× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b8257c19229a0ba19571d7e467b067f95707e1e12e803f34e950d4691d6a202
File name: Dora-Resume.doc
Detection ratio: 11 / 56
Analysis date: 2016-06-08 09:15:35 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.d 20160608
AVG W97M/Downloader 20160608
Avira (no cloud) W2000M/Agent.01481253 20160608
ESET-NOD32 VBA/TrojanDownloader.Agent.BGC 20160608
Fortinet WM/Agent.CYV!tr 20160608
McAfee W97M/Downloader.bev 20160608
Qihoo-360 virus.office.gen.80 20160608
Sophos AV Troj/DocDl-DNI 20160608
Symantec W97M.Downloader 20160608
TrendMicro W2KM_DLOADR.BYX 20160608
TrendMicro-HouseCall W2KM_DLOADR.BYX 20160608
Ad-Aware 20160608
AegisLab 20160608
AhnLab-V3 20160608
Alibaba 20160608
ALYac 20160608
Antiy-AVL 20160608
Avast 20160608
AVware 20160608
Baidu 20160608
Baidu-International 20160606
BitDefender 20160608
Bkav 20160608
CAT-QuickHeal 20160608
ClamAV 20160608
CMC 20160607
Comodo 20160608
Cyren 20160608
DrWeb 20160608
Emsisoft 20160608
F-Prot 20160608
F-Secure 20160608
GData 20160608
Ikarus 20160608
Jiangmin 20160608
K7AntiVirus 20160608
K7GW 20160608
Kaspersky 20160608
Kingsoft 20160608
Malwarebytes 20160608
McAfee-GW-Edition 20160608
Microsoft 20160608
eScan 20160608
NANO-Antivirus 20160608
nProtect 20160607
Panda 20160607
Rising 20160608
SUPERAntiSpyware 20160608
Tencent 20160608
TheHacker 20160607
VBA32 20160607
VIPRE 20160608
ViRobot 20160608
Yandex 20160607
Zillya 20160607
Zoner 20160608
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May open a file.
May write to a file.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
last_author
support
creation_datetime
2016-03-04 10:10:00
author
ygbxaclxlgtio
title
Ticket Invites
page_count
1
last_saved
2014-04-27 17:39:00
edit_time
33540
revision_number
680
application_name
Microsoft Office Word
character_count
1
template
Normal.dotm
code_page
Latin I
subject
Understand The Back
Document summary
byte_count
86016
company
Nokia
characters_with_spaces
1
line_count
1
version
917504
paragraph_count
1
code_page
-535
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8896
type_literal
stream
size
114
name
\x01CompObj
sid
60
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
5
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
4
type_literal
stream
size
10520
name
1Table
sid
2
type_literal
stream
size
16391
name
Data
sid
1
type_literal
stream
size
563
name
Macros/PROJECT
sid
59
type_literal
stream
size
71
name
Macros/PROJECTwm
sid
58
type_literal
stream
size
97
name
Macros/UserForm1/\x01CompObj
sid
56
type_literal
stream
size
292
name
Macros/UserForm1/\x03VBFrame
sid
57
type_literal
stream
size
599
name
Macros/UserForm1/f
sid
13
type_literal
stream
size
115
name
Macros/UserForm1/i04/\x01CompObj
sid
27
type_literal
stream
size
456
name
Macros/UserForm1/i04/f
sid
16
type_literal
stream
size
110
name
Macros/UserForm1/i04/i06/\x01CompObj
sid
55
type_literal
stream
size
48
name
Macros/UserForm1/i04/i06/f
sid
53
type_literal
stream
size
0
name
Macros/UserForm1/i04/i06/o
sid
54
type_literal
stream
size
110
name
Macros/UserForm1/i04/i07/\x01CompObj
sid
52
type_literal
stream
size
136
name
Macros/UserForm1/i04/i07/f
sid
50
type_literal
stream
size
500
name
Macros/UserForm1/i04/i07/o
sid
51
type_literal
stream
size
110
name
Macros/UserForm1/i04/i11/\x01CompObj
sid
49
type_literal
stream
size
96
name
Macros/UserForm1/i04/i11/f
sid
47
type_literal
stream
size
76
name
Macros/UserForm1/i04/i11/o
sid
48
type_literal
stream
size
110
name
Macros/UserForm1/i04/i12/\x01CompObj
sid
46
type_literal
stream
size
96
name
Macros/UserForm1/i04/i12/f
sid
44
type_literal
stream
size
68
name
Macros/UserForm1/i04/i12/o
sid
45
type_literal
stream
size
110
name
Macros/UserForm1/i04/i13/\x01CompObj
sid
43
type_literal
stream
size
40
name
Macros/UserForm1/i04/i13/f
sid
41
type_literal
stream
size
0
name
Macros/UserForm1/i04/i13/o
sid
42
type_literal
stream
size
110
name
Macros/UserForm1/i04/i14/\x01CompObj
sid
40
type_literal
stream
size
92
name
Macros/UserForm1/i04/i14/f
sid
38
type_literal
stream
size
52
name
Macros/UserForm1/i04/i14/o
sid
39
type_literal
stream
size
110
name
Macros/UserForm1/i04/i22/\x01CompObj
sid
37
type_literal
stream
size
40
name
Macros/UserForm1/i04/i22/f
sid
35
type_literal
stream
size
0
name
Macros/UserForm1/i04/i22/o
sid
36
type_literal
stream
size
110
name
Macros/UserForm1/i04/i23/\x01CompObj
sid
34
type_literal
stream
size
40
name
Macros/UserForm1/i04/i23/f
sid
32
type_literal
stream
size
0
name
Macros/UserForm1/i04/i23/o
sid
33
type_literal
stream
size
110
name
Macros/UserForm1/i04/i24/\x01CompObj
sid
31
type_literal
stream
size
40
name
Macros/UserForm1/i04/i24/f
sid
29
type_literal
stream
size
0
name
Macros/UserForm1/i04/i24/o
sid
30
type_literal
stream
size
408
name
Macros/UserForm1/i04/o
sid
17
type_literal
stream
size
132
name
Macros/UserForm1/i04/x
sid
28
type_literal
stream
size
584
name
Macros/UserForm1/o
sid
14
type_literal
stream
size
26412
type
macro
name
Macros/VBA/ThisDocument
sid
8
type_literal
stream
size
1318
type
macro
name
Macros/VBA/UserForm1
sid
9
type_literal
stream
size
15127
name
Macros/VBA/_VBA_PROJECT
sid
10
type_literal
stream
size
829
name
Macros/VBA/dir
sid
11
type_literal
stream
size
4096
name
WordDocument
sid
3
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 19393 bytes
environ obfuscated open-file run-file write-file
[+] UserForm1.frm Macros/VBA/UserForm1 40 bytes
ExifTool file metadata
SharedDoc
No

