× Cookies被禁用! 本网站需要启用Cookie才能正常工作
SHA256: 3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c
文件名: 3bfef6c294d5d28f167d7880dc2ea504
检出率: 4 / 55
分析日期: 2016-08-22 09:37:04 UTC ( 2 年, 9 月 前 ) 查看最新
反病毒软件 结果 病毒库日期
AhnLab-V3 W97M/Downloader 20160822
Avira (no cloud) HEUR/Macro.Downloader 20160822
Ikarus Trojan-Downloader.VBA.Agent 20160822
Qihoo-360 virus.office.obfuscated.1 20160822
Ad-Aware 20160822
AegisLab 20160822
Alibaba 20160822
ALYac 20160822
Antiy-AVL 20160822
Arcabit 20160822
Avast 20160822
AVG 20160822
AVware 20160822
Baidu 20160820
BitDefender 20160822
Bkav 20160820
CAT-QuickHeal 20160822
ClamAV 20160822
CMC 20160822
Comodo 20160822
Cyren 20160822
DrWeb 20160822
Emsisoft 20160822
ESET-NOD32 20160822
F-Prot 20160822
Fortinet 20160822
GData 20160822
Jiangmin 20160822
K7AntiVirus 20160822
K7GW 20160822
Kaspersky 20160822
Kingsoft 20160822
Malwarebytes 20160822
McAfee 20160822
McAfee-GW-Edition 20160822
Microsoft 20160822
eScan 20160822
NANO-Antivirus 20160822
nProtect None
Panda 20160821
Rising 20160822
Sophos AV 20160822
SUPERAntiSpyware 20160822
Symantec 20160822
Tencent 20160822
TheHacker 20160821
TotalDefense 20160822
TrendMicro 20160822
TrendMicro-HouseCall 20160822
VBA32 20160819
VIPRE 20160822
ViRobot 20160822
Yandex 20160821
Zillya 20160820
Zoner 20160822
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 42 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 12180 bytes
create-ole enum-windows handle-file obfuscated open-file write-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
1
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2016-08-22T08:52:00Z
dcterms:modified
2016-08-22T08:52:00Z
Application document properties
Template
Normal
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
14.0000
Document languages
Language
Prevalence
en-us
2
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

Application
Microsoft Office Word

ZipFileName
[Content_Types].xml

Template
Normal

CreateDate
2016:08:22 08:52:00Z

ZipRequiredVersion
20

ModifyDate
2016:08:22 08:52:00Z

ZipCRC
0x4dc12e6a

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
14.0

ZipUncompressedSize
1563

ZipCompressedSize
419

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

Creator
1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
98446
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 3e58c0f38f3debbfc79df81b7822210f
SHA1 7ffdef193ec553c2318979f54be554eec4093a37
SHA256 3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c
ssdeep
768:3kMJNsv8OjpIxjYRjvo3xcM8otA6x0wrHXXl+fW0bVB8t:3kT8KpIxjYVvo3xcM88A6x0wr310WF

File size 34.1 KB ( 34905 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.0%)
Word Microsoft Office Open XML Format document (23.9%)
Open Packaging Conventions container (17.8%)
ZIP compressed archive (4.0%)
PrintFox/Pagefox bitmap (var. P) (1.0%)
Tags
obfuscated open-file enum-windows handle-file docx macros attachment write-file create-ole

VirusTotal metadata
First submission 2016-08-22 09:37:04 UTC ( 2 年, 9 月 前 )
Last submission 2017-09-18 12:49:26 UTC ( 1 年, 8 月 前 )
文件名 Malware_NEW_OFFICE_3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c.docm
IMG_6407.DOCM
b1c5c3fb29a60b383768fc37ea0b631219f3f897
SCAN_0207.DOCM
FAX_4613.DOCM
FAX_5542.docm
3f555eb38f2a9345a770c0e0a453f6896bf67946d9c3ed07477843cda37d038c.bin
3bfef6c294d5d28f167d7880dc2ea504
DOC_6823.DOCM
没有评论. 没有VirusTotal社区成员评论该项目,抢沙发!

发表评论

?
发表评论

您没有登录。只有注册用户可以发表评论,请登录后发表评论!

没有投票. 目前没有用户投票。