× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34c92160a7456b52d393750f42140070dcc2bc5b61322121d57af1f39507c85c
File name: malware3.docm
Detection ratio: 6 / 52
Analysis date: 2016-07-05 12:31:17 UTC ( 9 months, 4 weeks ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160705
Fortinet WM/Agent!tr 20160705
Ikarus Trojan-Downloader.VBA.Agent 20160705
Panda O97M/Downloader 20160705
Qihoo-360 virus.office.gen.55 20160705
Tencent Macro.Trojan.Dropperd.Auto 20160705
Ad-Aware 20160705
AegisLab 20160705
AhnLab-V3 20160705
Alibaba 20160705
ALYac 20160705
Antiy-AVL 20160705
Avast 20160705
AVG 20160705
AVware 20160705
Baidu 20160705
BitDefender 20160705
Bkav 20160705
CAT-QuickHeal 20160705
ClamAV 20160705
CMC 20160704
Comodo 20160705
Cyren 20160705
DrWeb 20160705
Emsisoft 20160704
ESET-NOD32 20160705
F-Prot 20160705
F-Secure 20160705
GData 20160705
Jiangmin 20160705
K7AntiVirus 20160705
K7GW 20160705
Kaspersky 20160705
Kingsoft 20160705
Malwarebytes 20160705
McAfee 20160705
McAfee-GW-Edition 20160705
Microsoft 20160705
eScan 20160705
NANO-Antivirus 20160705
nProtect 20160705
Sophos 20160705
SUPERAntiSpyware 20160705
Symantec 20160701
TheHacker 20160705
TrendMicro 20160705
TrendMicro-HouseCall 20160705
VBA32 20160705
VIPRE 20160705
ViRobot 20160705
Zillya 20160705
Zoner 20160705
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May create additional files.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 489 bytes
[+] Module4.bas word/vbaProject.bin VBA/Module4 7086 bytes
[+] Module1.bas word/vbaProject.bin VBA/Module1 7435 bytes
obfuscated open-file
[+] Module2.bas word/vbaProject.bin VBA/Module2 803 bytes
create-file write-file
[+] Module8.bas word/vbaProject.bin VBA/Module8 884 bytes
create-ole
[+] Module7.bas word/vbaProject.bin VBA/Module7 3684 bytes
create-ole open-file
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
creator
1
lastModifiedBy
Microsoft Office
revision
2
created
2016-07-05T09:52:00Z
modified
2016-07-05T09:52:00Z
Application document properties
Template
Normal_Wordconv.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Outlook
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
Company
Home
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
12.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Microsoft Office

Application
Microsoft Office Outlook

ZipFileName
[Content_Types].xml

Template
Normal_Wordconv.dotm

CreateDate
2016:07:05 09:52:00Z

ZipRequiredVersion
20

ModifyDate
2016:07:05 09:52:00Z

ZipCRC
0xc1a32581

Company
Home

Words
0

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

FileType
DOCM

Lines
0

AppVersion
12.0

ZipUncompressedSize
1453

ZipCompressedSize
406

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

Creator
1

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
14
Uncompressed size
91603
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
Contained files by type
XML
13
Microsoft Office
1
Compressed bundles
File identification
MD5 e09e76cb00e17f283963b97d249b345b
SHA1 b183a3c92be83fc325d5b28f7b5c0276f854d6e8
SHA256 34c92160a7456b52d393750f42140070dcc2bc5b61322121d57af1f39507c85c
ssdeep
768:2mo9Wp7D/s/s5RIukrWWx4Ap7zEALc9y8TSo5TQoa0e:49O7DUs5RIukrhxNBzEALc92obe

File size 34.1 KB ( 34935 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (59.4%)
Word Microsoft Office Open XML Format document (36.0%)
ZIP compressed archive (4.5%)
Tags
obfuscated open-file create-file docx macros attachment write-file create-ole

VirusTotal metadata
First submission 2016-07-05 11:48:20 UTC ( 9 months, 4 weeks ago )
Last submission 2016-07-05 21:16:51 UTC ( 9 months, 3 weeks ago )
File names 05-07-2016_rndnum(4,9)}}(4).docm
malware3.docm
20160705-135026-05-07-2016_rndnum(4,9)}}.docm
sample 05-07-2016_rndnum(4,9)}}.docm
6000a43fd96b29a269f28bae2a03326f
05-07-2016_rndnum(4,9)}}.docm
eb9c66afb080b8f611a3a91fa3a41775
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!