× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: 2d1416850ad33c23e9b4076f3f7f36b215d64c6259f0bd2d211ae043f8a3b85c
Tên tập tin: SecureMessage.doc
Tỷ lệ phát hiện: 6 / 57
Ngày phân tích: 2017-07-05 14:17:44 UTC ( 1 năm, 10 tháng trước ) Xem mới nhất
Chương trình Kết quả Cập nhật
Arcabit HEUR.VBA.Trojan.e 20170705
Kaspersky HEUR:Trojan.Script.Agent.gen 20170705
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170705
Qihoo-360 virus.office.qexvmc.1080 20170705
Tencent Macro.Trojan.Dropperx.Auto 20170705
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20170705
Ad-Aware 20170705
AegisLab 20170705
AhnLab-V3 20170705
Alibaba 20170705
ALYac 20170705
Antiy-AVL 20170705
Avast 20170705
AVG 20170705
Avira (no cloud) 20170705
AVware 20170705
Baidu 20170705
BitDefender 20170705
Bkav 20170705
CAT-QuickHeal 20170705
ClamAV 20170705
CMC 20170705
Comodo 20170705
CrowdStrike Falcon (ML) 20170420
Cyren 20170705
DrWeb 20170705
Emsisoft 20170705
Endgame 20170629
ESET-NOD32 20170705
F-Prot 20170705
F-Secure 20170705
Fortinet 20170629
GData 20170705
Ikarus 20170705
Sophos ML 20170607
Jiangmin 20170705
K7AntiVirus 20170705
K7GW 20170705
Kingsoft 20170705
Malwarebytes 20170705
MAX 20170705
McAfee 20170705
McAfee-GW-Edition 20170704
Microsoft 20170705
eScan 20170705
nProtect 20170705
Palo Alto Networks (Known Signatures) 20170705
Panda 20170705
Rising 20170705
SentinelOne (Static ML) 20170516
Sophos AV 20170705
SUPERAntiSpyware 20170704
Symantec 20170705
Symantec Mobile Insight 20170705
TheHacker 20170704
TrendMicro 20170705
TrendMicro-HouseCall 20170705
Trustlook 20170705
VBA32 20170705
VIPRE 20170705
ViRobot 20170705
Webroot 20170705
WhiteArmor 20170627
Yandex 20170704
Zillya 20170705
Zoner 20170705
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
user
creation_datetime
2017-07-04 17:32:00
revision_number
4
author
Accounting
page_count
1
last_saved
2017-07-05 13:38:00
edit_time
60
word_count
50
template
Normal
application_name
Microsoft Office Word
character_count
285
code_page
Latin I
Document summary
line_count
2
characters_with_spaces
334
version
983040
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
12544
type_literal
stream
sid
20
name
\x01CompObj
size
146
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
8496
type_literal
stream
sid
1
name
Data
size
7406
type_literal
stream
sid
13
name
Macros/PROJECT
size
594
type_literal
stream
sid
14
name
Macros/PROJECTwm
size
95
type_literal
stream
sid
18
name
Macros/UserForm1/\x01CompObj
size
97
type_literal
stream
sid
19
name
Macros/UserForm1/\x03VBFrame
size
291
type_literal
stream
sid
16
name
Macros/UserForm1/f
size
334
type_literal
stream
sid
17
name
Macros/UserForm1/o
size
584
type_literal
stream
sid
9
type
macro
name
Macros/VBA/Module1
size
3273
type_literal
stream
sid
11
type
macro
name
Macros/VBA/ThisDocument
size
1097
type_literal
stream
sid
10
type
macro (only attributes)
name
Macros/VBA/UserForm1
size
1159
type_literal
stream
sid
12
name
Macros/VBA/_VBA_PROJECT
size
3471
type_literal
stream
sid
8
name
Macros/VBA/dir
size
841
type_literal
stream
sid
3
name
WordDocument
size
4660
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 31 bytes
[+] Module1.bas Macros/VBA/Module1 979 bytes
obfuscated run-file
ExifTool file metadata
SharedDoc
No

Author
Accounting

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
user

HeadingPairs
, 1, Title, 1

Hyperlinks
https://www.nestpensions.org.uk/schemeweb/NestWeb/includes/common/images/NEST-logo.png

Identification
Word 8.0

Template
Normal

CharCountWithSpaces
334

Word97
No

LanguageCode
English (US)

ModifyDate
2017:07:05 12:38:00

TitleOfParts
,

Words
50

CodePage
Unicode (UTF-8)

RevisionNumber
4

MIMEType
application/msword

Characters
285

CreateDate
2017:07:04 16:32:00

Lines
2

AppVersion
15.0

Security
None

Software
Microsoft Office Word

FileType
DOC

TotalEditTime
1.0 minutes

Pages
1

ScaleCrop
No

CompObjUserTypeLen
0

FileTypeExtension
doc

Paragraphs
1

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 d2a015e5fbe787503f9455e97b9efaed
SHA1 0b4ee1df3416bbd27b4bf1a92bd7794009db9926
SHA256 2d1416850ad33c23e9b4076f3f7f36b215d64c6259f0bd2d211ae043f8a3b85c
ssdeep
384:HGrg9OtogebBD7X3GmiSHuT7UYiGR4wHLt2a42vPT4qEn5y2eX0juR4e9moorp:GgItXeb97Xu7UHdqgWRt9krp

File size 46.5 KB ( 47616 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Accounting, Template: Normal, Last Saved By: user, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Jul 03 16:32:00 2017, Last Saved Time/Date: Tue Jul 04 12:38:00 2017, Number of Pages: 1, Number of Words: 50, Number of Characters: 285, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros run-file doc

VirusTotal metadata
First submission 2017-07-05 13:14:07 UTC ( 1 năm, 10 tháng trước )
Last submission 2018-04-30 00:30:29 UTC ( 1 năm trước )
Tên tập tin SecureMessage.doc
SecureMessage.doc
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!