× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: a8ee9b6f3dfd02957d2f9f8abada269cbf7257a0d5745f2bae63c2a6892b83c5
Nombre: Financial Statement.doc
Detecciones: 25 / 56
Fecha de análisis: 2015-10-13 06:47:14 UTC ( hace 2 años )
Antivirus Resultado Actualización
AhnLab-V3 DOC/Downloader 20151012
ALYac Trojan.Downloader.macro 20151012
Antiy-AVL Trojan/Generic.ASMacro.4097 20151013
Arcabit HEUR.VBA.Trojan 20151013
Avast VBS:Agent-BJJ [Trj] 20151013
AVG W97M/Generic 20151012
Avira (no cloud) HEUR/Macro.Downloader 20151013
AVware LooksLike.Macro.Malware.e (v) 20151013
CAT-QuickHeal O97M.Dropper.AO 20151013
Comodo UnclassifiedMalware 20151013
ESET-NOD32 VBA/TrojanDownloader.Agent.FP 20151013
Fortinet W97M/Agent.MAD!tr.dldr 20151012
GData Macro.Trojan.Agent.YUQY0A 20151013
Ikarus Trojan-Downloader.VBA.Agent 20151013
Kaspersky Trojan-Downloader.VBS.Agent.aka 20151013
McAfee W97M/Downloader.aba 20151013
McAfee-GW-Edition W97M/Downloader.aba 20151013
Microsoft TrojanDownloader:O97M/Bartallex 20151013
NANO-Antivirus Trojan.Script.Agent.dlfbwc 20151013
Qihoo-360 macro.office.07vba.gen.1ba 20151013
Sophos AV Troj/DocDl-JA 20151013
Symantec W97M.Downloader 20151012
TrendMicro W97M_DLOADR.XTRV 20151013
TrendMicro-HouseCall W97M_DLOADR.XTRV 20151013
VIPRE LooksLike.Macro.Malware.e (v) 20151013
Ad-Aware 20151013
AegisLab 20151012
Yandex 20151012
Alibaba 20151013
Baidu-International 20151012
BitDefender 20151013
Bkav 20151012
ByteHero 20151013
ClamAV 20151012
CMC 20151012
Cyren 20151013
DrWeb 20151013
Emsisoft 20151013
F-Prot 20151013
F-Secure 20151013
Jiangmin 20151012
K7AntiVirus 20151012
K7GW 20151010
Kingsoft 20151013
Malwarebytes 20151013
eScan 20151013
nProtect 20151012
Panda 20151012
Rising 20151012
SUPERAntiSpyware 20151012
Tencent 20151013
TheHacker 20151012
VBA32 20151012
ViRobot 20151013
Zillya 20151012
Zoner 20151013
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May read system environment variables.
May open a file.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 12071 bytes
exe-pattern ipv4-pattern auto-open create-file create-ole enum-windows environ obfuscated open-file run-file write-file
Content types
bin
rels
jpeg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
Panda
lastModifiedBy
Golden
revision
5
created
2014-12-09T23:13:00Z
modified
2014-12-11T18:59:00Z
Application document properties
Template
Normal.dotm
TotalTime
3
Pages
2
Words
71
Characters
405
Application
Microsoft Office Word
DocSecurity
0
Lines
3
Paragraphs
1
ScaleCrop
false
Company
MMM
LinksUpToDate
false
CharactersWithSpaces
475
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
2
en-au
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

TitlesOfParts
,

LinksUpToDate
No

LastModifiedBy
Golden

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal.dotm

CreateDate
2014:12:09 23:13:00Z

ZipRequiredVersion
20

ModifyDate
2014:12:11 18:59:00Z

ZipCRC
0x16e97fa5

Company
MMM

Words
71

ScaleCrop
No

RevisionNumber
5

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
3

AppVersion
14.0

ZipUncompressedSize
1615

ZipCompressedSize
437

Characters
405

CharactersWithSpaces
475

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
Title, 1, , 1

TotalEditTime
3 minutes

ZipCompression
Deflated

Pages
2

Creator
Panda

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
17
Uncompressed size
124760
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
JPG
2
Microsoft Office
1
File identification
MD5 fe6234874bb4a10f48a44687d9dce3ce
SHA1 74febb6c258a5f42ac85d2b4ecd59db39f9f0fea
SHA256 a8ee9b6f3dfd02957d2f9f8abada269cbf7257a0d5745f2bae63c2a6892b83c5
ssdeep
1536:QT/Bbtz8mZ17ZZfraaPDvD3EOz7x0B4pNUPO6V:0/XRfZjaacu/+jV

Tamaño del fichero 60.0 KB ( 61427 bytes )
Tipo Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (51.4%)
Word Microsoft Office Open XML Format document (44.5%)
ZIP compressed archive (3.9%)
Tags
obfuscated docx auto-open exe-pattern create-file open-file macros enum-windows environ run-file write-file ipv4-pattern create-ole

VirusTotal metadata
First submission 2014-12-11 19:49:42 UTC ( hace 2 años, 10 meses )
Last submission 2015-10-13 06:47:14 UTC ( hace 2 años )
Nombres vti-rescan
Financial Statement.doc
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!