× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 59df14d8383149f77745e610426d049fbc9896b86f8949891ae15bef273f9df8
Nombre: remittance.doc
Detecciones: 26 / 59
Fecha de análisis: 2018-05-16 00:07:34 UTC ( hace 1 mes )
Antivirus Resultado Actualización
AegisLab Troj.Downloader.Script!c 20180515
AhnLab-V3 W97M/Downloader 20180515
Antiy-AVL Trojan[Downloader]/Script.AGeneric 20180516
Arcabit HEUR.VBA.Trojan.d 20180516
Avast VBA:Downloader-EVZ [Trj] 20180515
AVG VBA:Downloader-EVZ [Trj] 20180515
CAT-QuickHeal W97M.Downloader.4957 20180515
ClamAV Doc.Dropper.Agent-6538373-0 20180515
Comodo UnclassifiedMalware 20180516
Cyren W97M/Downldr.gen 20180515
ESET-NOD32 VBA/TrojanDownloader.Agent.DFO 20180516
F-Prot W97M/Downldr.gen 20180515
Fortinet XM/Agent.56EA!tr.dldr 20180515
Ikarus Trojan-Downloader.VBA.Agent 20180515
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20180515
MAX malware (ai score=99) 20180516
McAfee W97M/Downloader.byu 20180515
McAfee-GW-Edition BehavesLike.Downloader.cg 20180515
Microsoft TrojanDownloader:O97M/Donoff 20180515
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20180515
nProtect Suspicious/W97M.Obfus.Gen 20180515
Qihoo-360 virus.office.qexvmc.1095 20180516
Symantec Trojan.Gen.2 20180515
TrendMicro-HouseCall Suspicious_GEN.F47V0217 20180515
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180515
Zoner Probably W97DownloaderA 20180515
Ad-Aware 20180516
Alibaba 20180515
ALYac 20180515
Avast-Mobile 20180515
Avira (no cloud) 20180516
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180515
Bkav 20180515
CMC 20180515
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180516
eGambit 20180516
Emsisoft 20180515
Endgame 20180507
F-Secure 20180515
GData 20180515
Sophos ML 20180503
Jiangmin 20180515
K7AntiVirus 20180515
K7GW 20180516
Kingsoft 20180516
Malwarebytes 20180515
eScan 20180516
Palo Alto Networks (Known Signatures) 20180516
Panda 20180515
Rising 20180515
SentinelOne (Static ML) 20180225
Sophos AV 20180515
SUPERAntiSpyware 20180515
Symantec Mobile Insight 20180515
Tencent 20180516
TheHacker 20180509
TotalDefense 20180515
TrendMicro 20180515
Trustlook 20180516
VBA32 20180515
VIPRE 20180515
ViRobot 20180515
Webroot 20180516
Yandex 20180513
Zillya 20180514
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Lupas Computers
creation_datetime
2017-01-19 16:05:00
revision_number
3
author
User
page_count
1
last_saved
2017-05-15 10:57:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1984
type_literal
stream
sid
14
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6520
type_literal
stream
sid
1
name
Data
size
73958
type_literal
stream
sid
13
name
Macros/PROJECT
size
410
type_literal
stream
sid
12
name
Macros/PROJECTwm
size
65
type_literal
stream
sid
9
type
macro (only attributes)
name
Macros/VBA/Module1
size
690
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
18461
type_literal
stream
sid
10
name
Macros/VBA/_VBA_PROJECT
size
5213
type_literal
stream
sid
11
name
Macros/VBA/dir
size
569
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 8108 bytes
create-ole obfuscated
ExifTool file metadata
SharedDoc
No

Author
User

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Lupas Computers

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:01:19 15:05:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:05:15 09:57:00

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 d98680e6e410392687f4f90e89aa0219
SHA1 896e304cb375ffd576eb8c07882285201d042748
SHA256 59df14d8383149f77745e610426d049fbc9896b86f8949891ae15bef273f9df8
ssdeep
768:znT0dyNWfQpg0dd4M4mBW4YfFagpLlrDQob8a56NhB+XDDQoWUdNIUtPr4hIyLEc:zT0Xfsdd4iPQJQlaNDDXjzcIFlNPTcmE

Tamaño del fichero 121.0 KB ( 123904 bytes )
Tipo MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: User, Template: Normal.dotm, Last Saved By: Lupas Computers, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jan 18 15:05:00 2017, Last Saved Time/Date: Sun May 14 09:57:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros doc create-ole

VirusTotal metadata
First submission 2017-05-16 04:08:23 UTC ( hace 1 año, 1 mes )
Last submission 2018-05-16 00:07:34 UTC ( hace 1 mes )
Nombres remittance.doc
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!