× Cookies被禁用! 本网站需要启用Cookie才能正常工作
SHA256: 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
文件名: CDM6396716681059.doc
检出率: 10 / 56
分析日期: 2019-03-14 11:30:14 UTC ( 2 月 前 ) 查看最新
反病毒软件 结果 病毒库日期
Endgame malicious (high confidence) 20190215
Fortinet VBA/Agent.NBP!tr.dldr 20190314
Ikarus Trojan-Downloader.VBA.Agent 20190314
K7AntiVirus Trojan ( 00536d111 ) 20190314
K7GW Trojan ( 00536d111 ) 20190314
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20190314
SentinelOne (Static ML) DFI - Malicious OLE 20190311
Tencent Heur.Macro.Generic.Gen.h 20190314
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20190314
Zoner Probably W97Obfuscated 20190314
Acronis 20190313
Ad-Aware 20190314
AegisLab 20190314
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190314
Antiy-AVL 20190314
Arcabit 20190314
Avast 20190314
Avast-Mobile 20190314
AVG 20190314
Avira (no cloud) 20190314
Babable 20180918
Baidu 20190306
BitDefender 20190314
Bkav 20190314
CAT-QuickHeal 20190313
ClamAV 20190314
CMC 20190314
Comodo 20190314
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190314
DrWeb 20190314
eGambit 20190314
Emsisoft 20190314
ESET-NOD32 20190314
F-Secure 20190314
GData 20190314
Sophos ML 20190313
Jiangmin 20190314
Kaspersky 20190314
Kingsoft 20190314
Malwarebytes 20190314
MAX 20190314
McAfee 20190314
McAfee-GW-Edition 20190314
Microsoft 20190314
eScan 20190314
Palo Alto Networks (Known Signatures) 20190314
Panda 20190313
Qihoo-360 20190314
Rising 20190314
Sophos AV 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190314
TheHacker 20190308
TotalDefense 20190314
Trapmine 20190301
TrendMicro-HouseCall 20190314
Trustlook 20190314
VBA32 20190314
ViRobot 20190314
Yandex 20190314
Zillya 20190313
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to hide the viewer or other applications.
Seems to contain deobfuscation code.
Summary
creation_datetime
2019-03-14 10:03:00
revision_number
1
page_count
1
word_count
1
last_saved
2019-03-14 10:03:00
template
Normal.dotm
application_name
Microsoft Office Word
character_count
10
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
10
version
1048576
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
3584
type_literal
stream
sid
19
name
\x01CompObj
size
114
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
7486
type_literal
stream
sid
1
name
Data
size
65344
type_literal
stream
sid
18
name
Macros/PROJECT
size
470
type_literal
stream
sid
17
name
Macros/PROJECTwm
size
77
type_literal
stream
sid
8
type
macro
name
Macros/VBA/EooGUxB
size
13484
type_literal
stream
sid
12
type
macro
name
Macros/VBA/HoAcU1c
size
18133
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
46617
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
1346
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
110
type_literal
stream
sid
9
name
Macros/VBA/__SRP_2
size
436
type_literal
stream
sid
10
name
Macros/VBA/__SRP_3
size
187
type_literal
stream
sid
14
name
Macros/VBA/dir
size
604
type_literal
stream
sid
11
type
macro
name
Macros/VBA/uAZGZ_Z1
size
67278
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] EooGUxB.cls Macros/VBA/EooGUxB 8013 bytes
obfuscated
[+] uAZGZ_Z1.bas Macros/VBA/uAZGZ_Z1 43146 bytes
obfuscated
[+] HoAcU1c.bas Macros/VBA/HoAcU1c 11472 bytes
hide-app obfuscated
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
10

CreateDate
2019:03:14 09:03:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2019:03:14 09:03:00

Characters
10

CodePage
Windows Latin 1 (Western European)

RevisionNumber
1

MIMEType
application/msword

Words
1

FileType
DOC

Lines
1

AppVersion
16.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

File identification
MD5 d2b360bbbf6548e29b77452f6f617741
SHA1 8d1b9f84b65dd61576bdc801c219177f26c00b4e
SHA256 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
ssdeep
6144:T77HUUUUUUUUUUUUUUUUUUUT52VMqiruEPRDLneFyn816Wwv5:T77HUUUUUUUUUUUUUUUUUUUTCouEPRDb

File size 247.0 KB ( 252928 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Mar 13 09:03:00 2019, Last Saved Time/Date: Wed Mar 13 09:03:00 2019, Number of Pages: 1, Number of Words: 1, Number of Characters: 10, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated macros hide-app doc

VirusTotal metadata
First submission 2019-03-14 11:30:14 UTC ( 2 月 前 )
Last submission 2019-03-15 06:33:04 UTC ( 2 月 前 )
文件名 CDM6396716681059.doc
583376826209546862.doc
783644621161.doc
4776614079084111.doc
DET15338015198.doc
emotet_e2_7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698_2019-03-14__113512.doc
没有评论. 没有VirusTotal社区成员评论该项目,抢沙发!

发表评论

?
发表评论

您没有登录。只有注册用户可以发表评论,请登录后发表评论!

没有投票. 目前没有用户投票。