× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
Nombre: myvtfile.exe
Detecciones: 35 / 56
Fecha de análisis: 2017-09-21 01:45:03 UTC ( hace 23 horas, 7 minutos )
Antivirus Resultado Actualización
Ad-Aware W97m.Downloader.FAN 20170920
AegisLab W97M.Pws.Gen!c 20170921
AhnLab-V3 W97M/Downloader 20170920
ALYac W97m.Downloader.FAN 20170920
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayl 20170921
Arcabit W97m.Downloader.FAN 20170920
Avast VBA:Downloader-CFK [Trj] 20170920
AVG VBA:Downloader-CFK [Trj] 20170920
Baidu VBA.Trojan-Downloader.Agent.bvr 20170920
BitDefender W97m.Downloader.FAN 20170920
CAT-QuickHeal W97M.Downloader.TX 20170920
ClamAV Doc.Dropper.MagicHound-5859115-0 20170921
Cyren W97M/Agent.gen 20170920
DrWeb W97M.DownLoader.1378 20170920
Emsisoft W97m.Downloader.FAN (B) 20170921
ESET-NOD32 VBA/TrojanDownloader.Agent.CHX 20170921
F-Prot W97M/Agent.gen 20170920
F-Secure W97m.Downloader.FAN 20170920
Fortinet WM/Agent.E3C2!tr 20170921
GData W97m.Downloader.FAN 20170920
Ikarus Trojan-Downloader.VBA.Agent 20170920
Kaspersky Trojan-Downloader.MSWord.Agent.ayl 20170921
MAX malware (ai score=100) 20170920
McAfee W97M/Downloader.buq 20170920
McAfee-GW-Edition W97M/Downloader.buq 20170920
Microsoft TrojanDownloader:O97M/Powmet.A 20170920
eScan W97m.Downloader.FAN 20170921
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170921
Qihoo-360 heur.macro.powershell.b 20170921
Rising Heur.Macro.powershell.a (CLASSIC) 20170921
Sophos AV Troj/DocDl-HMJ 20170921
Symantec W97M.Downloader 20170920
Tencent Heur:Trojan.Script.Generic.7026064.0 20170921
TrendMicro-HouseCall W2KM_POWMET.NM 20170921
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayl 20170920
Alibaba 20170911
Avast-Mobile 20170829
Avira (no cloud) 20170920
AVware 20170920
CMC 20170920
Comodo 20170920
CrowdStrike Falcon (ML) 20170804
Cylance 20170921
Endgame 20170821
Sophos ML 20170914
Jiangmin 20170921
K7AntiVirus 20170920
K7GW 20170920
Kingsoft 20170921
Malwarebytes 20170920
nProtect 20170920
Palo Alto Networks (Known Signatures) 20170921
Panda 20170920
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170920
TheHacker 20170916
TotalDefense 20170920
Trustlook 20170921
VBA32 20170920
VIPRE 20170920
ViRobot 20170920
WhiteArmor 20170829
Yandex 20170908
Zoner 20170921
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-02 07:49:00
revision_number
2
author
ArcherR
word_count
502
page_count
1
comments
HealthSecure User Registration Form
last_saved
2017-01-02 07:49:00
template
Forms template.dot
last_printed
2013-06-20 07:27:00
keywords
HealthSecure User Registration Form
title
HealthSecure User Registration Form
character_count
2866
subject
HealthSecure User Registration Form
code_page
Latin I
application_name
Microsoft Office Word
Document summary
category
Form
line_count
23
company
ACC
characters_with_spaces
3362
manager
n
version
983040
paragraph_count
6
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7104
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
360
name
\x05DocumentSummaryInformation
sid
12
type_literal
stream
size
576
name
\x05SummaryInformation
sid
11
type_literal
stream
size
49587
name
1Table
sid
10
type_literal
stream
size
38346
name
Data
sid
1
type_literal
stream
size
446
name
Macros/PROJECT
sid
18
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
15762
type
macro
name
Macros/VBA/ThisDocument
sid
16
type_literal
stream
size
3589
name
Macros/VBA/_VBA_PROJECT
sid
17
type_literal
stream
size
774
name
Macros/VBA/dir
sid
15
type_literal
stream
size
128
name
ObjectPool/_1544855745/\x01CompObj
sid
6
type_literal
stream
size
32
name
ObjectPool/_1544855745/\x03OCXNAME
sid
8
type_literal
stream
size
6
name
ObjectPool/_1544855745/\x03ObjInfo
sid
7
type_literal
stream
size
612
name
ObjectPool/_1544855745/\x03PRINT
sid
5
type_literal
stream
size
84
name
ObjectPool/_1544855745/contents
sid
9
type_literal
stream
size
33840
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9280 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
Category
Form

SharedDoc
No

Author
ArcherR

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Forms template.dot

CharCountWithSpaces
3362

CreateDate
2017:01:02 06:49:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:02 06:49:00

TitleOfParts
HealthSecure User Registration Form

Company
ACC

Title
HealthSecure User Registration Form

HyperlinksChanged
No

Characters
2866

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
502

FileType
DOC

Lines
23

AppVersion
15.0

Comments
HealthSecure User Registration Form

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Manager
n

FileTypeExtension
doc

Paragraphs
6

Keywords
HealthSecure User Registration Form

LastPrinted
2013:06:20 06:27:00

Subject
HealthSecure User Registration Form

File identification
MD5 1b5e33e5a244d2d67d7a09c4ccf16e56
SHA1 934c51ff1ea00af2cb3b8465f0a3effcf759d866
SHA256 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
ssdeep
3072:Y/E10b0O1gnTTTrF60yDTTTTTnDRDxHiIBgOSbZXO49W:RlPFANHiIBgOSbZXO

Tamaño del fichero 147.5 KB ( 151040 bytes )
Tipo MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: HealthSecure User Registration Form, Subject: HealthSecure User Registration Form, Author: ArcherR, Keywords: HealthSecure User Registration Form, Comments: HealthSecure User Registration Form, Template: Forms template.dot, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Last Printed: Wed Jun 19 06:27:00 2013, Create Time/Date: Sun Jan 01 06:49:00 2017, Last Saved Time/Date: Sun Jan 01 06:49:00 2017, Number of Pages: 1, Number of Words: 502, Number of Characters: 2866, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-02 15:36:50 UTC ( hace 8 meses, 3 semanas )
Last submission 2017-08-18 03:07:25 UTC ( hace 1 mes )
Nombres Health_insurance_registration.doc
myvtfile.exe
0j74w
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!