× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: a1cf9698dc5d818e442868938aa11b9f8c78b1e5fc680f4d4e26c7cb5965a5d9
نام فایل: FedEx.doc
نرخ کشف: 4 / 54
تاریخ تحلیل: 2016-11-28 12:14:19 UTC ( 2 سال، 5 ماه قبل ) آخرین نمایش
آنتی ویروس نتایج بروزرسانی
Avast VBA:Downloader-DSE [Trj] 20161128
AVware LooksLike.Macro.Malware.k (v) 20161128
Baidu VBA.Trojan-Downloader.Agent.aza 20161128
VIPRE LooksLike.Macro.Malware.k (v) 20161128
Ad-Aware 20161128
AegisLab 20161128
AhnLab-V3 20161128
Alibaba 20161128
ALYac 20161128
Antiy-AVL 20161128
Arcabit 20161128
AVG 20161128
Avira (no cloud) 20161128
BitDefender 20161128
Bkav 20161128
CAT-QuickHeal 20161128
ClamAV 20161128
CMC 20161128
Comodo 20161128
CrowdStrike Falcon (ML) 20161024
Cyren 20161128
DrWeb 20161128
Emsisoft 20161128
ESET-NOD32 20161128
F-Prot 20161128
F-Secure 20161128
Fortinet 20161128
GData 20161128
Ikarus 20161128
Sophos ML 20161018
Jiangmin 20161128
K7AntiVirus 20161128
K7GW 20161128
Kaspersky 20161128
Kingsoft 20161128
Malwarebytes 20161128
McAfee 20161128
McAfee-GW-Edition 20161128
Microsoft 20161128
eScan 20161128
NANO-Antivirus 20161128
nProtect 20161128
Panda 20161127
Qihoo-360 20161128
Rising 20161128
Sophos AV 20161128
SUPERAntiSpyware 20161128
Symantec 20161128
Tencent 20161128
TheHacker 20161126
TrendMicro 20161128
TrendMicro-HouseCall 20161128
Trustlook 20161128
VBA32 20161125
ViRobot 20161128
WhiteArmor 20161125
Yandex 20161127
Zillya 20161125
Zoner 20161128
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
slave
creation_datetime
2016-08-19 15:14:00
revision_number
614
author
slave
page_count
1
last_saved
2016-11-28 09:51:00
edit_time
25140
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RePack by SPecialiST
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8000
type_literal
stream
sid
18
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8770
type_literal
stream
sid
1
name
Data
size
38552
type_literal
stream
sid
17
name
Macros/PROJECT
size
485
type_literal
stream
sid
16
name
Macros/PROJECTwm
size
65
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module1
size
6603
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1725
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
3018
type_literal
stream
sid
14
name
Macros/VBA/__SRP_0
size
1221
type_literal
stream
sid
15
name
Macros/VBA/__SRP_1
size
106
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
304
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
13
name
Macros/VBA/dir
size
570
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 318 bytes
run-file
[+] Module1.bas Macros/VBA/Module1 2935 bytes
ExifTool file metadata
SharedDoc
No

Author
slave

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
slave

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Office Word 97-2003

ModifyDate
2016:11:28 08:51:00

Company
RePack by SPecialiST

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
614

MIMEType
application/msword

Words
0

CreateDate
2016:08:19 13:14:00

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
7.0 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 0ffd7c95519e9006cffe2084e72101a8
SHA1 1934a20cfba9b4acf7cdffc49971f03d4f0383fb
SHA256 a1cf9698dc5d818e442868938aa11b9f8c78b1e5fc680f4d4e26c7cb5965a5d9
ssdeep
1536:nJc5C7U9KCP6pBQGsHHSXfSLHbxCxINdFQw:nJc51syUQdHyXAbxCxg

File size 78.0 KB ( 79872 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: slave, Template: Normal.dotm, Last Saved By: slave, Revision Number: 614, Name of Creating Application: Microsoft Office Word, Total Editing Time: 06:59:00, Create Time/Date: Thu Aug 18 14:14:00 2016, Last Saved Time/Date: Sun Nov 27 08:51:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2016-11-28 10:01:02 UTC ( 2 سال، 5 ماه قبل )
Last submission 2019-01-01 12:47:35 UTC ( 4 ماه، 3 هفته قبل )
نام های فایل bbe718656c2967fa54c8acfc4b52fe6d
e408eb0271f3cd3f8c25c00e7bd5931d
FedEx.doc
0d20274f43bba5246337ff91ce448274
a1cf9698dc5d818e442868938aa11b9f8c78b1e5fc680f4d4e26c7cb5965a5d9.dat
f019ebef8d01e8bb0fe3b1d452cb91d8
FedEx2.doc.txt
بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!