× Cookies被禁用! 本网站需要启用Cookie才能正常工作
SHA256: 8d5259dd99cc605b19cd5a176c46503f29c7a61107013f5f97180a1fc84d001e
文件名: 20170123142429.747055-Dinformation.doc_infected
检出率: 5 / 54
分析日期: 2017-01-23 13:24:30 UTC ( 2 年, 4 月 前 ) 查看最新
反病毒软件 结果 病毒库日期
Avast VBA:Downloader-DKE [Trj] 20170123
AVware LooksLike.Macro.Malware.k (v) 20170123
F-Secure Trojan:W97M/MaliciousMacro.GEN 20170123
Qihoo-360 virus.office.obfuscated.1 20170123
VIPRE LooksLike.Macro.Malware.k (v) 20170123
Ad-Aware 20170123
AegisLab 20170123
AhnLab-V3 20170123
Alibaba 20170122
ALYac 20170123
Antiy-AVL 20170123
Arcabit 20170123
AVG 20170123
Avira (no cloud) 20170123
Baidu 20170123
BitDefender 20170123
CAT-QuickHeal 20170123
ClamAV 20170123
CMC 20170123
Comodo 20170123
CrowdStrike Falcon (ML) 20161024
Cyren 20170123
DrWeb 20170123
Emsisoft 20170123
ESET-NOD32 20170123
F-Prot 20170123
Fortinet 20170123
GData 20170123
Ikarus 20170123
Sophos ML 20170111
Jiangmin 20170123
K7AntiVirus 20170123
K7GW 20170123
Kaspersky 20170123
Kingsoft 20170123
Malwarebytes 20170123
McAfee 20170123
McAfee-GW-Edition 20170123
Microsoft 20170123
eScan 20170123
NANO-Antivirus 20170123
nProtect 20170123
Panda 20170122
Rising 20170123
Sophos AV 20170123
SUPERAntiSpyware 20170123
Symantec 20170122
Tencent 20170123
TheHacker 20170117
TotalDefense 20170123
TrendMicro 20170123
TrendMicro-HouseCall 20170123
Trustlook 20170123
VBA32 20170123
ViRobot 20170123
WhiteArmor 20170123
Yandex 20170122
Zillya 20170120
Zoner 20170123
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
slave
creation_datetime
2017-01-19 11:58:00
revision_number
9
author
jason
page_count
1
last_saved
2017-01-19 12:04:00
edit_time
180
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RePack by SPecialiST
characters_with_spaces
1
version
983040
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
13120
type_literal
stream
sid
19
name
\x01CompObj
size
114
type_literal
stream
sid
4
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
3
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
1
name
1Table
size
7134
type_literal
stream
sid
18
name
Macros/PROJECT
size
585
type_literal
stream
sid
17
name
Macros/PROJECTwm
size
113
type_literal
stream
sid
10
type
macro
name
Macros/VBA/Module1
size
3224
type_literal
stream
sid
11
type
macro
name
Macros/VBA/Module2
size
1074
type_literal
stream
sid
12
type
macro
name
Macros/VBA/Module3
size
4346
type_literal
stream
sid
7
type
macro
name
Macros/VBA/ThisDocument
size
1917
type_literal
stream
sid
13
name
Macros/VBA/_VBA_PROJECT
size
3376
type_literal
stream
sid
15
name
Macros/VBA/__SRP_0
size
1325
type_literal
stream
sid
16
name
Macros/VBA/__SRP_1
size
114
type_literal
stream
sid
8
name
Macros/VBA/__SRP_2
size
304
type_literal
stream
sid
9
name
Macros/VBA/__SRP_3
size
103
type_literal
stream
sid
14
name
Macros/VBA/dir
size
619
type_literal
stream
sid
2
name
WordDocument
size
41994
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 406 bytes
create-ole obfuscated
[+] Module1.bas Macros/VBA/Module1 1313 bytes
[+] Module2.bas Macros/VBA/Module2 179 bytes
exe-pattern
[+] Module3.bas Macros/VBA/Module3 1609 bytes
ExifTool file metadata
SharedDoc
No

Author
jason

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
slave

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:01:19 10:58:00

CompObjUserType
???????? Microsoft Word 97-2003

ModifyDate
2017:01:19 11:04:00

ScaleCrop
No

Company
RePack by SPecialiST

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
9

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
3.0 minutes

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 7bf7a625c382568da910e86b7b332da1
SHA1 47def992cb4c04ea261b170bba2bd33115ead141
SHA256 8d5259dd99cc605b19cd5a176c46503f29c7a61107013f5f97180a1fc84d001e
ssdeep
1536:8Jc5C7U9KCP6pBQGsHHSXfSLHbxCIqCWbq:8Jc51syUQdHyXAbxCAWb

File size 79.0 KB ( 80896 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: jason, Template: Normal.dotm, Last Saved By: slave, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Wed Jan 18 10:58:00 2017, Last Saved Time/Date: Wed Jan 18 11:04:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated exe-pattern doc macros attachment create-ole

VirusTotal metadata
First submission 2017-01-23 13:00:49 UTC ( 2 年, 4 月 前 )
Last submission 2017-04-10 15:46:27 UTC ( 2 年, 1 月 前 )
文件名 89485f793e7cbde44734c1398f1e7fbb
8f06eddc05ca29a8a59111ae0cfb5662
7eae7b0d753bb43d457957aaf83cc49d
049a6ce8ef0c2a7342d23aa10ccd2b9a
9dc5526aec6ed293ef12337381d993d3
80b95edb8f761e4cfd80f2835b6e4618
da4b2d2fbf5ed7815e4c9e0ccda7fd71
645afa9bdd49749dc90af820edb40d15
1516ab8640a15ef57d12d42a245469bf
ef1d3ed94ebecb58f1c590ac0203eb05
d29d54ce66973918055ccd894c5840ac
b0aeec279f5038208128c69aa8f94dbd
eded5de10feed8ea187f661c6783b693
6a84e78a317d051944f5899807ba390b
c0138e16ad5b61e5534cecfaaf9fc56d
information.doc
0b933c9bd3d2a0ff59622d59f019dc3a
5556cf5ac96f85cacb8f9f1e962b9f6d
4051951f6d45c370930b08afc6249d4e
39ef65411f42d10aa99d456f20db8086
18935abcc200ea44856a484143a7d237
9e52311c87577bdd57d8826048c10f5d
94dd5449b344ad714662cd4808f8ecaf
565d7c4822808109e10813199124a280
479a993ea718a81bd644ecfa08471269
没有评论. 没有VirusTotal社区成员评论该项目,抢沙发!

发表评论

?
发表评论

您没有登录。只有注册用户可以发表评论,请登录后发表评论!

没有投票. 目前没有用户投票。