvRB5LcJgwo4r65/KCBuxEYqdUqVt/azV8Vq4rYWAHpP7p6pXp:KlvRB5QIv3yqCWAHd7g5
File size
85.0 KB ( 87040 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 30, Name of Creating Application: Microsoft Office Word, Total Editing Time: 38:00, Create Time/Date: Tue May 15 16:17:00 2018, Last Saved Time/Date: Tue May 15 16:55:00 2018, Number of Pages: 1, Number of Words: 27, Number of Characters: 154, Security: 0
| TrID |
Microsoft Word document (80.0%) Generic OLE2 / Multistream Compound File (20.0%) |
Tags
obfuscated
macros
create-ole
attachment
doc
VirusTotal metadata
First submission
2018-05-16 16:55:26 UTC ( 9 months, 1 week ago )
Last submission
2018-05-17 17:41:30 UTC ( 9 months, 1 week ago )
| File names |
fax_58662.doc Doc1.doc fax_61277.doc fax_71076.doc |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!