× Cookies被禁用! 本网站需要启用Cookie才能正常工作
SHA256: d3a74337eeb8f56936520d5928fed17bf9b5861bc3e8004358fb983ec09c8ca2
文件名: 2e9b9abb8c8aa718902f32084a11301a
检出率: 17 / 54
分析日期: 2016-11-23 04:01:27 UTC ( 2 年, 5 月 前 ) 查看最新
反病毒软件 结果 病毒库日期
Ad-Aware W97m.Downloader.ESK 20161123
AegisLab Troj.Script.Agent!c 20161123
AVware LooksLike.Macro.Malware.k (v) 20161123
BitDefender W97m.Downloader.ESK 20161123
Cyren Trojan.VRSQ-2 20161123
Emsisoft W97m.Downloader.ESK (B) 20161123
F-Secure W97m.Downloader.ESK 20161123
GData W97m.Downloader.ESK 20161123
Ikarus Trojan-Downloader.VBA.Agent 20161122
Kaspersky HEUR:Trojan.Script.Agent.gen 20161123
Microsoft TrojanDownloader:O97M/Donoff 20161123
eScan W97m.Downloader.ESK 20161123
Sophos AV Troj/DocDl-FRG 20161123
Symantec W97M.Downloader 20161123
TrendMicro W2KM_DLOADE.VSRTG 20161123
TrendMicro-HouseCall W2KM_DLOADE.VSRTG 20161123
VIPRE LooksLike.Macro.Malware.k (v) 20161123
AhnLab-V3 20161122
Alibaba 20161123
ALYac 20161123
Arcabit 20161123
Avast 20161123
AVG 20161123
Avira (no cloud) 20161122
Baidu 20161122
Bkav 20161122
CAT-QuickHeal 20161122
ClamAV 20161123
CMC 20161122
Comodo 20161122
CrowdStrike Falcon (ML) 20161024
DrWeb 20161123
ESET-NOD32 20161123
F-Prot 20161123
Fortinet 20161123
Sophos ML 20161018
Jiangmin 20161123
K7AntiVirus 20161122
K7GW 20161123
Kingsoft 20161123
Malwarebytes 20161123
McAfee 20161123
McAfee-GW-Edition 20161123
NANO-Antivirus 20161123
nProtect 20161123
Panda 20161122
Qihoo-360 20161123
Rising 20161123
SUPERAntiSpyware 20161123
Tencent 20161123
TheHacker 20161122
TotalDefense 20161122
Trustlook 20161123
VBA32 20161122
ViRobot 20161123
Yandex 20161122
Zillya 20161122
Zoner 20161123
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
slave
creation_datetime
2016-08-19 14:14:00
template
Normal.dotm
author
slave
page_count
1
last_saved
2016-11-22 11:15:00
edit_time
20880
revision_number
514
application_name
Microsoft Office Word
character_count
1
code_page
Cyrillic
Document summary
line_count
1
company
RePack by SPecialiST
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7872
type_literal
stream
size
121
name
\x01CompObj
sid
18
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
8370
name
1Table
sid
2
type_literal
stream
size
38552
name
Data
sid
1
type_literal
stream
size
485
name
Macros/PROJECT
sid
17
type_literal
stream
size
65
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
5789
type
macro
name
Macros/VBA/Module1
sid
11
type_literal
stream
size
1608
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
2973
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
1221
name
Macros/VBA/__SRP_0
sid
14
type_literal
stream
size
106
name
Macros/VBA/__SRP_1
sid
15
type_literal
stream
size
304
name
Macros/VBA/__SRP_2
sid
9
type_literal
stream
size
103
name
Macros/VBA/__SRP_3
sid
10
type_literal
stream
size
571
name
Macros/VBA/dir
sid
13
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 241 bytes
run-file
[+] Module1.bas Macros/VBA/Module1 2525 bytes
ExifTool file metadata
SharedDoc
No

Author
slave

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
slave

HeadingPairs
, 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2016:08:19 13:14:00

CompObjUserType
???????? Microsoft Office Word 97-2003

ModifyDate
2016:11:22 10:15:00

Company
RePack by SPecialiST

Characters
1

CodePage
Windows Cyrillic

RevisionNumber
514

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
5.8 hours

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 80e197927c18a145aab39be1e415cd34
SHA1 1305342585d2c068bed9d9c9552cd9e754915d53
SHA256 d3a74337eeb8f56936520d5928fed17bf9b5861bc3e8004358fb983ec09c8ca2
ssdeep
1536:9cJc5C7U9KCP6pBQGsHHSXfSLHbxCxIQ1+wAC:9cJc51syUQdHyXAbxCxn+

File size 77.0 KB ( 78848 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: slave, Template: Normal.dotm, Last Saved By: slave, Revision Number: 514, Name of Creating Application: Microsoft Office Word, Total Editing Time: 05:48:00, Create Time/Date: Thu Aug 18 13:14:00 2016, Last Saved Time/Date: Mon Nov 21 10:15:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2016-11-22 10:33:26 UTC ( 2 年, 6 月 前 )
Last submission 2016-12-03 10:03:12 UTC ( 2 年, 5 月 前 )
文件名 49ef869241e91594e1de5a6c611d6538
2e9b9abb8c8aa718902f32084a11301a
d3a74337eeb8f56936520d5928fed17bf9b5861bc3e8004358fb983ec09c8ca2.dat
b375a4988542980d47cac8b229e35bd9
f5150621579c15d9a1ea9f704ba7bd82
f.doc
FedEx.doc
4406e2107bd48c7ce48fa836d09bf976
599e9c713bca26027b823b4a53cbd983
ae01c3f86f88f58e2437646a879666df
没有评论. 没有VirusTotal社区成员评论该项目,抢沙发!

发表评论

?
发表评论

您没有登录。只有注册用户可以发表评论,请登录后发表评论!

没有投票. 目前没有用户投票。