× Cookies er deaktivert! Denne siden krever at cookies er aktivert for å fungere optimalt.
SHA256: 5b4572712f5165ffc3007c6df0de1051c6ca19c9db3797c9230447b405ad6cc8
Filnavn: 01 Documents.doc
Deteksjonsrate: 6 / 55
Analysedato: 2017-04-13 11:46:57 UTC ( 4 måneder, 1 uke siden ) Se siste
Antivirus Resultat Oppdatér
Arcabit HEUR.VBA.Trojan.e 20170413
Ikarus Win32.Outbreak 20170413
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20170413
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170413
Qihoo-360 virus.office.qexvmc.1075 20170413
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170413
Ad-Aware 20170413
AegisLab 20170413
AhnLab-V3 20170413
Alibaba 20170413
Antiy-AVL 20170413
Avast 20170413
AVG 20170413
Avira (no cloud) 20170413
AVware 20170410
Baidu 20170411
BitDefender 20170413
Bkav 20170413
CAT-QuickHeal 20170412
ClamAV 20170413
CMC 20170413
Comodo 20170413
CrowdStrike Falcon (ML) 20170130
Cyren 20170413
DrWeb 20170413
Emsisoft 20170413
Endgame 20170413
ESET-NOD32 20170413
F-Prot 20170413
F-Secure 20170413
Fortinet 20170413
GData 20170413
Sophos ML 20170203
Jiangmin 20170413
K7AntiVirus 20170413
K7GW 20170413
Kingsoft 20170413
Malwarebytes 20170413
McAfee 20170412
McAfee-GW-Edition 20170413
Microsoft 20170413
eScan 20170413
nProtect 20170413
Palo Alto Networks (Known Signatures) 20170413
Panda 20170413
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170413
SUPERAntiSpyware 20170413
Symantec 20170412
Symantec Mobile Insight 20170413
Tencent 20170413
TheHacker 20170412
TrendMicro 20170413
TrendMicro-HouseCall 20170413
Trustlook 20170413
VBA32 20170413
VIPRE 20170412
ViRobot 20170413
Webroot 20170413
WhiteArmor 20170409
Yandex 20170413
Zillya 20170413
Zoner 20170413
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-04-13 09:37:00
template
Normal
author
Accounting
page_count
1
last_saved
2017-04-13 09:37:00
word_count
114
revision_number
2
application_name
Microsoft Office Word
character_count
655
code_page
Cyrillic
Document summary
line_count
5
characters_with_spaces
768
content_status
Final
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
12096
type_literal
stream
size
121
name
\x01CompObj
sid
20
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
7191
name
1Table
sid
2
type_literal
stream
size
10221
name
Data
sid
1
type_literal
stream
size
539
name
Macros/PROJECT
sid
19
type_literal
stream
size
89
name
Macros/PROJECTwm
sid
18
type_literal
stream
size
2965
type
macro
name
Macros/VBA/Module1
sid
9
type_literal
stream
size
1134
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
1220
type
macro (only attributes)
name
Macros/VBA/Window1
sid
10
type_literal
stream
size
3422
name
Macros/VBA/_VBA_PROJECT
sid
11
type_literal
stream
size
837
name
Macros/VBA/dir
sid
12
type_literal
stream
size
97
name
Macros/Window1/\x01CompObj
sid
16
type_literal
stream
size
288
name
Macros/Window1/\x03VBFrame
sid
17
type_literal
stream
size
351
name
Macros/Window1/f
sid
14
type_literal
stream
size
628
name
Macros/Window1/o
sid
15
type_literal
stream
size
4654
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 42 bytes
[+] Module1.bas Macros/VBA/Module1 834 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
Accounting

CodePage
Windows Cyrillic

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1

Template
Normal

CharCountWithSpaces
768

CreateDate
2017:04:13 08:37:00

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:04:13 08:37:00

HyperlinksChanged
No

Tag_MarkAsFinal
-1

Characters
655

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
114

FileType
DOC

Lines
5

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 8f95c733a4c70672a41af47f6becfb02
SHA1 2ab7533408d5634c1cee9b2991e2c972c781356d
SHA256 5b4572712f5165ffc3007c6df0de1051c6ca19c9db3797c9230447b405ad6cc8
ssdeep
384:vRuKE8nIJDUL75sGIMyh+VXmbPfgbVdXyGcS2rlieKLRcZh6jesEJLGeX0juR4OO:vRuNxDUL7efMpbV6r5K4hqonRpC/pR

File size 47.5 KB ( 48640 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Accounting, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 12 08:37:00 2017, Last Saved Time/Date: Wed Apr 12 08:37:00 2017, Number of Pages: 1, Number of Words: 114, Number of Characters: 655, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-04-13 10:14:10 UTC ( 4 måneder, 1 uke siden )
Last submission 2017-05-02 11:10:07 UTC ( 3 måneder, 3 uker siden )
Filnavn 7bef97fb00c155a34c590e34bcc64c97
Documents.txt.doc
ef4957a28ca0c4ee80a4156304a6c7feead9dda1
MALICIOUS DOC
Documents.doc
01 Documents.doc
Documents.doc
Ingen kommentarer. Ingen av VirusTotals medlemmer har kommentert denne enheten, bli den første til å gjøre det!

Skriv en kommentar...

?
Send kommentar

Du har ikke logget inn. Bare registrerte brukere kan skrive kommentarer. Logg inn og bli hørt!

Ingen stemmer. Ingen har stemt på denne ennå, bli den første til å gjøre det!