| SHA256: | f45ecb1b57fcf5d6a157f9935574a8c480ec39223dac678c5d5865151e675647 |
| File name: | |
| Detection ratio: | 12 / 59 |
| Analysis date: | 2018-06-22 14:31:45 UTC ( 8 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Arcabit | HEUR.VBA.Trojan.e | 20180622 |
| Baidu | VBA.Trojan-Downloader.Agent.dau | 20180622 |
| Fortinet | VBA/Agent.0945!tr | 20180622 |
| McAfee-GW-Edition | BehavesLike.Downloader.dg | 20180622 |
| NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi | 20180622 |
| Qihoo-360 | virus.office.qexvmc.1095 | 20180622 |
| TACHYON | Suspicious/W97M.Obfus.Gen | 20180622 |
| Tencent | Heur.Macro.Generic.Gen.f | 20180622 |
| TrendMicro | Troj_Gen.F04IE00FM18 | 20180622 |
| TrendMicro-HouseCall | Troj_Gen.F04IE00FM18 | 20180622 |
| ZoneAlarm by Check Point | HEUR:Trojan-Downloader.Script.Generic | 20180622 |
| Zoner | Probably W97Obfuscated | 20180621 |
| Ad-Aware | 20180622 | |
| AegisLab | 20180622 | |
| AhnLab-V3 | 20180622 | |
| Alibaba | 20180622 | |
| ALYac | 20180622 | |
| Antiy-AVL | 20180622 | |
| Avast | 20180622 | |
| Avast-Mobile | 20180622 | |
| AVG | 20180622 | |
| Avira (no cloud) | 20180622 | |
| AVware | 20180621 | |
| Babable | 20180406 | |
| BitDefender | 20180622 | |
| Bkav | 20180622 | |
| CAT-QuickHeal | 20180622 | |
| ClamAV | 20180622 | |
| CMC | 20180622 | |
| Comodo | 20180622 | |
| CrowdStrike Falcon (ML) | 20180202 | |
| Cybereason | 20180308 | |
| Cylance | 20180622 | |
| Cyren | 20180622 | |
| DrWeb | 20180622 | |
| eGambit | 20180622 | |
| Emsisoft | 20180622 | |
| Endgame | 20180612 | |
| ESET-NOD32 | 20180622 | |
| F-Prot | 20180622 | |
| F-Secure | 20180622 | |
| GData | 20180622 | |
| Ikarus | 20180622 | |
| Sophos ML | 20180601 | |
| Jiangmin | 20180622 | |
| K7AntiVirus | 20180622 | |
| K7GW | 20180622 | |
| Kaspersky | 20180622 | |
| Kingsoft | 20180622 | |
| Malwarebytes | 20180622 | |
| MAX | 20180622 | |
| McAfee | 20180622 | |
| Microsoft | 20180622 | |
| eScan | 20180622 | |
| Palo Alto Networks (Known Signatures) | 20180622 | |
| Panda | 20180622 | |
| Rising | 20180622 | |
| SentinelOne (Static ML) | 20180618 | |
| Sophos AV | 20180622 | |
| SUPERAntiSpyware | 20180622 | |
| Symantec | 20180622 | |
| Symantec Mobile Insight | 20180619 | |
| TheHacker | 20180621 | |
| Trustlook | 20180622 | |
| VBA32 | 20180622 | |
| VIPRE | 20180622 | |
| ViRobot | 20180622 | |
| Webroot | 20180622 | |
| Yandex | 20180622 | |
| Zillya | 20180621 |
The file being studied follows the Compound Document File format!
More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands
and instructions that you group together as a single command to accomplish a task automatically.
Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2018-06-22 11:28:00
author
Okashebuh-PC
title
17495Ok68881
page_count
1
last_saved
2018-06-22 11:28:00
revision_number
1
application_name
Microsoft Office Word
character_count
1
subject
73464Ok3851
code_page
Latin I
template
Normal.dotm
Document summary
category
10836Ok58188
line_count
1
company
49046Ok32998
characters_with_spaces
1
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
Macros and VBA code streams
ExifTool file metadata
Category
10836Ok58188
SharedDoc
No
Author
Okashebuh-PC
CodePage
Windows Latin 1 (Western European)
LinksUpToDate
No
HeadingPairs
Title, 1
Template
Normal.dotm
CharCountWithSpaces
1
CreateDate
2018:06:22 10:28:00
CompObjUserType
Microsoft Word 97-2003 Document
ModifyDate
2018:06:22 10:28:00
ScaleCrop
No
Company
49046Ok32998
Title
17495Ok68881
Characters
1
HyperlinksChanged
No
RevisionNumber
1
MIMEType
application/msword
Words
0
FileType
DOC
Lines
1
AppVersion
16.0
Security
None
Software
Microsoft Office Word
TotalEditTime
0
Pages
1
CompObjUserTypeLen
32
FileTypeExtension
doc
Paragraphs
1
Subject
73464Ok3851
File identification
MD5 7eab3ffb14d650531ef0af0323c0ff95
SHA1 234a77cf95bb0b3f325c5038b2ac6fa7397078d0
SHA256 f45ecb1b57fcf5d6a157f9935574a8c480ec39223dac678c5d5865151e675647
ssdeep
3072:jFPtbFOIRGGvCT0gqIdCVRXThqZGTTT/9tjTXq3nfQ/vfcCJIkozK:jFPtyMCbhdCVzyGTTrnHq3nAvUCFj
File size
214.8 KB ( 219904 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: 17495Ok68881, Subject: 73464Ok3851, Author: Okashebuh-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Jun 21 10:28:00 2018, Last Saved Time/Date: Thu Jun 21 10:28:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
| TrID |
Microsoft Word document (54.2%) Microsoft Word document (old ver.) (32.2%) Generic OLE2 / Multistream Compound File (13.5%) |
Tags
obfuscated
macros
run-file
doc
VirusTotal metadata
First submission
2018-06-22 14:22:13 UTC ( 8 months ago )
Last submission
2018-06-23 15:43:00 UTC ( 7 months, 4 weeks ago )
| File names |
INV-6977275280.doc INV-6457516736.doc INV-650337742.doc INV-5168110.doc INV-839915652423.doc INV-7082619161318.doc INV-0241841574127.doc RECH-KMJ783325178562795.doc INV-1851430.doc 26b9cfb02bee04def83b0d8cc7d7d100309033b8 |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!