× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 96c6954bd849db586694da2f188b9f0c4c42689f48a36c3c902356c848432141
Nazwa pliku: E-Awizo z dnia 24_03_2016.docm
Współczynnik wykrycia: 12 / 56
Data analizy: 2016-03-24 12:19:36 UTC ( 2 lata, 12 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
AegisLab Troj.Downloader.Script!c 20160324
Arcabit HEUR.VBA.Trojan.d 20160324
Avira (no cloud) W2000M/Agent.796113 20160324
AVware LooksLike.Macro.Downloader.b (v) 20160324
CAT-QuickHeal O97M.Dropper.F 20160323
Fortinet W97M/Dloader.NCN!tr 20160324
Ikarus Trojan-Downloader.VBA.Agent 20160324
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20160324
NANO-Antivirus Trojan.Script.Agent.dnzdfx 20160324
Sophos AV Troj/DocDl-E 20160324
Tencent Heur.MSWord.Downloader.b 20160324
VIPRE LooksLike.Macro.Downloader.b (v) 20160324
Ad-Aware 20160324
Yandex 20160316
AhnLab-V3 20160324
Alibaba 20160323
ALYac 20160324
Antiy-AVL 20160324
Avast 20160324
AVG 20160324
Baidu 20160324
Baidu-International 20160324
BitDefender 20160324
Bkav 20160324
ByteHero 20160324
ClamAV 20160324
CMC 20160322
Comodo 20160324
Cyren 20160324
DrWeb 20160324
Emsisoft 20160324
ESET-NOD32 20160324
F-Prot 20160324
F-Secure 20160324
GData 20160324
Jiangmin 20160324
K7AntiVirus 20160324
K7GW 20160323
Malwarebytes 20160324
McAfee 20160324
McAfee-GW-Edition 20160324
Microsoft 20160324
eScan 20160324
nProtect 20160324
Panda 20160324
Qihoo-360 20160324
Rising 20160324
SUPERAntiSpyware 20160324
Symantec 20160324
TheHacker 20160323
TrendMicro 20160324
TrendMicro-HouseCall 20160324
VBA32 20160324
ViRobot 20160324
Zillya 20160324
Zoner 20160324
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May try to run other files, shell commands or applications.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 3056 bytes
exe-pattern url-pattern download environ obfuscated run-dll run-file
Content types
bin
rels
emf
jpeg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dcterms:created
2015-12-11T08:56:00Z
dcterms:modified
2016-03-24T07:52:00Z
Application document properties
Template
Normal.dotm
TotalTime
139
Pages
2
Words
35
Characters
215
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
Tytu\u0142
vt:i4
1
vt:lpstr
Title
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
249
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
pl-pl
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

TitlesOfParts
,

LinksUpToDate
No

HeadingPairs
Tytu , 1, Title, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:03:24 07:52:00Z

ZipCRC
0x4f0b0900

Words
35

ScaleCrop
No

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2015:12:11 08:56:00Z

Lines
1

AppVersion
12.0

ZipUncompressedSize
1813

ZipCompressedSize
490

Characters
215

CharactersWithSpaces
249

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

TotalEditTime
2.3 hours

ZipCompression
Deflated

Pages
2

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
23
Uncompressed size
1139278
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
12
bin
2
emf
1
Contained files by type
XML
15
JPG
4
unknown
2
Microsoft Office
2
File identification
MD5 a60190aad95f3e7746d2fdf4c7d63992
SHA1 941e4e0ff4e6f20035e2bb7b69bb3ee758fbee96
SHA256 96c6954bd849db586694da2f188b9f0c4c42689f48a36c3c902356c848432141
ssdeep
6144:uTOyenSLOXZv201QvX1qd5NopaffjeSd0RdIZTY1e:uXeScv61qd5Now3j3Ug

File size 309.2 KB ( 316621 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated run-file exe-pattern url-pattern docx macros run-dll environ download

VirusTotal metadata
First submission 2016-03-24 09:14:10 UTC ( 2 lata, 12 miesięcy temu )
Last submission 2016-09-03 05:16:16 UTC ( 2 lata, 6 miesięcy temu )
Nazwy plików a60190aad95f3e7746d2fdf4c7d63992_E-Awizo z dnia 24_03_2016.docm
E-Awizo z dnia 24_03_2016.docm.docx
E-Awizo z dnia 24_03_2016.docm
E-Awizo_z_24-03-2016.docm
E-Awizo z dnia 24_03_2016.doc.docm
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!