× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f18939a5269e73ecf9da726db9ee9fcdb81d642c0233c5a617822c405c880e1c
Detection ratio: 8 / 58
Analysis date: 2017-09-01 10:23:07 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Vba.Gen!c 20170901
AVware LooksLike.Macro.Malware.k (v) 20170901
Fortinet WM/Agent.CBG!tr 20170901
Qihoo-360 virus.office.qexvmc.1085 20170901
Rising Macro.Agent.dx (classic) 20170901
Tencent Macro.Trojan.Dropperx.Auto 20170901
TrendMicro HEUR_VBA.O2 20170901
VIPRE LooksLike.Macro.Malware.k (v) 20170901
Ad-Aware 20170901
AhnLab-V3 20170901
Alibaba 20170901
ALYac 20170901
Antiy-AVL 20170901
Arcabit 20170901
Avast 20170901
AVG 20170901
Avira (no cloud) 20170901
Baidu 20170831
BitDefender 20170901
Bkav 20170901
CAT-QuickHeal 20170901
ClamAV 20170901
CMC 20170828
Comodo 20170901
CrowdStrike Falcon (ML) 20170804
Cylance 20170901
Cyren 20170901
DrWeb 20170901
Emsisoft 20170901
Endgame 20170821
ESET-NOD32 20170901
F-Prot 20170901
F-Secure 20170901
GData 20170901
Ikarus 20170901
Sophos ML 20170822
Jiangmin 20170901
K7AntiVirus 20170901
K7GW 20170901
Kaspersky 20170901
Kingsoft 20170901
Malwarebytes 20170901
MAX 20170901
McAfee 20170901
McAfee-GW-Edition 20170901
Microsoft 20170901
eScan 20170901
NANO-Antivirus 20170901
nProtect 20170901
Palo Alto Networks (Known Signatures) 20170901
Panda 20170831
SentinelOne (Static ML) 20170806
Sophos AV 20170901
SUPERAntiSpyware 20170901
Symantec 20170831
Symantec Mobile Insight 20170901
TheHacker 20170828
TrendMicro-HouseCall 20170901
Trustlook 20170901
VBA32 20170831
ViRobot 20170901
Webroot 20170901
WhiteArmor 20170829
Yandex 20170831
Zillya 20170831
ZoneAlarm by Check Point 20170901
Zoner 20170901
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
Longer
creation_datetime
2017-08-30 21:27:00
revision_number
330
author
Longer
page_count
1
last_saved
2017-09-01 09:20:00
edit_time
17640
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
company
diakov.net
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
19776
type_literal
stream
sid
31
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7006
type_literal
stream
sid
1
name
Data
size
43544
type_literal
stream
sid
29
name
Macros/PROJECT
size
506
type_literal
stream
sid
30
name
Macros/PROJECTwm
size
125
type_literal
stream
sid
21
type
macro
name
Macros/VBA/NewMacros
size
3729
type_literal
stream
sid
22
type
macro
name
Macros/VBA/ThisDocument
size
1577
type_literal
stream
sid
23
name
Macros/VBA/_VBA_PROJECT
size
5352
type_literal
stream
sid
10
name
Macros/VBA/__SRP_0
size
3258
type_literal
stream
sid
11
name
Macros/VBA/__SRP_1
size
190
type_literal
stream
sid
12
name
Macros/VBA/__SRP_2
size
312
type_literal
stream
sid
13
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
14
name
Macros/VBA/__SRP_4
size
232
type_literal
stream
sid
15
name
Macros/VBA/__SRP_5
size
103
type_literal
stream
sid
16
name
Macros/VBA/__SRP_6
size
2734
type_literal
stream
sid
17
name
Macros/VBA/__SRP_7
size
103
type_literal
stream
sid
18
name
Macros/VBA/__SRP_8
size
668
type_literal
stream
sid
19
name
Macros/VBA/__SRP_9
size
103
type_literal
stream
sid
8
name
Macros/VBA/dir
size
902
type_literal
stream
sid
9
type
macro
name
Macros/VBA/myform1
size
6438
type_literal
stream
sid
20
type
macro
name
Macros/VBA/mymodule2
size
3105
type_literal
stream
sid
27
name
Macros/myform1/\x01CompObj
size
97
type_literal
stream
sid
28
name
Macros/myform1/\x03VBFrame
size
286
type_literal
stream
sid
25
name
Macros/myform1/f
size
457
type_literal
stream
sid
26
name
Macros/myform1/o
size
556
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 30 bytes
[+] mymodule2.bas Macros/VBA/mymodule2 266 bytes
obfuscated
[+] myform1.frm Macros/VBA/myform1 875 bytes
run-file
[+] NewMacros.bas Macros/VBA/NewMacros 44 bytes
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:09:01 08:20:00

Company
diakov.net

Characters
1

CodePage
Windows Latin 1 (Western European)

RevisionNumber
330

MIMEType
application/msword

Words
0

CreateDate
2017:08:30 20:27:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
4.9 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 702b0ca219adac14e405ba4a508cf097
SHA1 9665331a7627763e6a869160d26e49239a3befff
SHA256 f18939a5269e73ecf9da726db9ee9fcdb81d642c0233c5a617822c405c880e1c
ssdeep
1536:BDv0OJsNqJsjQqQnHZUVMW5RaK9VlxzIwNxMPT7JD8:jGJnYZtW55VzIMGD8

File size 100.5 KB ( 102912 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 330, Name of Creating Application: Microsoft Office Word, Total Editing Time: 04:54:00, Create Time/Date: Tue Aug 29 20:27:00 2017, Last Saved Time/Date: Mon Jul 31 08:20:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-09-01 10:03:09 UTC ( 1 year, 5 months ago )
Last submission 2018-05-05 23:30:18 UTC ( 9 months, 2 weeks ago )
File names __substg1.0_37010102
702b0ca219adac14e405ba4a508cf097.doc
RBS2737953_7488.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!