× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 9d11f2d2f0e0e5fd8a2ef552a5521920767d7939881443435296d0c600e4a71a
Nombre: order.docm
Detecciones: 36 / 55
Fecha de análisis: 2016-08-14 16:46:05 UTC ( hace 7 meses, 2 semanas )
Antivirus Resultado Actualización
Ad-Aware W97M.Downloader.CTP 20160814
AegisLab W2000M.Dldr.Agent!c 20160814
AhnLab-V3 W97M/Downloader 20160814
ALYac W97M.Downloader.CTH 20160814
Antiy-AVL Trojan[Downloader]/VBS.Agent.brb 20160814
Arcabit HEUR.VBA.Trojan.d 20160814
Avast VBA:Downloader-BTP [Trj] 20160814
AVG W97M/Generic 20160814
Avira (no cloud) X2000M/Dldr.Agent.AM.94362 20160814
Baidu VBA.Trojan-Downloader.Agent.afz 20160813
BitDefender W97M.Downloader.CTP 20160814
CAT-QuickHeal O79M.Dropper.XN 20160813
ClamAV Doc.Dropper.Agent-1416660 20160814
Cyren PP97M/Donoff 20160814
DrWeb W97M.DownLoader.1001 20160814
Emsisoft W97M.Downloader.CTP (B) 20160814
ESET-NOD32 VBA/TrojanDownloader.Agent.BCL 20160814
F-Prot New or modified PP97M/Donoff 20160814
F-Secure Trojan-Downloader:X97M/Locky.K 20160814
Fortinet WM/Agent.BCL!tr 20160814
GData W97M.Downloader.CTP 20160814
Ikarus Trojan-Downloader.VBA.Agent 20160814
Kaspersky Trojan-Downloader.VBS.Agent.brb 20160814
McAfee Downloader-FBGD!7FBD6119E4DE 20160814
McAfee-GW-Edition Downloader-FBGD!7FBD6119E4DE 20160814
Microsoft TrojanDownloader:O97M/Donoff 20160814
eScan W97M.Downloader.CTP 20160814
NANO-Antivirus Trojan.Script.MLW.ecmkzi 20160814
nProtect W97M.Downloader.CTP 20160812
Panda O97M/Downloader 20160814
Qihoo-360 virus.office.obfuscated.1 20160814
Rising Downloader.Agent/VBA!1.A517 20160814
Sophos Troj/DocDl-DCD 20160814
Symantec W97M.Downloader 20160814
Tencent Macro.Trojan.Dropperx.Auto 20160814
TrendMicro W2KM_LOCKY.BYZ 20160814
Alibaba 20160812
AVware 20160814
Bkav 20160813
CMC 20160811
Comodo 20160814
Jiangmin 20160814
K7AntiVirus 20160814
K7GW 20160814
Kingsoft 20160814
Malwarebytes 20160814
SUPERAntiSpyware 20160814
TheHacker 20160814
TotalDefense 20160814
VBA32 20160812
VIPRE 20160814
ViRobot 20160814
Yandex 20160813
Zillya 20160814
Zoner 20160814
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 3659 bytes
[+] Module6.bas word/vbaProject.bin VBA/Module6 692 bytes
[+] Module2.bas word/vbaProject.bin VBA/Module2 10202 bytes
open-file
[+] Module1.bas word/vbaProject.bin VBA/Module1 3645 bytes
create-ole open-file
[+] Ultra.frm word/vbaProject.bin VBA/Ultra 173 bytes
[+] Module3.bas word/vbaProject.bin VBA/Module3 3471 bytes
obfuscated open-file
[+] Module4.bas word/vbaProject.bin VBA/Module4 8352 bytes
create-ole obfuscated open-file
[+] Module5.bas word/vbaProject.bin VBA/Module5 3152 bytes
obfuscated
[+] Module7.bas word/vbaProject.bin VBA/Module7 737 bytes
create-ole
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
1
lastModifiedBy
1
revision
2
created
2016-05-16T12:57:00Z
modified
2016-05-16T12:57:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:05:16 12:57:00Z

ZipRequiredVersion
20

ModifyDate
2016:05:16 12:57:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
180550
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 9266db6c7772f6c45411ff3a591b1374
SHA1 952d788f0759835553708dbe323fd08b5a33ec66
SHA256 9d11f2d2f0e0e5fd8a2ef552a5521920767d7939881443435296d0c600e4a71a
ssdeep
1536:34qy06wGZ+yTNw2lX96Z7pv5KuNHOgJkfFJrIpTFf9y:IqRRyTNw2lC15VOged6pZA

Tamaño del fichero 68.6 KB ( 70283 bytes )
Tipo Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated macros open-file docx create-ole

VirusTotal metadata
First submission 2016-05-16 18:28:54 UTC ( hace 10 meses, 2 semanas )
Last submission 2016-06-23 09:46:12 UTC ( hace 9 meses, 1 semana )
Nombres ORDER-535-2123918-8670618.docm
9266db6c7772f6c45411ff3a591b1374.zip
order.docm
82a13c9e9799fcccd9846b7ef1b99586d075e432
d370a37ad176fc810594cdee1206189d
ORDER-696-8266140-4517612.docm
ORDER-549-6303896-2172940.docm
ORDER-390-5484564-4224642.docm
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!