× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 689758d11e57287c809250a14b38fa2833b2c7895a7823562fca85e87c740b84
Nazwa pliku: 0797cb4d70a6b2cd187f29e1118894bd.doc
Współczynnik wykrycia: 5 / 58
Data analizy: 2017-07-13 10:43:11 UTC ( 1 rok, 10 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Arcabit HEUR.VBA.Trojan.e 20170713
Ikarus Win32.Outbreak 20170713
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170713
Qihoo-360 virus.office.obfuscated.4 20170713
Tencent Macro.Trojan.Dropperx.Auto 20170713
Ad-Aware 20170713
AegisLab 20170713
AhnLab-V3 20170713
Alibaba 20170713
ALYac 20170713
Antiy-AVL 20170713
Avast 20170713
AVG 20170713
Avira (no cloud) 20170713
AVware 20170713
Baidu 20170713
BitDefender 20170713
Bkav 20170713
CAT-QuickHeal 20170713
ClamAV 20170713
CMC 20170713
Comodo 20170713
CrowdStrike Falcon (ML) 20170420
Cylance 20170713
Cyren 20170713
DrWeb 20170713
Emsisoft 20170713
Endgame 20170706
ESET-NOD32 20170713
F-Prot 20170713
F-Secure 20170713
Fortinet 20170629
GData 20170713
Sophos ML 20170607
Jiangmin 20170713
K7AntiVirus 20170713
K7GW 20170713
Kaspersky 20170713
Kingsoft 20170713
Malwarebytes 20170713
MAX 20170713
McAfee 20170713
McAfee-GW-Edition 20170713
Microsoft 20170713
eScan 20170713
nProtect 20170713
Palo Alto Networks (Known Signatures) 20170713
Panda 20170712
Rising 20170713
SentinelOne (Static ML) 20170516
Sophos AV 20170713
SUPERAntiSpyware 20170713
Symantec 20170713
Symantec Mobile Insight 20170713
TheHacker 20170712
TrendMicro 20170713
TrendMicro-HouseCall 20170713
Trustlook 20170713
VBA32 20170713
VIPRE 20170713
ViRobot 20170713
Webroot 20170713
WhiteArmor 20170713
Yandex 20170712
Zillya 20170712
ZoneAlarm by Check Point 20170713
Zoner 20170713
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-07-13 06:16:00
author
Admin
title
confidential documents
page_count
1
last_saved
2017-07-13 10:04:00
edit_time
1980
word_count
32
revision_number
3
application_name
Microsoft Office Word
character_count
186
code_page
Cyrillic
template
tf03991841
Document summary
line_count
1
company
Lloyds Bank
characters_with_spaces
217
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
16064
type_literal
stream
sid
30
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4972
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8911
type_literal
stream
sid
1
name
Data
size
6923
type_literal
stream
sid
29
name
Macros/PROJECT
size
609
type_literal
stream
sid
28
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
26
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
27
name
Macros/UserForm1/\x03VBFrame
size
291
type_literal
stream
sid
24
name
Macros/UserForm1/f
size
350
type_literal
stream
sid
25
name
Macros/UserForm1/o
size
816
type_literal
stream
sid
19
type
macro
name
Macros/VBA/Module1
size
3819
type_literal
stream
sid
18
type
macro
name
Macros/VBA/ThisDocument
size
1141
type_literal
stream
sid
20
type
macro
name
Macros/VBA/UserForm1
size
1530
type_literal
stream
sid
21
name
Macros/VBA/_VBA_PROJECT
size
3597
type_literal
stream
sid
22
name
Macros/VBA/dir
size
844
type_literal
stream
sid
14
name
MsoDataStore/E\xcaHX\xc3\xc1UJ5\xd4\xd6\xca\xdcLBULB1\xc7\xca\xc0==/Item
size
306
type_literal
stream
sid
15
name
MsoDataStore/E\xcaHX\xc3\xc1UJ5\xd4\xd6\xca\xdcLBULB1\xc7\xca\xc0==/Properties
size
341
type_literal
stream
sid
8
name
MsoDataStore/\xc1\xd8\xd4RI\xc2\xcbFOUSZW\xc1\xc6Z\xcdCSRS\xd0==/Item
size
213
type_literal
stream
sid
9
name
MsoDataStore/\xc1\xd8\xd4RI\xc2\xcbFOUSZW\xc1\xc6Z\xcdCSRS\xd0==/Properties
size
335
type_literal
stream
sid
11
name
MsoDataStore/\xddC\xca4\xcc\xd0\xdaQ\xdbEK\xc4R\xcc\xcfK\xdeSOM\xcbA==/Item
size
58402
type_literal
stream
sid
12
name
MsoDataStore/\xddC\xca4\xcc\xd0\xdaQ\xdbEK\xc4R\xcc\xcfK\xdeSOM\xcbA==/Properties
size
1088
type_literal
stream
sid
3
name
WordDocument
size
4670
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 49 bytes
[+] Module1.bas Macros/VBA/Module1 1009 bytes
obfuscated run-file
[+] UserForm1.frm Macros/VBA/UserForm1 105 bytes
ExifTool file metadata
SharedDoc
No

