× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543
File name: Security Report ID(11701573).doc
Detection ratio: 3 / 56
Analysis date: 2016-05-24 11:31:45 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20160524
Qihoo-360 virus.office.obfuscated.1 20160524
Rising Trojan.Obfus/VBA@DT!1.A540 20160524
Ad-Aware 20160524
AegisLab 20160524
AhnLab-V3 20160524
Alibaba 20160524
ALYac 20160524
Antiy-AVL 20160524
Avast 20160524
AVG 20160524
Avira (no cloud) 20160524
AVware 20160524
Baidu 20160523
Baidu-International 20160524
BitDefender 20160524
Bkav 20160524
CAT-QuickHeal 20160524
ClamAV 20160524
CMC 20160523
Comodo 20160524
Cyren 20160524
DrWeb 20160524
Emsisoft 20160524
ESET-NOD32 20160524
F-Prot 20160524
F-Secure 20160524
Fortinet 20160524
GData 20160524
Ikarus 20160524
Jiangmin 20160524
K7AntiVirus 20160524
K7GW 20160524
Kaspersky 20160524
Kingsoft 20160524
Malwarebytes 20160524
McAfee 20160524
McAfee-GW-Edition 20160523
Microsoft 20160524
eScan 20160524
NANO-Antivirus 20160524
nProtect 20160523
Panda 20160523
Sophos AV 20160524
SUPERAntiSpyware 20160524
Symantec 20160524
Tencent 20160524
TheHacker 20160523
TrendMicro 20160524
TrendMicro-HouseCall 20160524
VBA32 20160524
VIPRE 20160524
ViRobot 20160524
Yandex 20160523
Zillya 20160524
Zoner 20160524
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May read system environment variables.
May write to a file.
May create additional files.
May try to run other files, shell commands or applications.
May create OLE objects.
Summary
creation_datetime
2016-05-24 01:09:00
template
Normal.dot
page_count
1
last_saved
2016-05-24 11:01:00
edit_time
1080
word_count
4
revision_number
16
application_name
Microsoft Office Word
character_count
28
code_page
Cyrillic
Document summary
line_count
1
characters_with_spaces
31
version
730895
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
8320
type_literal
stream
size
113
name
\x01CompObj
sid
18
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
360
name
\x05SummaryInformation
sid
3
type_literal
stream
size
4096
name
1Table
sid
1
type_literal
stream
size
564
name
Macros/PROJECT
sid
17
type_literal
stream
size
80
name
Macros/PROJECTwm
sid
16
type_literal
stream
size
8024
type
macro
name
Macros/VBA/ThisDocument
sid
7
type_literal
stream
size
3920
name
Macros/VBA/_VBA_PROJECT
sid
9
type_literal
stream
size
828
name
Macros/VBA/dir
sid
10
type_literal
stream
size
1164
type
macro (only attributes)
name
Macros/VBA/eRYTFJHvhsad
sid
8
type_literal
stream
size
97
name
Macros/eRYTFJHvhsad/\x01CompObj
sid
14
type_literal
stream
size
294
name
Macros/eRYTFJHvhsad/\x03VBFrame
sid
15
type_literal
stream
size
631
name
Macros/eRYTFJHvhsad/f
sid
12
type_literal
stream
size
246484
name
Macros/eRYTFJHvhsad/o
sid
13
type_literal
stream
size
4142
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 4299 bytes
create-file create-ole environ run-file write-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

Template
Normal.dot

CharCountWithSpaces
31

CreateDate
2016:05:24 00:09:00

Security
None

CompObjUserType
???????? Microsoft Office Word

ModifyDate
2016:05:24 10:01:00

Characters
28

Pages
1

RevisionNumber
16

MIMEType
application/msword

Words
4

FileType
DOC

Lines
1

AppVersion
11.9999

CodePage
Windows Cyrillic

Software
Microsoft Office Word

TotalEditTime
18.0 minutes

ScaleCrop
No

CompObjUserTypeLen
31

FileTypeExtension
doc

Paragraphs
1

File identification
MD5 16eb1828b27feb9dd470eb018be39d0a
SHA1 b0c100374dd7142edf97a9d233b3c68bcf77a07e
SHA256 62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543
ssdeep
3072:b/hwXcEymkThW84F3BW4r9v9wKoIv7WXb+WdHeH4aPoiYp+6HoZ:b5YcWCW84f/v9DvvKNHM9g1p+j

File size 280.5 KB ( 287232 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Template: Normal.dot, Revision Number: 16, Name of Creating Application: Microsoft Office Word, Total Editing Time: 18:00, Create Time/Date: Mon May 23 00:09:00 2016, Last Saved Time/Date: Mon May 23 10:01:00 2016, Number of Pages: 1, Number of Words: 4, Number of Characters: 28, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
run-file doc create-file macros environ write-file create-ole

VirusTotal metadata
First submission 2016-05-24 11:07:10 UTC ( 1 year, 4 months ago )
Last submission 2016-06-03 10:16:56 UTC ( 1 year, 3 months ago )
File names Security Report ID_11701573_.doc
Security Report ID(11701573).doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!