× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 8d5259dd99cc605b19cd5a176c46503f29c7a61107013f5f97180a1fc84d001e
Nom du fichier : 20170123142429.747055-Dinformation.doc_infected
Ratio de détection : 5 / 54
Date d'analyse : 2017-01-23 13:24:30 UTC (il y a 2 ans, 4 mois) Voir les derniers
Antivirus Résultat Mise à jour
Avast VBA:Downloader-DKE [Trj] 20170123
AVware LooksLike.Macro.Malware.k (v) 20170123
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170123
Qihoo-360 virus.office.obfuscated.1 20170123
VIPRE LooksLike.Macro.Malware.k (v) 20170123
Ad-Aware 20170123
AegisLab 20170123
AhnLab-V3 20170123
Alibaba 20170122
ALYac 20170123
Antiy-AVL 20170123
Arcabit 20170123
AVG 20170123
Avira (no cloud) 20170123
Baidu 20170123
BitDefender 20170123
CAT-QuickHeal 20170123
ClamAV 20170123
CMC 20170123
Comodo 20170123
CrowdStrike Falcon (ML) 20161024
Cyren 20170123
DrWeb 20170123
Emsisoft 20170123
ESET-NOD32 20170123
F-Prot 20170123
Fortinet 20170123
GData 20170123
Ikarus 20170123
Sophos ML 20170111
Jiangmin 20170123
K7AntiVirus 20170123
K7GW 20170123
Kaspersky 20170123
Kingsoft 20170123
Malwarebytes 20170123
McAfee 20170123
McAfee-GW-Edition 20170123
Microsoft 20170123
eScan 20170123
NANO-Antivirus 20170123
nProtect 20170123
Panda 20170122
Rising 20170123
Sophos AV 20170123
SUPERAntiSpyware 20170123
Symantec 20170122
Tencent 20170123
TheHacker 20170117
TotalDefense 20170123
TrendMicro 20170123
TrendMicro-HouseCall 20170123
Trustlook 20170123
VBA32 20170123
ViRobot 20170123
WhiteArmor 20170123
Yandex 20170122
Zillya 20170120
Zoner 20170123
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
slave
creation_datetime
2017-01-19 11:58:00
revision_number
9
author
jason
page_count
1
last_saved
2017-01-19 12:04:00
edit_time
180
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RePack by SPecialiST
characters_with_spaces
1
version
983040
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
13120
type_literal
stream
sid
19
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
7134
type_literal
stream
sid
18
name
Macros/PROJECT
size
585
type_literal
stream
sid
17
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module1
size
3224
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module2
size
1074
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module3
size
4346
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1917
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
3376
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
1325
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
114
type_literal
stream
sid
8
name
Macros/VBA/__SRP_2
size
304
type_literal
stream
sid
9
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
14
name
Macros/VBA/dir
size
619
type_literal
stream
sid
2
name
WordDocument
size
41994
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 406 bytes
create-ole obfuscated
[+] Module1.bas Macros/VBA/Module1 1313 bytes
[+] Module2.bas Macros/VBA/Module2 179 bytes
exe-pattern
[+] Module3.bas Macros/VBA/Module3 1609 bytes
ExifTool file metadata
SharedDoc
No

Author
jason

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
slave

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:01:19 10:58:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:01:19 11:04:00

ScaleCrop
No

Company
RePack by SPecialiST

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
9

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
3.0 minutes

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 7bf7a625c382568da910e86b7b332da1
SHA1 47def992cb4c04ea261b170bba2bd33115ead141
SHA256 8d5259dd99cc605b19cd5a176c46503f29c7a61107013f5f97180a1fc84d001e
ssdeep
1536:8Jc5C7U9KCP6pBQGsHHSXfSLHbxCIqCWbq:8Jc51syUQdHyXAbxCAWb

File size 79.0 KB ( 80896 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: jason, Template: Normal.dotm, Last Saved By: slave, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Wed Jan 18 10:58:00 2017, Last Saved Time/Date: Wed Jan 18 11:04:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated exe-pattern doc macros attachment create-ole

VirusTotal metadata
First submission 2017-01-23 13:00:49 UTC (il y a 2 ans, 4 mois)
Last submission 2017-04-10 15:46:27 UTC (il y a 2 ans, 1 mois)
Noms du fichier 89485f793e7cbde44734c1398f1e7fbb
8f06eddc05ca29a8a59111ae0cfb5662
7eae7b0d753bb43d457957aaf83cc49d
049a6ce8ef0c2a7342d23aa10ccd2b9a
9dc5526aec6ed293ef12337381d993d3
80b95edb8f761e4cfd80f2835b6e4618
da4b2d2fbf5ed7815e4c9e0ccda7fd71
645afa9bdd49749dc90af820edb40d15
1516ab8640a15ef57d12d42a245469bf
ef1d3ed94ebecb58f1c590ac0203eb05
d29d54ce66973918055ccd894c5840ac
b0aeec279f5038208128c69aa8f94dbd
eded5de10feed8ea187f661c6783b693
6a84e78a317d051944f5899807ba390b
c0138e16ad5b61e5534cecfaaf9fc56d
information.doc
0b933c9bd3d2a0ff59622d59f019dc3a
5556cf5ac96f85cacb8f9f1e962b9f6d
4051951f6d45c370930b08afc6249d4e
39ef65411f42d10aa99d456f20db8086
18935abcc200ea44856a484143a7d237
9e52311c87577bdd57d8826048c10f5d
94dd5449b344ad714662cd4808f8ecaf
565d7c4822808109e10813199124a280
479a993ea718a81bd644ecfa08471269
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !