× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f89e1c298bd162716e62906e1dca9b1353d0162788f1db9ceb5daed8f3f9d30c
Detection ratio: 4 / 59
Analysis date: 2017-10-19 13:48:38 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
F-Secure Trojan:W97M/Nastjencro.A 20171019
Ikarus Win32.Outbreak 20171019
Qihoo-360 virus.office.qexvmc.1080 20171019
TrendMicro-HouseCall Suspicious_GEN.F47V1019 20171019
Ad-Aware 20171019
AegisLab 20171019
AhnLab-V3 20171019
Alibaba 20170911
ALYac 20171019
Antiy-AVL 20171019
Arcabit 20171019
Avast 20171019
Avast-Mobile 20171019
AVG 20171019
Avira (no cloud) 20171019
AVware 20171019
Baidu 20171019
BitDefender 20171019
Bkav 20171019
CAT-QuickHeal 20171019
ClamAV 20171019
CMC 20171018
Comodo 20171019
CrowdStrike Falcon (ML) 20170804
Cylance 20171019
Cyren 20171019
eGambit 20171019
Emsisoft 20171019
Endgame 20171016
ESET-NOD32 20171019
F-Prot 20171019
Fortinet 20171019
GData 20171019
Sophos ML 20170914
Jiangmin 20171019
K7AntiVirus 20171019
K7GW 20171019
Kaspersky 20171019
Kingsoft 20171019
Malwarebytes 20171019
MAX 20171019
McAfee 20171019
McAfee-GW-Edition 20171019
Microsoft 20171018
eScan 20171019
NANO-Antivirus 20171019
nProtect 20171019
Palo Alto Networks (Known Signatures) 20171019
Panda 20171019
Rising 20171019
SentinelOne (Static ML) 20171001
Sophos AV 20171019
SUPERAntiSpyware 20171019
Symantec 20171019
Symantec Mobile Insight 20171011
Tencent 20171019
TheHacker 20171017
TrendMicro 20171019
Trustlook 20171019
VBA32 20171019
VIPRE 20171019
ViRobot 20171019
Webroot 20171019
WhiteArmor 20171016
Yandex 20171018
Zillya 20171019
ZoneAlarm by Check Point 20171019
Zoner 20171019
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Summary
last_author
Longer
creation_datetime
2017-10-19 11:15:00
revision_number
7
author
Longer
page_count
1
last_saved
2017-10-19 11:20:00
edit_time
300
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
company
diakov.net
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
33280
type_literal
stream
sid
56
name
\x01CompObj
size
160
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6930
type_literal
stream
sid
1
name
Data
size
43942
type_literal
stream
sid
55
name
Macros/PROJECT
size
1329
type_literal
stream
sid
54
name
Macros/PROJECTwm
size
608
type_literal
stream
sid
52
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
53
name
Macros/UserForm1/\x03VBFrame
size
292
type_literal
stream
sid
50
name
Macros/UserForm1/f
size
311
type_literal
stream
sid
51
name
Macros/UserForm1/o
size
436
type_literal
stream
sid
37
name
Macros/UserForm2/\x01CompObj
size
97
type_literal
stream
sid
38
name
Macros/UserForm2/\x03VBFrame
size
291
type_literal
stream
sid
35
name
Macros/UserForm2/f
size
251
type_literal
stream
sid
36
name
Macros/UserForm2/o
size
292
type_literal
stream
sid
42
name
Macros/UserForm3/\x01CompObj
size
97
type_literal
stream
sid
43
name
Macros/UserForm3/\x03VBFrame
size
291
type_literal
stream
sid
40
name
Macros/UserForm3/f
size
195
type_literal
stream
sid
41
name
Macros/UserForm3/o
size
156
type_literal
stream
sid
47
name
Macros/UserForm4/\x01CompObj
size
97
type_literal
stream
sid
48
name
Macros/UserForm4/\x03VBFrame
size
291
type_literal
stream
sid
45
name
Macros/UserForm4/f
size
223
type_literal
stream
sid
46
name
Macros/UserForm4/o
size
260
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Diyw4
size
904
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Ggldefwe7
size
1046
type_literal
stream
sid
14
type
macro
name
Macros/VBA/Hglvifcqnxwhf
size
869
type_literal
stream
sid
17
type
macro
name
Macros/VBA/Ngx9
size
1372
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1202
type_literal
stream
sid
26
type
macro
name
Macros/VBA/UserForm1
size
1426
type_literal
stream
sid
22
type
macro (only attributes)
name
Macros/VBA/UserForm2
size
1261
type_literal
stream
sid
23
type
macro (only attributes)
name
Macros/VBA/UserForm3
size
1273
type_literal
stream
sid
24
type
macro (only attributes)
name
Macros/VBA/UserForm4
size
1273
type_literal
stream
sid
21
type
macro
name
Macros/VBA/Xblrntqt_mzcle
size
1039
type_literal
stream
sid
27
name
Macros/VBA/_VBA_PROJECT
size
6841
type_literal
stream
sid
9
type
macro
name
Macros/VBA/ausbpxjricaav
size
878
type_literal
stream
sid
28
name
Macros/VBA/dir
size
1637
type_literal
stream
sid
11
type
macro
name
Macros/VBA/fdypxzqg
size
1429
type_literal
stream
sid
13
type
macro
name
Macros/VBA/gjgaxhldjmyoh
size
941
type_literal
stream
sid
15
type
macro
name
Macros/VBA/kxxppbufye_yq
size
882
type_literal
stream
sid
16
type
macro
name
Macros/VBA/myform1
size
2374
type_literal
stream
sid
18
type
macro
name
Macros/VBA/ozloxe
size
1403
type_literal
stream
sid
19
type
macro
name
Macros/VBA/q_c_n_wwqutt
size
871
type_literal
stream
sid
20
type
macro
name
Macros/VBA/qsoewvromdwwoy
size
1357
type_literal
stream
sid
25
type
macro
name
Macros/VBA/uxc2
size
1681
type_literal
stream
sid
32
name
Macros/myform1/\x01CompObj
size
97
type_literal
stream
sid
33
name
Macros/myform1/\x03VBFrame
size
289
type_literal
stream
sid
30
name
Macros/myform1/f
size
311
type_literal
stream
sid
31
name
Macros/myform1/o
size
444
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 27 bytes
[+] ausbpxjricaav.bas Macros/VBA/ausbpxjricaav 50 bytes
[+] Diyw4.bas Macros/VBA/Diyw4 64 bytes
[+] fdypxzqg.bas Macros/VBA/fdypxzqg 432 bytes
[+] Ggldefwe7.bas Macros/VBA/Ggldefwe7 156 bytes
[+] gjgaxhldjmyoh.bas Macros/VBA/gjgaxhldjmyoh 86 bytes
[+] Hglvifcqnxwhf.bas Macros/VBA/Hglvifcqnxwhf 53 bytes
[+] kxxppbufye_yq.bas Macros/VBA/kxxppbufye_yq 76 bytes
[+] myform1.frm Macros/VBA/myform1 743 bytes
[+] Ngx9.bas Macros/VBA/Ngx9 351 bytes
[+] ozloxe.bas Macros/VBA/ozloxe 281 bytes
[+] q_c_n_wwqutt.bas Macros/VBA/q_c_n_wwqutt 62 bytes
[+] qsoewvromdwwoy.bas Macros/VBA/qsoewvromdwwoy 316 bytes
[+] Xblrntqt_mzcle.bas Macros/VBA/Xblrntqt_mzcle 118 bytes
[+] uxc2.bas Macros/VBA/uxc2 515 bytes
[+] UserForm1.frm Macros/VBA/UserForm1 93 bytes
create-ole
ExifTool file metadata
SharedDoc
No

