× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 9455a57f00deb2bf7ea28fa5c9f991f774c4af68aa42d720e16d0d260b636238
Nome do arquivo: Arlene-Resume.doc
Taxa de detecção: 13 / 57
Data da análise: 2017-06-17 06:01:20 UTC ( 1 ano, 11 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
Arcabit HEUR.VBA.Trojan.e 20170617
ESET-NOD32 VBA/TrojanDownloader.Agent.DKJ 20170617
Fortinet WM/Agent.DJX!tr.dldr 20170617
Ikarus Trojan-Downloader.VBA.Agent 20170616
Kaspersky HEUR:Trojan.Script.Agent.gen 20170617
McAfee W97M/Downloader.cbh 20170617
McAfee-GW-Edition W97M/Downloader.cbh 20170616
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170617
Qihoo-360 virus.office.qexvmc.1075 20170617
Sophos AV Troj/DocDl-JHG 20170617
Symantec W97M.Downloader 20170616
TrendMicro-HouseCall Suspicious_GEN.F47V0615 20170617
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170617
Ad-Aware 20170617
AegisLab 20170616
AhnLab-V3 20170616
Alibaba 20170616
ALYac 20170617
Antiy-AVL 20170617
Avast 20170617
AVG 20170617
Avira (no cloud) 20170616
AVware 20170617
Baidu 20170615
BitDefender 20170617
Bkav 20170616
CAT-QuickHeal 20170616
ClamAV 20170617
CMC 20170616
Comodo 20170617
CrowdStrike Falcon (ML) 20170420
Cyren 20170617
DrWeb 20170617
Emsisoft 20170617
Endgame 20170615
F-Prot 20170617
F-Secure 20170617
GData 20170617
Sophos ML 20170607
Jiangmin 20170617
K7AntiVirus 20170616
K7GW 20170617
Kingsoft 20170617
Malwarebytes 20170617
Microsoft 20170617
eScan 20170617
nProtect 20170617
Palo Alto Networks (Known Signatures) 20170617
Panda 20170617
Rising 20170617
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170617
Symantec Mobile Insight 20170614
Tencent 20170617
TheHacker 20170616
TotalDefense 20170617
TrendMicro 20170617
Trustlook 20170617
VBA32 20170616
VIPRE 20170617
ViRobot 20170617
Webroot 20170617
WhiteArmor 20170616
Yandex 20170616
Zillya 20170616
Zoner 20170617
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
admin
creation_datetime
2017-06-14 17:41:00
author
gdhukngjcvgob
title
Read me please
page_count
1
last_saved
2017-06-14 17:41:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
87040
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
5824
type_literal
stream
sid
21
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
432
type_literal
stream
sid
2
name
1Table
size
7477
type_literal
stream
sid
1
name
Data
size
63996
type_literal
stream
sid
20
name
Macros/PROJECT
size
511
type_literal
stream
sid
19
name
Macros/PROJECTwm
size
131
type_literal
stream
sid
13
type
macro
name
Macros/VBA/EvLUJp
size
14806
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
1127
type_literal
stream
sid
11
type
macro
name
Macros/VBA/W26yl
size
10733
type_literal
stream
sid
15
name
Macros/VBA/_VBA_PROJECT
size
32890
type_literal
stream
sid
17
name
Macros/VBA/__SRP_0
size
1878
type_literal
stream
sid
18
name
Macros/VBA/__SRP_1
size
206
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
348
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
106
type_literal
stream
sid
16
name
Macros/VBA/dir
size
701
type_literal
stream
sid
12
type
macro
name
Macros/VBA/n4JCb3
size
68199
type_literal
stream
sid
14
type
macro
name
Macros/VBA/sLeM4AFx5
size
28190
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] W26yl.bas Macros/VBA/W26yl 4855 bytes
[+] n4JCb3.bas Macros/VBA/n4JCb3 32900 bytes
[+] EvLUJp.bas Macros/VBA/EvLUJp 6836 bytes
run-file
[+] sLeM4AFx5.bas Macros/VBA/sLeM4AFx5 13439 bytes
obfuscated
ExifTool file metadata
SharedDoc
No

Author
gdhukngjcvgob

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:06:14 16:41:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:06:14 16:41:00

Company
home

Title
Read me please

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

Bytes
87040

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 726c2b2752546b73b4abc48f221f64ae
SHA1 47d91731bb4d9bba1057fc3f399fd20f7f630fb3
SHA256 9455a57f00deb2bf7ea28fa5c9f991f774c4af68aa42d720e16d0d260b636238
ssdeep
3072:vou9YlI6eHSxu05uN6CKVKLlG2zyukwkIYUm8Tcdpn0DhdVah6:39E3BGLBG8yu7QUm8Ydp6

File size 246.5 KB ( 252416 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: Read me please, Author: gdhukngjcvgob, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jun 13 16:41:00 2017, Last Saved Time/Date: Tue Jun 13 16:41:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2017-06-17 06:01:20 UTC ( 1 ano, 11 meses atrás )
Last submission 2017-06-17 06:01:20 UTC ( 1 ano, 11 meses atrás )
Nomes do arquivo Arlene-Resume.doc
Arlene-Resume.doc
malware_downloader_from_185.165.29.36 (68)
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!