Author
ygbxaclxlgtio

CodePage
Unicode (UTF-8)

LinksUpToDate
No

LastModifiedBy
support

HeadingPairs
Title, 1, Konu Ba l , 1

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2016:03:04 09:10:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2014:04:27 16:39:00

TitleOfParts
Ticket Invites,

Company
Nokia

Title
Ticket Invites

HyperlinksChanged
No

Characters
1

ScaleCrop
No

RevisionNumber
680

MIMEType
application/msword

Words
0

Lines
1

FileType
DOC

Bytes
86016

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
9.3 hours

Pages
1

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Subject
Understand The Back

File identification
MD5 05ac9ddfa3e0686783dda9c060aff310
SHA1 315df7f62317742e6b3f76e77e84c1eaa8101805
SHA256 3b8257c19229a0ba19571d7e467b067f95707e1e12e803f34e950d4691d6a202
ssdeep
1536:YVPaqPzkQHiJhEduZSXDZxYYmIALPBYDq23j+222p2Kz8:YVaqrkSiTEdUSzZ8IcWDqI+222p2Kz8

File size 99.5 KB ( 101888 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Ticket Invites, Subject: Understand The Back, Author: ygbxaclxlgtio, Template: Normal.dotm, Last Saved By: support, Revision Number: 680, Name of Creating Application: Microsoft Office Word, Total Editing Time: 09:19:00, Create Time/Date: Thu Mar 03 09:10:00 2016, Last Saved Time/Date: Sat Apr 26 16:39:00 2014, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
obfuscated open-file doc run-file macros environ write-file

VirusTotal metadata
First submission 2016-06-08 09:15:35 UTC ( 1 year, 5 months ago )
Last submission 2016-06-09 13:04:19 UTC ( 1 year, 5 months ago )
File names 05AC9DDFA3E0686783DDA9C060AFF310
Dora-Resume.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!