× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffd193a3e4e88d54a13437e0a754cc361593523bc7b63d9ed6023a88b702ad1c
File name: document.docm
Detection ratio: 5 / 56
Analysis date: 2016-04-09 23:38:58 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160409
Avast VBA:Downloader-PU [Trj] 20160410
Fortinet WM/Agent!tr 20160404
Microsoft TrojanDownloader:W97M/Ledod 20160409
Panda W97M/Downloader 20160409
Ad-Aware 20160409
AegisLab 20160409
AhnLab-V3 20160409
Alibaba 20160408
ALYac 20160409
Antiy-AVL 20160409
AVG 20160409
Avira (no cloud) 20160409
AVware 20160410
Baidu 20160409
Baidu-International 20160409
BitDefender 20160409
Bkav 20160409
CAT-QuickHeal 20160409
ClamAV 20160408
CMC 20160408
Comodo 20160409
Cyren 20160409
DrWeb 20160410
Emsisoft 20160409
ESET-NOD32 20160409
F-Prot 20160409
F-Secure 20160409
GData 20160409
Ikarus 20160409
Jiangmin 20160409
K7AntiVirus 20160409
K7GW 20160404
Kaspersky 20160409
Kingsoft 20160410
Malwarebytes 20160409
McAfee 20160409
McAfee-GW-Edition 20160409
eScan 20160409
NANO-Antivirus 20160409
nProtect 20160408
Qihoo-360 20160410
Rising 20160409
Sophos AV 20160409
SUPERAntiSpyware 20160409
Symantec 20160409
Tencent 20160410
TheHacker 20160409
TrendMicro 20160409
TrendMicro-HouseCall 20160409
VBA32 20160408
VIPRE 20160409
ViRobot 20160410
Yandex 20160409
Zillya 20160409
Zoner 20160409
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 43 bytes
[+] NewMacros.bas word/vbaProject.bin VBA/NewMacros 10231 bytes
auto-open create-ole environ handle-file obfuscated open-file write-file
Content types
bin
rels
jpeg
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
shad
cp:lastModifiedBy
user1
cp:revision
77
dcterms:created
2015-07-24T13:10:00Z
dcterms:modified
2015-09-24T10:40:00Z
Application document properties
Template
Normal
TotalTime
66
Pages
56
Words
32234
Characters
183737
Application
Microsoft Office Word
DocSecurity
0
Lines
1531
Paragraphs
431
ScaleCrop
false
vt:lpstr
Title
vt:i4
1
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
215540
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
en-us
3
ru-ru
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

TitlesOfParts
,

LinksUpToDate
No

LastModifiedBy
user1

HeadingPairs
Title, 1, , 1

ZipFileName
[Content_Types].xml

Template
Normal

ZipRequiredVersion
20

ModifyDate
2015:09:24 10:40:00Z

ZipCRC
0xb42bcf20

Words
32234

ScaleCrop
No

RevisionNumber
77

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2015:07:24 13:10:00Z

Lines
1531

AppVersion
12.0

ZipUncompressedSize
1687

ZipCompressedSize
453

Characters
183737

CharactersWithSpaces
215540

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
1.1 hours

ZipCompression
Deflated

Pages
56

Creator
shad

FileTypeExtension
docm

Paragraphs
431

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
19
Uncompressed size
346954
Highest datetime
2015-12-17 19:20:10
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
12
bin
1
png
1
Contained files by type
XML
15
unknown
1
Microsoft Office
1
JPG
1
PNG
1
File identification
MD5 669ef957f7129a6dd59f0b8145bdc5d6
SHA1 4dcd73415d613aecce804c043686faf5444ceb8f
SHA256 ffd193a3e4e88d54a13437e0a754cc361593523bc7b63d9ed6023a88b702ad1c
ssdeep
3072:Lj26k8PTtdVG08yCItKuSooU9TJIVJzUvlPXdHifmc3/88888888888888888880:HT7Vp5CtuSooGTSLQ28888888888888s

File size 136.0 KB ( 139311 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file auto-open handle-file docx macros environ write-file create-ole

VirusTotal metadata
First submission 2016-04-09 23:38:58 UTC ( 2 years, 10 months ago )
Last submission 2016-04-09 23:38:58 UTC ( 2 years, 10 months ago )
File names document.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!