× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc4bd160119744f41bfdb71d7bde347c12b3b1263528bfbc7f836bfd813007ef
File name: 12 October 2015 Invoice Summary-05.doc
Detection ratio: 8 / 55
Analysis date: 2015-10-12 12:23:27 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan 20151012
AVware LooksLike.Macro.Malware.g (v) 20151012
CAT-QuickHeal W97M.Dropper.DZ 20151012
Fortinet WM/Agent!tr 20151012
GData Macro.Trojan-Downloader.Agent.FZ 20151012
NANO-Antivirus Trojan.Script.Agent.dsgamf 20151012
Qihoo-360 heur.macro.download.cc 20151012
VIPRE LooksLike.Macro.Malware.g (v) 20151012
Ad-Aware 20151012
AegisLab 20151012
Yandex 20151011
AhnLab-V3 20151011
Alibaba 20151012
ALYac 20151012
Antiy-AVL 20151012
Avast 20151012
AVG 20151012
Baidu-International 20151012
BitDefender 20151012
Bkav 20151012
ByteHero 20151012
ClamAV 20151012
CMC 20151012
Comodo 20151012
Cyren 20151012
DrWeb 20151012
Emsisoft 20151012
ESET-NOD32 20151012
F-Prot 20151012
F-Secure 20151012
Ikarus 20151012
Jiangmin 20151011
K7AntiVirus 20151012
K7GW 20151010
Kaspersky 20151012
Kingsoft 20151012
Malwarebytes 20151011
McAfee 20151012
McAfee-GW-Edition 20151012
Microsoft 20151012
eScan 20151012
nProtect 20151008
Panda 20151012
Rising 20151011
Sophos AV 20151012
SUPERAntiSpyware 20151012
Symantec 20151011
Tencent 20151012
TheHacker 20151010
TrendMicro 20151012
TrendMicro-HouseCall 20151012
VBA32 20151012
ViRobot 20151012
Zillya 20151011
Zoner 20151012
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May try to download additional files from the Internet.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
Summary
last_author
1
creation_datetime
2015-10-07 21:53:00
revision_number
163
author
Alex
page_count
1
last_saved
2015-10-12 08:48:00
edit_time
3600
template
Normal
application_name
Microsoft Office Word
code_page
Cyrillic
Document summary
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
2624
type_literal
stream
sid
15
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
9948
type_literal
stream
sid
14
name
Macros/PROJECT
size
513
type_literal
stream
sid
13
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
8
type
macro
name
Macros/VBA/Module1
size
11548
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module2
size
15789
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module3
size
14455
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1091
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
6970
type_literal
stream
sid
12
name
Macros/VBA/dir
size
617
type_literal
stream
sid
2
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 35 bytes
[+] Module1.bas Macros/VBA/Module1 6706 bytes
create-file create-ole handle-file open-file write-file
[+] Module2.bas Macros/VBA/Module2 10402 bytes
exe-pattern open-file run-file
[+] Module3.bas Macros/VBA/Module3 8165 bytes
create-ole download obfuscated open-file run-file send-keys
ExifTool file metadata
SharedDoc
No

Author
Alex

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
0

CreateDate
2015:10:07 20:53:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2015:10:12 07:48:00

HyperlinksChanged
No

Characters
0

ScaleCrop
No

RevisionNumber
163

MIMEType
application/msword

Words
0

FileType
DOC

Lines
0

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1.0 hours

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
0

Compressed bundles
File identification
MD5 04e1476d464fafa559bd1bd8ea38749c
SHA1 4f0b9fb43cd7acfe90fc7ed132027212b954e4f4
SHA256 fc4bd160119744f41bfdb71d7bde347c12b3b1263528bfbc7f836bfd813007ef
ssdeep
1536:9+7qY6H69wbeEmtJX8EWp6vV3Mu+5dlQZj7iB:HY6H69wbeEmtJX8EccMu+5dlQZK

File size 77.5 KB ( 79360 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: Alex, Template: Normal, Last Saved By: 1, Revision Number: 163, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00:00, Create Time/Date: Tue Oct 06 20:53:00 2015, Last Saved Time/Date: Sun Oct 11 07:48:00 2015, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated run-file exe-pattern handle-file doc create-file open-file macros download write-file send-keys create-ole

VirusTotal metadata
First submission 2015-10-12 08:06:30 UTC ( 3 years, 7 months ago )
Last submission 2017-11-08 22:38:03 UTC ( 1 year, 6 months ago )
File names aede1466d85444e44b32300e4d18b516
483f4a1fe94ccfddae703946304ea6c5
d235e56e0ace28eeb24337a6975c8d67
myvtfile.exe
2f4ebba53f076fbe5638623833ac2f8b
050e8986283719f45c463ccb6491dbb8
fbdfeefa22f5bfb7841a5d1c7e8b0f61
SKMBT_C36014102815580.doc
12 October 2015 Invoice Summary.doc
7e79b8a3f86b146f365be7878fa1d21a
12 October 2015 Invoice Summary-05.doc
9265277ccf4a6b09fef0844da1937e44
00654bd19f9000633c7deead0064bfea
fc4bd160119744f41bfdb71d7bde347c12b3b1263528bfbc7f836bfd813007ef.bin
5876faf168ddd58b741f2326efa15acb
63f7a8e8b48d938ab2e3693651ec0e3b
f021c61458ebc83db877ac2f831459da
4c25b6e99f117a7abad9b0619a979f6b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!