Author
Longer

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Longer

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:10:19 10:15:00

Word97
No

LanguageCode
English (US)

ModifyDate
2017:10:19 10:20:00

Company
diakov.net

Characters
1

CodePage
Unicode (UTF-8)

RevisionNumber
7

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
5.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 1ef0e29b9faeb5fc7e79b984a80eb270
SHA1 064a0018626e588c6855692a2ee76b0c6e82ca9d
SHA256 f89e1c298bd162716e62906e1dca9b1353d0162788f1db9ceb5daed8f3f9d30c
ssdeep
1536:nZcFn9rU6OWCdLDX22dnzrNo9yFTYbvx7i8lofa0YkA:ZcF9rURDX281+/vxRloi0D

File size 113.0 KB ( 115712 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Longer, Template: Normal.dotm, Last Saved By: Longer, Revision Number: 7, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:00, Create Time/Date: Wed Oct 18 10:15:00 2017, Last Saved Time/Date: Wed Oct 18 10:20:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros doc create-ole

VirusTotal metadata
First submission 2017-10-19 10:21:50 UTC ( 1 year, 5 months ago )
Last submission 2018-05-08 12:30:09 UTC ( 10 months, 2 weeks ago )
File names Doc2.doc
__substg1.0_37010102
efax190238535-34522.doc
efax190238535-34522.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!