× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: aa86a97ed059b08289199a9b9775040313b54b5ada19a501e5cf81553f7d0801
파일 이름: Secure.doc
탐지 비율: 7 / 58
분석 날짜: 2017-08-03 10:39:52 UTC ( 1년, 9개월 전 ) 최신 보기
안티바이러스 결과 업데이트
Arcabit HEUR.VBA.Trojan.e 20170803
Baidu VBA.Trojan-Downloader.Agent.bsw 20170803
Fortinet WM/Agent.DCU!tr.dldr 20170803
Ikarus Win32.Outbreak 20170803
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170803
Qihoo-360 virus.office.qexvmc.1080 20170803
Tencent Macro.Trojan.Dropperx.Auto 20170803
Ad-Aware 20170803
AegisLab 20170803
AhnLab-V3 20170802
Alibaba 20170803
ALYac 20170803
Antiy-AVL 20170803
Avast 20170803
AVG 20170803
Avira (no cloud) 20170803
AVware 20170803
BitDefender 20170803
Bkav 20170803
CAT-QuickHeal 20170803
ClamAV 20170803
CMC 20170803
Comodo 20170803
CrowdStrike Falcon (ML) 20170710
Cylance 20170803
Cyren 20170803
DrWeb 20170803
Emsisoft 20170803
Endgame 20170721
ESET-NOD32 20170803
F-Prot 20170803
F-Secure 20170803
GData 20170803
Sophos ML 20170607
Jiangmin 20170803
K7AntiVirus 20170803
K7GW 20170803
Kaspersky 20170803
Kingsoft 20170803
Malwarebytes 20170803
MAX 20170803
McAfee 20170803
McAfee-GW-Edition 20170803
Microsoft 20170803
eScan 20170803
nProtect 20170803
Palo Alto Networks (Known Signatures) 20170803
Panda 20170802
Rising 20170803
SentinelOne (Static ML) 20170718
Sophos AV 20170803
SUPERAntiSpyware 20170803
Symantec 20170803
Symantec Mobile Insight 20170803
TheHacker 20170801
TrendMicro 20170803
TrendMicro-HouseCall 20170803
Trustlook 20170803
VBA32 20170801
VIPRE 20170803
ViRobot 20170803
Webroot 20170803
WhiteArmor 20170731
Yandex 20170801
Zillya 20170803
ZoneAlarm by Check Point 20170803
Zoner 20170803
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-08-03 09:52:00
revision_number
9
author
Enpor Support
page_count
1
last_saved
2017-08-03 10:00:00
edit_time
180
word_count
81
template
Normal
application_name
Microsoft Office Word
character_count
464
code_page
Cyrillic
Document summary
line_count
3
characters_with_spaces
544
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
13056
type_literal
stream
sid
20
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7842
type_literal
stream
sid
1
name
Data
size
14659
type_literal
stream
sid
19
name
Macros/PROJECT
size
552
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
16
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
17
name
Macros/UserForm1/\x03VBFrame
size
299
type_literal
stream
sid
14
name
Macros/UserForm1/f
size
355
type_literal
stream
sid
15
name
Macros/UserForm1/o
size
768
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
3781
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
1133
type_literal
stream
sid
10
type
macro (only attributes)
name
Macros/VBA/UserForm1
size
1189
type_literal
stream
sid
11
name
Macros/VBA/_VBA_PROJECT
size
3467
type_literal
stream
sid
12
name
Macros/VBA/dir
size
842
type_literal
stream
sid
3
name
WordDocument
size
4660
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 33 bytes
[+] Module1.bas Macros/VBA/Module1 1034 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
Enpor Support

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1

Hyperlinks
http://www.nationwide.co.uk/pgp

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
544

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:08:03 09:00:00

Characters
464

CodePage
Windows Cyrillic

RevisionNumber
9

MIMEType
application/msword

Words
81

CreateDate
2017:08:03 08:52:00

Lines
3

AppVersion
12.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
3 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 c9948add2dc68b9e0e91a0b004637920
SHA1 41e8ce9bd1819bc84e4d9595c5d2589cb7b15aa6
SHA256 aa86a97ed059b08289199a9b9775040313b54b5ada19a501e5cf81553f7d0801
ssdeep
384:S4EvgqdeonoxfJZDJudMl/2IUU/WQgsbyGcS2rKWKjmkOXV5sMzR7j8ueX0juR40:WgUoNJTudSgRtrbK7OXzsdRuoISp

File size 53.5 KB ( 54784 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Enpor Support, Template: Normal, Last Saved By: user, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Wed Aug 02 08:52:00 2017, Last Saved Time/Date: Wed Aug 02 09:00:00 2017, Number of Pages: 1, Number of Words: 81, Number of Characters: 464, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-08-03 10:04:16 UTC ( 1년, 9개월 전 )
Last submission 2018-04-28 07:30:10 UTC ( 1년 전 )
파일 이름 41e8ce9bd1819bc84e4d9595c5d2589cb7b15aa6
Secure.doc
201708031035v73AZ7R1013206_Secure.doc
aa86a97ed059b08289199a9b9775040313b54b5ada19a501e5cf81553f7d0801.bin
virus-59.doc
Secure.doc
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!