Author
Admin

ShowIn
Show everywhere

CodePage
Windows Cyrillic

IntlLangReview
0

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
Title, 1

EditorialStatus
Complete

Identification
Word 8.0

Template
tf03991841

CharCountWithSpaces
217

TemplateTemplateType
Word Document Template

Word97
No

IsDeleted
0

CrawlForDependencies
0

MarketSpecific
0

CSXUpdate
0

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:07:13 09:04:00

ContentTypeId
0x0101006EDDDB5EE6D98C44930B742096920B300400F5B6D36B3EF94B4E9A635CDF2A18F5B8

IsSearchable
1

Downloads
0

Title
confidential documents

AcquiredFrom
Internal MS

Words
32

BlockPublish
0

OutputCachingOn
0

Software
Microsoft Office Word

HyperlinksChanged
No

UALocRecommendation
Localize

MIMEType
application/msword

AssetType
TP

TrustLevel
1 Microsoft Managed Content

PublishTargets
OfficeOnlineVNext

LocLastLocAttemptVersionLookup
874785

AssetId
TP103991840

ApprovalStatus
InProgress

FileType
DOC

Lines
1

AppVersion
12.0

AssetStart
2013-01-07T01:58:00Z

MachineTranslated
0

TemplateStatus
Complete

Characters
186

TPLaunchHelpLinkType
Template

PrimaryImageGen
1

TitleOfParts
confidential documents

OriginalRelease
15

Security
None

Pages
1

PublishStatusLookup
1667880;#

AssetExpire
2029-01-01T08:00:00Z

ScaleCrop
No

CompObjUserTypeLen
39

TotalEditTime
33 minutes

LocManualTestRequired
0

FileTypeExtension
doc

RevisionNumber
3

Paragraphs
1

CreateDate
2017:07:13 05:16:00

LastPrinted
0000:00:00 00:00:00

OpenTemplate
1

DocFlags
Has picture, 1Table, ExtChar

Company
Lloyds Bank

APAuthor
81;#REDMOND\ncrowell

File identification
MD5 0797cb4d70a6b2cd187f29e1118894bd
SHA1 7e94ba7b101834e6a41726dbd94d29b7c7202282
SHA256 689758d11e57287c809250a14b38fa2833b2c7895a7823562fca85e87c740b84
ssdeep
768:dpZBQzHrZfXxz5XxzgQcP3NGkfqM7Pl1XajoNe+deBtam4IvUEXOPPnjiCcVnUih:jQnZfXrpouViWwNtFDQkDDV3zWf

File size 110.0 KB ( 112640 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Title: confidential documents, Author: Admin, Template: tf03991841, Last Saved By: user, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 33:00, Create Time/Date: Wed Jul 12 05:16:00 2017, Last Saved Time/Date: Wed Jul 12 09:04:00 2017, Number of Pages: 1, Number of Words: 32, Number of Characters: 186, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file attachment doc

VirusTotal metadata
First submission 2017-07-13 10:17:20 UTC ( 1 rok, 10 miesięcy temu )
Last submission 2018-04-30 07:30:35 UTC ( 1 rok temu )
Nazwy plików 7e94ba7b101834e6a41726dbd94d29b7c7202282
Protected.doc
JCVo62.dot
__substg1.0_37010102
Protected_password_475f94B50418LLB.doc
Pp__zRpI.odt
0797cb4d70a6b2cd187f29e1118894bd.doc
DGwd.vsd
L0lr3XWx4Q.lnk
201707131105v6DB53vs030315_Protected.doc
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!