× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: 0dda0877471ac5db18ae6fd73bb18631217c3523a62ac98014dbd0327b7fde4c
نام فایل: Fixed Penalty Receipt.docm
نرخ کشف: 33 / 57
تاریخ تحلیل: 2016-03-09 16:05:52 UTC ( 1 سال قبل )
آنتی ویروس نتایج بروزرسانی
Ad-Aware W97M.Downloader.AUD 20160309
AegisLab Troj.Downloader.Msexcel!c 20160309
AhnLab-V3 O97M/Adnel 20160309
ALYac W97M.Downloader.AUD 20160309
Antiy-AVL Trojan[Downloader]/MSExcel.Agent.ce 20160309
Arcabit W97M.Downloader.AUD 20160309
Avast VBA:Downloader-APG [Trj] 20160309
AVG W97M/Downloader 20160309
Avira (no cloud) X2000M/Dridex.B 20160309
BitDefender W97M.Downloader.AUD 20160309
CAT-QuickHeal O97M.Dropper.UT 20160309
Cyren PP97M/Downldr 20160309
DrWeb W97M.DownLoader.881 20160309
Emsisoft W97M.Downloader.AUD (B) 20160309
ESET-NOD32 VBA/TrojanDownloader.Agent.ASF 20160309
F-Prot New or modified PP97M/Downldr 20160309
F-Secure Trojan:W97M/MaliciousMacro.GEN 20160309
Fortinet WM/Agent!tr 20160309
GData W97M.Downloader.AUD 20160309
Ikarus Trojan-Downloader.VBA.Agent 20160309
Kaspersky Trojan-Downloader.MSExcel.Agent.ce 20160309
McAfee W97M/Downloader!2749949C60A9 20160309
McAfee-GW-Edition W97M/Downloader!2749949C60A9 20160309
Microsoft TrojanDownloader:O97M/Adnel 20160309
eScan W97M.Downloader.AUD 20160309
NANO-Antivirus Trojan.Script.Dridex.eahocq 20160309
nProtect W97M.Downloader.AUD 20160309
Panda O97M/Downloader 20160308
Rising DOC:Heur.Macro.Downloader.e!1616923 [F] 20160309
Sophos Troj/DocDl-BBO 20160309
Symantec W97M.Downloader 20160308
TrendMicro W2KM_DRIDEX.BYX 20160309
TrendMicro-HouseCall W2KM_DRIDEX.BYX 20160309
Yandex 20160308
Alibaba 20160309
AVware 20160309
Baidu 20160225
Baidu-International 20160309
Bkav 20160309
ByteHero 20160309
ClamAV 20160308
CMC 20160307
Comodo 20160309
Jiangmin 20160309
K7AntiVirus 20160309
K7GW 20160309
Malwarebytes 20160309
Qihoo-360 20160309
SUPERAntiSpyware 20160309
Tencent 20160309
TheHacker 20160309
TotalDefense 20160308
VBA32 20160309
VIPRE 20160309
ViRobot 20160309
Zillya 20160309
Zoner 20160309
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 44 bytes
[+] Module2.bas word/vbaProject.bin VBA/Module2 3758 bytes
create-file create-ole handle-file obfuscated open-file write-file
[+] Module1.bas word/vbaProject.bin VBA/Module1 3956 bytes
create-ole obfuscated
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
1
lastModifiedBy
1
revision
2
created
2016-02-12T08:31:00Z
modified
2016-02-12T08:31:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ru-ru
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:02:12 08:31:00Z

ZipRequiredVersion
20

ModifyDate
2016:02:12 08:31:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

HeadingPairs
, 1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
83568
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 a99d6c25218add7ece55b2503666b664
SHA1 6667e9337260abda9090ed89b0235c247264ad7e
SHA256 0dda0877471ac5db18ae6fd73bb18631217c3523a62ac98014dbd0327b7fde4c
ssdeep
768:3HJZwsbthGML499L0oV0Yo8P8GjLOljbURP6r7MHM17:3nnrGlL3ZP8GjL+jbURQ4I7

File size 31.6 KB ( 32310 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated open-file handle-file create-file docx macros attachment write-file create-ole

VirusTotal metadata
First submission 2016-02-12 09:48:11 UTC ( 1 سال، 1 ماه قبل )
Last submission 2016-02-16 14:45:11 UTC ( 1 سال، 1 ماه قبل )
نام های فایل Fixed Penalty Receipt.docm
c9b46fdbc0a377c08796331c787c19cb
بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!