× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: 027d37e56f9878cb334d35ebe49080061f9c5436e6d7c8f67fd732fe3ff85001
Ime datoteke: SINV0711.docm
Omjer otkrivanja: 9 / 59
Datum analize: 2017-08-24 19:22:27 UTC (prije 1 godina, 8 mjeseci) Pogledaj posljednje
Antivirus Rezultat Ažuriranje
Arcabit HEUR.VBA.Trojan.d 20170824
Baidu VBA.Trojan-Downloader.Agent.bpu 20170824
CAT-QuickHeal O97m.Trickbot.A 20170824
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170824
Fortinet WM/Agent.AP!tr.dldr 20170824
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20170824
Qihoo-360 virus.office.obfuscated.1 20170824
TrendMicro HEUR_VBA.O2 20170824
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170824
Ad-Aware 20170824
AegisLab 20170824
AhnLab-V3 20170824
Alibaba 20170824
ALYac 20170824
Antiy-AVL 20170824
Avast 20170824
AVG 20170824
Avira (no cloud) 20170824
AVware 20170824
BitDefender 20170824
ClamAV 20170824
CMC 20170824
Comodo 20170824
CrowdStrike Falcon (ML) 20170804
Cylance 20170824
Cyren 20170824
DrWeb 20170824
Emsisoft 20170824
Endgame 20170821
ESET-NOD32 20170824
F-Prot 20170824
GData 20170824
Ikarus 20170824
Sophos ML 20170822
Jiangmin 20170824
K7AntiVirus 20170824
K7GW 20170821
Kingsoft 20170824
Malwarebytes 20170824
MAX 20170824
McAfee 20170824
McAfee-GW-Edition 20170824
Microsoft 20170824
eScan 20170824
NANO-Antivirus 20170824
nProtect 20170824
Palo Alto Networks (Known Signatures) 20170824
Panda 20170824
Rising 20170824
SentinelOne (Static ML) 20170806
Sophos AV 20170824
SUPERAntiSpyware 20170824
Symantec 20170824
Symantec Mobile Insight 20170824
Tencent 20170824
TheHacker 20170821
TotalDefense 20170824
TrendMicro-HouseCall 20170824
Trustlook 20170824
VBA32 20170824
VIPRE 20170824
ViRobot 20170824
Webroot 20170824
WhiteArmor 20170817
Yandex 20170823
Zillya 20170824
Zoner 20170824
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 479 bytes
[+] Rape.cls word/vbaProject.bin VBA/Rape 1544 bytes
write-file
[+] Class1.cls word/vbaProject.bin VBA/Class1 7098 bytes
obfuscated
[+] OXIPL.cls word/vbaProject.bin VBA/OXIPL 1169 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 620 bytes
[+] Module2.bas word/vbaProject.bin VBA/Module2 17164 bytes
create-ole obfuscated open-file write-file
[+] Module3.bas word/vbaProject.bin VBA/Module3 1361 bytes
create-ole
Content types
bin
rels
jpg
png
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
6
dcterms:created
2017-08-24T18:16:00Z
dcterms:modified
2017-08-24T18:57:00Z
cp:contentStatus
Microsoft.XMLHTTPFURRYAdodb.streaMFURRYshell.ApplicationFURRYWscript.shellFURRYProcessFURRYGeTFURRYTeMPFURRYTypeFURRYopenFURRYwriteFURRYresponseBodyFURRYsavetofileFURRY\\agraba.exe
Application document properties
Template
Normal.dotm
TotalTime
8
Pages
1
Words
42
Characters
241
Application
Microsoft Office Word
DocSecurity
0
Lines
2
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
282
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
3
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2017:08:24 18:57:00Z

ZipCRC
0x00d083ea

Words
42

ScaleCrop
No

RevisionNumber
6

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2017:08:24 18:16:00Z

Lines
2

AppVersion
16.0

ZipUncompressedSize
1554

ZipCompressedSize
407

Characters
241

CharactersWithSpaces
282

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
8 minutes

ZipCompression
Deflated

Pages
1

Creator
1

FileTypeExtension
docm

Paragraphs
1

ContentStatus
Microsoft.XMLHTTPFURRYAdodb.streaMFURRYshell.ApplicationFURRYWscript.shellFURRYProcessFURRYGeTFURRYTeMPFURRYTypeFURRYopenFURRYwriteFURRYresponseBodyFURRYsavetofileFURRY\agraba.exe

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
207761
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
png
1
jpg
1
Contained files by type
XML
13
Microsoft Office
1
PNG
1
JPG
1
Compressed bundles
File identification
MD5 cd34fbcae9fe84635c12a9ba1ee48f8c
SHA1 718202cb067addf8b7c81e1d90958b341c0dd1e5
SHA256 027d37e56f9878cb334d35ebe49080061f9c5436e6d7c8f67fd732fe3ff85001
ssdeep
3072:/102gwY4HAVUKneup7y6+FlvvgFsvoJF54+5Toiq+099V:m2LxN2eup7y6+fvYGCF7MiY7

File size 117.5 KB ( 120314 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file docx macros write-file create-ole

VirusTotal metadata
First submission 2017-08-24 19:22:27 UTC (prije 1 godina, 8 mjeseci)
Last submission 2017-08-24 20:59:26 UTC (prije 1 godina, 8 mjeseci)
Imena datoteka SINV0711.docm
SINV0711.rar
SINV0711.docm
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!