× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb33b2c16fed2fea65f58626088cdf532cdf7da63ea55bb634a2d4b43d32c9f0
File name: poddel-pdf-2016031802464600.docm
Detection ratio: 9 / 55
Analysis date: 2016-03-18 10:03:24 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab W2000M.Gen!c 20160318
AhnLab-V3 W97M/Downloader 20160317
Arcabit HEUR.VBA.Trojan.d 20160318
AVG W97M/Downloader 20160318
Baidu VBA.Trojan-Downloader.Agent.wv 20160317
F-Secure Trojan-Downloader:W97M/Dridex.Z 20160318
GData Macro.Trojan-Downloader.Agent.MV 20160318
TrendMicro W2KM_HP.9DF081F9 20160318
TrendMicro-HouseCall W2KM_HP.9DF081F9 20160318
Ad-Aware 20160318
Yandex 20160316
Alibaba 20160318
ALYac 20160318
Antiy-AVL 20160318
Avast 20160318
AVware 20160318
Baidu-International 20160317
BitDefender 20160318
Bkav 20160317
ByteHero 20160318
CAT-QuickHeal 20160318
ClamAV 20160317
CMC 20160316
Comodo 20160318
Cyren 20160318
DrWeb 20160318
Emsisoft 20160318
ESET-NOD32 20160318
F-Prot 20160318
Fortinet 20160318
Ikarus 20160318
Jiangmin 20160318
K7AntiVirus 20160318
K7GW 20160318
Kaspersky 20160317
Malwarebytes 20160318
McAfee 20160318
McAfee-GW-Edition 20160318
Microsoft 20160318
eScan 20160318
NANO-Antivirus 20160318
nProtect 20160317
Panda 20160317
Qihoo-360 20160318
Rising 20160318
Sophos AV 20160318
SUPERAntiSpyware 20160318
Symantec 20160318
Tencent 20160318
TheHacker 20160315
VBA32 20160317
VIPRE 20160318
ViRobot 20160318
Zillya 20160317
Zoner 20160318
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
May enumerate open windows.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 46 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 8474 bytes
create-ole enum-windows obfuscated
[+] Module3.bas word/vbaProject.bin VBA/Module3 15057 bytes
exe-pattern create-ole open-file
[+] Module2.bas word/vbaProject.bin VBA/Module2 7375 bytes
exe-pattern url-pattern create-ole download obfuscated open-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
1
lastModifiedBy
1
revision
2
created
2016-03-18T08:13:00Z
modified
2016-03-18T08:13:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:03:18 08:13:00Z

ZipRequiredVersion
20

ModifyDate
2016:03:18 08:13:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
118908
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 bbfad326566c209fa19a5ac831b6a39c
SHA1 c16a963cc65cf86d973f449fa6002ff0cee9387f
SHA256 fb33b2c16fed2fea65f58626088cdf532cdf7da63ea55bb634a2d4b43d32c9f0
ssdeep
1536:3/mLxLqB4QaD3rv4N/JaOjk+BgRFqrDp3:+LxLo4QSrv4hJaOjkHbc93

File size 50.7 KB ( 51921 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated open-file enum-windows exe-pattern url-pattern docx macros attachment download create-ole

VirusTotal metadata
First submission 2016-03-18 09:04:53 UTC ( 1 year, 8 months ago )
Last submission 2016-07-22 04:25:39 UTC ( 1 year, 4 months ago )
File names poddel-pdf-2016031802464600.docm
base64.bin
3dc56f03cad0ebfedde730678da97c09
38792686b240bf719023acf7cbe7d214
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!