× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e
File name: PROJECT.doc
Detection ratio: 6 / 54
Analysis date: 2017-01-27 13:46:02 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Arcabit HEUR.VBA.Trojan.e 20170127
Fortinet WM/Agent.559B!tr.dldr 20170127
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170127
Qihoo-360 virus.office.gen.65 20170127
Symantec W97M.Downloader 20170126
TrendMicro W2KM_DLOADER.JCB 20170127
Ad-Aware 20170127
AegisLab 20170127
AhnLab-V3 20170127
Alibaba 20170122
ALYac 20170127
Antiy-AVL 20170127
Avast 20170127
AVG 20170127
Avira (no cloud) 20170127
AVware 20170127
Baidu 20170125
BitDefender 20170127
Bkav 20170123
CAT-QuickHeal 20170127
ClamAV 20170127
CMC 20170127
Comodo 20170127
CrowdStrike Falcon (ML) 20161024
Cyren 20170127
DrWeb 20170127
Emsisoft 20170127
ESET-NOD32 20170127
F-Prot 20170127
F-Secure 20170127
GData 20170127
Ikarus 20170127
Invincea 20170111
Jiangmin 20170127
K7AntiVirus 20170127
K7GW 20170127
Kaspersky 20170127
Kingsoft 20170127
Malwarebytes 20170127
McAfee 20170127
McAfee-GW-Edition 20170127
Microsoft 20170127
eScan 20170127
nProtect 20170127
Panda 20170127
Rising 20170127
Sophos 20170127
SUPERAntiSpyware 20170127
Tencent 20170127
TheHacker 20170125
TrendMicro-HouseCall 20170127
Trustlook 20170127
VBA32 20170127
VIPRE 20170127
ViRobot 20170127
WhiteArmor 20170123
Yandex 20170126
Zillya 20170126
Zoner 20170127
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
Summary
last_author
\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd Windows
creation_datetime
2017-01-27 06:14:00
template
Normal
author
\ufffd\ufffd\ufffd\ufffd\ufffd
page_count
1
last_saved
2017-01-27 06:14:00
revision_number
2
application_name
Microsoft Office Word
character_count
5
code_page
Cyrillic
Document summary
line_count
1
company
SPecialiST RePack
characters_with_spaces
5
version
917504
paragraph_count
1
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1792
type_literal
stream
size
114
name
\x01CompObj
sid
16
type_literal
stream
size
4096
name
\x05DocumentSummaryInformation
sid
4
type_literal
stream
size
4096
name
\x05SummaryInformation
sid
3
type_literal
stream
size
11555
name
1Table
sid
1
type_literal
stream
size
367
name
Macros/PROJECT
sid
15
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
14
type_literal
stream
size
84985
type
macro
name
Macros/VBA/ThisDocument
sid
11
type_literal
stream
size
16765
name
Macros/VBA/_VBA_PROJECT
sid
12
type_literal
stream
size
517
name
Macros/VBA/dir
sid
13
type_literal
stream
size
216
name
MsoDataStore/\xd0O\xd04\xd1\xdf\xc4\xc0\xc4\xc40\xdfLKL\xd5CGFI\xc9A==/Item
sid
7
type_literal
stream
size
341
name
MsoDataStore/\xd0O\xd04\xd1\xdf\xc4\xc0\xc4\xc40\xdfLKL\xd5CGFI\xc9A==/Properties
sid
8
type_literal
stream
size
15974
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 38372 bytes
run-file
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
Windows

HeadingPairs
Title, 1

Template
Normal

CharCountWithSpaces
5

CreateDate
2017:01:27 05:14:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:27 05:14:00

Company
SPecialiST RePack

Characters
5

CodePage
Windows Cyrillic

RevisionNumber
2

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
14.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

ScaleCrop
No

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
1

Compressed bundles
File identification
MD5 2fecbe8848bac4001b692f63b33354d3
SHA1 80ac1d4ae82a4f9a3f0068c79b96483fb7a7c16d
SHA256 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e
ssdeep
3072:JrlPdEgy9T7Yidr40XUAiLqAcWXhQhi/VQrlVnUKoD:JhWL9rxAcWXjVQrlNU

File size 142.0 KB ( 145408 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: �����, Template: Normal, Last Saved By: ������������ Windows, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Jan 26 05:14:00 2017, Last Saved Time/Date: Thu Jan 26 05:14:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 5, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
macros run-file attachment doc

VirusTotal metadata
First submission 2017-01-27 08:51:03 UTC ( 5 months ago )
Last submission 2017-03-31 06:48:43 UTC ( 2 months, 3 weeks ago )
File names 80AC1D4AE82A4F9A3F0068C79B96483FB7A7C16D
virus.doc
New.doc
DOC_MALWARE_margin2601
PROJECT.doc
2701.__doc
80ac1d4ae82a4f9a3f0068c79b96483fb7a7c16d.doc
2701.doc
2701.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!