× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
ფაილის სახელი: FTC_kelly.doc
დაფიქსირების შეფარდება: 5 / 56
ანალიზის თარიღი: 2017-04-17 17:46:31 UTC ( 7 თვე, 1 კვირა-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
DrWeb modification of W97M.Suspicious.1 20170417
Fortinet WM/Agent.JU!tr 20170417
McAfee W97M/Dropper.da 20170417
McAfee-GW-Edition W97M/Dropper.da 20170417
Qihoo-360 virus.office.qexvmc.1065 20170417
Ad-Aware 20170417
AegisLab 20170417
AhnLab-V3 20170417
Alibaba 20170417
ALYac 20170417
Antiy-AVL 20170417
Arcabit 20170417
Avast 20170417
AVG 20170417
Avira (no cloud) 20170417
AVware 20170417
Baidu 20170417
BitDefender 20170417
Bkav 20170415
CAT-QuickHeal 20170417
ClamAV 20170417
CMC 20170417
Comodo 20170417
CrowdStrike Falcon (ML) 20170130
Cyren 20170417
Emsisoft 20170417
Endgame 20170413
ESET-NOD32 20170417
F-Prot 20170417
F-Secure 20170417
GData 20170417
Ikarus 20170417
Sophos ML 20170413
Jiangmin 20170417
K7AntiVirus 20170417
K7GW 20170417
Kaspersky 20170417
Kingsoft 20170417
Malwarebytes 20170417
Microsoft 20170417
eScan 20170417
NANO-Antivirus 20170416
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170417
Panda 20170417
Rising 20170417
SentinelOne (Static ML) 20170330
Sophos AV 20170417
SUPERAntiSpyware 20170417
Symantec 20170417
Symantec Mobile Insight 20170414
Tencent 20170417
TheHacker 20170416
TrendMicro 20170417
TrendMicro-HouseCall 20170417
Trustlook 20170417
VBA32 20170417
VIPRE 20170417
ViRobot 20170417
Webroot 20170417
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
ZoneAlarm by Check Point 20170417
Zoner 20170417
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May execute code from Dynamically Linked Libraries.
Summary
last_author
admin
creation_datetime
2017-04-17 10:17:00
author
White
title
page_count
1
last_saved
2017-04-17 10:22:00
edit_time
180
word_count
250
revision_number
4
application_name
Microsoft Office Word
character_count
1426
security
8
code_page
Cyrillic
template
Normal
Document summary
byte_count
11000
characters_with_spaces
1673
line_count
11
version
730895
paragraph_count
3
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8640
type_literal
stream
size
113
name
\x01CompObj
sid
24
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
6163
name
1Table
sid
2
type_literal
stream
size
29704
name
Data
sid
1
type_literal
stream
size
530
name
Macros/PROJECT
sid
17
type_literal
stream
size
101
name
Macros/PROJECTwm
sid
23
type_literal
stream
size
10570
type
macro
name
Macros/VBA/ThisDocument
sid
15
type_literal
stream
size
11273
name
Macros/VBA/_VBA_PROJECT
sid
16
type_literal
stream
size
3474
name
Macros/VBA/__SRP_0
sid
9
type_literal
stream
size
848
name
Macros/VBA/__SRP_1
sid
10
type_literal
stream
size
362
name
Macros/VBA/__SRP_6
sid
11
type_literal
stream
size
66
name
Macros/VBA/__SRP_7
sid
12
type_literal
stream
size
882
name
Macros/VBA/dir
sid
8
type_literal
stream
size
16172
type
macro
name
Macros/VBA/nonfissile
sid
14
type_literal
stream
size
1384
type
macro (only attributes)
name
Macros/VBA/provided
sid
13
type_literal
stream
size
97
name
Macros/provided/\x01CompObj
sid
21
type_literal
stream
size
286
name
Macros/provided/\x03VBFrame
sid
22
type_literal
stream
size
98
name
Macros/provided/f
sid
19
type_literal
stream
size
12228
name
Macros/provided/o
sid
20
type_literal
stream
size
54805
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4171 bytes
[+] nonfissile.bas Macros/VBA/nonfissile 7665 bytes
exe-pattern run-dll
ExifTool file metadata
SharedDoc
No

Author
White

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal

CharCountWithSpaces
1673

CreateDate
2017:04:17 09:17:00

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2017:04:17 09:22:00

HyperlinksChanged
No

Characters
1426

ScaleCrop
No

RevisionNumber
4

MIMEType
application/msword

Words
250

Bytes
11000

FileType
DOC

Lines
11

AppVersion
11.9999

Security
Locked for annotations

Software
Microsoft Office Word

TotalEditTime
3.0 minutes

Pages
1

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
3

Compressed bundles
File identification
MD5 5d05405bc55702acc7784e30c9dac56e
SHA1 da6be008dc8443e57d9364397e84f247cc859959
SHA256 c884712b924af42a0c22c387a5ed811e03f9c0748a0625c19c143f33b0834452
ssdeep
3072:8T+57zn6BGMjmVNKe5Y7OnPOyqHPnyeachEh46mIJ0cZNF8RF8:8T+5q8MBe5VO/vnyeaYEh46zXNFYF

File size 163.0 კბ ( 166912 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: White, Template: Normal, Last Saved By: admin, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Sun Apr 16 09:17:00 2017, Last Saved Time/Date: Sun Apr 16 09:22:00 2017, Number of Pages: 1, Number of Words: 250, Number of Characters: 1426, Security: 8

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-dll exe-pattern doc

VirusTotal metadata
First submission 2017-04-17 14:32:14 UTC ( 7 თვე, 1 კვირა-ის წინ )
Last submission 2017-07-22 06:52:27 UTC ( 4 თვე-ის წინ )
ფაილის სახელები FTC_i.rzayev.doc
FTC_daniel.v.snyder.doc
FTC_jeroen.murre.doc
FTC_jennie.r.sadosky.doc
FTC_nicole.kinskofer.doc
FTC_saltman.doc
FTC_skr-gst.doc
FTC_autumn.b.humphrey.doc
FTC_dano.doc
FTC_schan.doc
FTC_birgitta.danielson.doc
FTC_thorsdal.doc
FTC_kyoko.yokoyama.doc
FTC_michelle.soliz.doc
FTC_briley.doc
FTC_dennis.healy.doc
FTC_karasvn.doc
FTC_bethany.aiardo.doc
FTC_yoyaku.doc
FTC_woodhaml.doc
FTC_sbakos.doc
FTC_helpdesk.bstl.doc
FTC_bruce.weaver.doc
FTC_lholbeche.doc
FTC_joel.butler.doc
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!