× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ფაილის სახელი: SUPEE-9789.doc
დაფიქსირების შეფარდება: 36 / 59
ანალიზის თარიღი: 2018-05-13 00:00:26 UTC ( 1 კვირა-ის წინ )
ანტივირუსი შედეგები განახლება
Ad-Aware VB:Trojan.Valyria.406 20180512
AegisLab Troj.Script.Agent!c 20180512
ALYac VB:Trojan.Valyria.406 20180512
Antiy-AVL Trojan[Downloader]/MSOffice.Agent 20180512
Arcabit HEUR.VBA.Trojan.e 20180512
Avast VBA:Downloader-EYG [Trj] 20180512
AVG VBA:Downloader-EYG [Trj] 20180512
Avira (no cloud) W97M/Agent.88345262 20180512
Baidu VBA.Trojan-Downloader.Agent.bjw 20180511
BitDefender VB:Trojan.Valyria.406 20180512
CAT-QuickHeal W97M.Downloader.AJX 20180512
ClamAV Doc.Downloader.Heuristic-6312759-0 20180512
Cyren W97M/Agent 20180512
Emsisoft VB:Trojan.Valyria.406 (B) 20180512
ESET-NOD32 VBA/TrojanDownloader.Agent.DDI 20180512
F-Prot New or modified W97M/Agent 20180512
F-Secure VB:Trojan.Valyria.406 20180512
Fortinet WM/Agent.IRC!tr.dldr 20180512
GData Macro.Trojan-Downloader.TeslaCrypt.AC 20180512
Ikarus Trojan-Downloader.VBA.Agent 20180512
Kaspersky HEUR:Trojan.Script.Agent.gen 20180512
MAX malware (ai score=99) 20180513
McAfee W97M/Downloader.bxx 20180512
McAfee-GW-Edition BehavesLike.Downloader.cg 20180512
Microsoft Trojan:O97M/Madeba.A!det 20180512
eScan VB:Trojan.Valyria.406 20180512
NANO-Antivirus Trojan.Script.Agent.epyrxh 20180512
nProtect Suspicious/W97M.Obfus.Gen 20180512
Panda O97M/Downloader 20180512
Qihoo-360 virus.office.qexvmc.1100 20180513
Symantec W97M.Downloader 20180512
Tencent Win32.Trojan.Agent.Szky 20180513
TrendMicro HEUR_VBA.O.ELBP 20180512
TrendMicro-HouseCall Suspicious_GEN.F47V0217 20180512
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180512
Zoner Probably W97Obfuscated 20180512
AhnLab-V3 20180512
Alibaba 20180511
Avast-Mobile 20180512
AVware 20180428
Babable 20180406
Bkav 20180511
CMC 20180512
Comodo 20180512
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180513
eGambit 20180513
Endgame 20180507
Sophos ML 20180503
Jiangmin 20180512
K7AntiVirus 20180512
K7GW 20180512
Kingsoft 20180513
Malwarebytes 20180512
Palo Alto Networks (Known Signatures) 20180513
Rising 20180512
SentinelOne (Static ML) 20180225
Sophos AV 20180512
SUPERAntiSpyware 20180512
Symantec Mobile Insight 20180511
TheHacker 20180509
TotalDefense 20180512
Trustlook 20180513
VBA32 20180511
VIPRE 20180512
ViRobot 20180512
Webroot 20180513
Yandex 20180511
Zillya 20180511
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
admin
creation_datetime
2017-04-20 19:05:00
author
admin
title
info
page_count
1
last_saved
2017-04-20 19:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
94208
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7616
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7417
type_literal
stream
sid
1
name
Data
size
73453
type_literal
stream
sid
19
name
Macros/PROJECT
size
484
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module1
size
2147
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module2
size
32199
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module3
size
31957
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
1127
type_literal
stream
sid
14
name
Macros/VBA/_VBA_PROJECT
size
12400
type_literal
stream
sid
16
name
Macros/VBA/__SRP_0
size
1956
type_literal
stream
sid
17
name
Macros/VBA/__SRP_1
size
198
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
348
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
106
type_literal
stream
sid
15
name
Macros/VBA/dir
size
713
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 588 bytes
[+] Module2.bas Macros/VBA/Module2 14091 bytes
create-file create-ole handle-file open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 13779 bytes
ExifTool file metadata
SharedDoc
No

Author
admin

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:04:20 19:05:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:04:20 19:05:00

Company
home

Title
info

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
94208

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 c3d03f0eedf1b1e222130b478b3ab231
SHA1 c59897166ba1ce057ca290370af214990be9d730
SHA256 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ssdeep
3072:gTTwHo66OblnBQMFCESpcSO6iNAJWq3gouW3kVxaX:3HXRblnBvFCESpcSYouW

File size 180.0 კბ ( 184320 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: info, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 19 19:05:00 2017, Last Saved Time/Date: Wed Apr 19 19:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file handle-file doc create-file run-file macros write-file create-ole

VirusTotal metadata
First submission 2017-04-21 07:30:11 UTC ( 1 წელი-ის წინ )
Last submission 2018-05-13 00:00:26 UTC ( 1 კვირა-ის წინ )
ფაილის სახელები SUPEE-9789.doc
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!