× Колачићи су онемогућени. Овај сајт захтева колачиће како би нормално функционисао
SHA256: 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
Име датотеке: SUPEE-9789.doc
Однос откривања: 39 / 61
Датум анализе: 2018-09-12 13:28:14 UTC (пре 1 месец, 1 недеља)
Антивирус Резултат Ажурирање
Ad-Aware VB:Trojan.Valyria.406 20180912
AegisLab Trojan.Script.Generic.4!c 20180912
ALYac VB:Trojan.Valyria.406 20180912
Antiy-AVL Trojan[Downloader]/MSOffice.Agent 20180912
Arcabit HEUR.VBA.Trojan.e 20180912
Avast VBA:Downloader-EYG [Trj] 20180912
AVG VBA:Downloader-EYG [Trj] 20180912
Avira (no cloud) W97M/Agent.88345262 20180912
Baidu VBA.Trojan-Downloader.Agent.bjw 20180912
BitDefender VB:Trojan.Valyria.406 20180912
CAT-QuickHeal W97M.Downloader.AJX 20180912
ClamAV Doc.Downloader.Heuristic-6312759-0 20180912
Cyren W97M/Agent 20180912
Emsisoft VB:Trojan.Valyria.406 (B) 20180912
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.DCX 20180912
F-Prot New or modified W97M/Agent 20180912
F-Secure VB:Trojan.Valyria.406 20180912
Fortinet WM/Agent.IRC!tr.dldr 20180912
GData Macro.Trojan-Downloader.TeslaCrypt.AC 20180912
Ikarus Trojan-Downloader.VBA.Agent 20180912
K7AntiVirus Trojan ( 00536d111 ) 20180912
K7GW Trojan ( 00536d111 ) 20180912
Kaspersky HEUR:Trojan.Script.Agent.gen 20180912
MAX malware (ai score=99) 20180912
McAfee Artemis!C3D03F0EEDF1 20180912
McAfee-GW-Edition BehavesLike.Downloader.cg 20180912
Microsoft Trojan:O97M/Madeba.A!det 20180912
eScan VB:Trojan.Valyria.406 20180912
NANO-Antivirus Trojan.Script.Agent.epyrxh 20180912
Panda O97M/Downloader 20180912
Qihoo-360 Win32/Trojan.Script.af7 20180912
SentinelOne (Static ML) static engine - malicious 20180830
Symantec W97M.Downloader 20180912
TACHYON Suspicious/W97M.Obfus.Gen.1 20180912
Tencent Heur:Trojan.Script.LS_Gencirc.7062371.0 20180912
TrendMicro HEUR_VBA.O.ELBP 20180912
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180912
Zoner Probably W97Obfuscated 20180912
AhnLab-V3 20180912
Alibaba 20180713
Avast-Mobile 20180912
AVware 20180912
Babable 20180907
Bkav 20180912
CMC 20180912
Comodo 20180912
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180912
DrWeb 20180912
eGambit 20180912
Sophos ML 20180717
Jiangmin 20180912
Kingsoft 20180912
Malwarebytes 20180912
Palo Alto Networks (Known Signatures) 20180912
Rising 20180912
Sophos AV 20180912
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TheHacker 20180907
TotalDefense 20180912
TrendMicro-HouseCall 20180912
Trustlook 20180912
VBA32 20180912
VIPRE 20180912
ViRobot 20180912
Webroot 20180912
Yandex 20180910
Zillya 20180911
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
last_author
admin
creation_datetime
2017-04-20 20:05:00
author
admin
title
info
page_count
1
last_saved
2017-04-20 20:05:00
revision_number
2
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
template
Normal.dotm
Document summary
byte_count
94208
company
home
characters_with_spaces
1
line_count
1
version
1048576
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7616
type_literal
stream
sid
20
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7417
type_literal
stream
sid
1
name
Data
size
73453
type_literal
stream
sid
19
name
Macros/PROJECT
size
484
type_literal
stream
sid
18
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module1
size
2147
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module2
size
32199
type_literal
stream
sid
13
type
macro
name
Macros/VBA/Module3
size
31957
type_literal
stream
sid
8
type
macro (only attributes)
name
Macros/VBA/ThisDocument
size
1127
type_literal
stream
sid
14
name
Macros/VBA/_VBA_PROJECT
size
12400
type_literal
stream
sid
16
name
Macros/VBA/__SRP_0
size
1956
type_literal
stream
sid
17
name
Macros/VBA/__SRP_1
size
198
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
348
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
106
type_literal
stream
sid
15
name
Macros/VBA/dir
size
713
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] Module1.bas Macros/VBA/Module1 588 bytes
[+] Module2.bas Macros/VBA/Module2 14091 bytes
create-file create-ole handle-file open-file run-file write-file
[+] Module3.bas Macros/VBA/Module3 13779 bytes
ExifTool file metadata
SharedDoc
No

Author
admin

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
admin

HeadingPairs
, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

Word97
No

LanguageCode
Russian

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:04:20 19:05:00

Company
home

Title
info

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

Lines
1

CreateDate
2017:04:20 19:05:00

Bytes
94208

AppVersion
16.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 c3d03f0eedf1b1e222130b478b3ab231
SHA1 c59897166ba1ce057ca290370af214990be9d730
SHA256 123cbcee6c6aa35629e9e107173baaf1a572b68b52c1c8161e669b5d1fcf4883
ssdeep
3072:gTTwHo66OblnBQMFCESpcSO6iNAJWq3gouW3kVxaX:3HXRblnBvFCESpcSYouW

File size 180.0 KB ( 184320 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: info, Author: admin, Template: Normal.dotm, Last Saved By: admin, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 19 19:05:00 2017, Last Saved Time/Date: Wed Apr 19 19:05:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
open-file handle-file doc create-file run-file macros write-file create-ole

VirusTotal metadata
First submission 2017-04-21 07:30:11 UTC (пре 1 година, 6 месеци)
Last submission 2018-05-13 00:00:26 UTC (пре 5 месеци, 1 недеља)
Имена датотека SUPEE-9789.doc
Нема коментара.. Ниједан члан заједнице Вајрустотала још није прокоментарисао ову ставку. Будите први који ће то урадити!

Оставите коментар…

?
Постави коментар

Нисте пријављени. Само регистровани корисници могу да остављају коментаре. Отворите налог и разгласите се!

Нема гласова.. Још нико није гласао за ову ставку. Будите први који ће то учинити!