× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
Nombre: Health_insurance_registration.doc_
Detecciones: 34 / 58
Fecha de análisis: 2017-11-18 01:56:18 UTC ( hace 1 semana )
Antivirus Resultado Actualización
Ad-Aware W97m.Downloader.FAN 20171118
AegisLab W97M.Pws.Gen!c 20171118
AhnLab-V3 W97M/Downloader 20171117
ALYac W97m.Downloader.FAN 20171118
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayl 20171118
Avast VBA:Downloader-CFK [Trj] 20171118
AVG VBA:Downloader-CFK [Trj] 20171118
Baidu VBA.Trojan-Downloader.Agent.bvr 20171117
BitDefender W97m.Downloader.FAN 20171118
CAT-QuickHeal W97M.Downloader.TX 20171117
ClamAV Doc.Dropper.MagicHound-5859115-0 20171118
Cyren W97M/Agent.gen 20171118
DrWeb W97M.DownLoader.1378 20171118
eGambit Trojan.Generic 20171118
Emsisoft W97m.Downloader.FAN (B) 20171118
ESET-NOD32 VBA/TrojanDownloader.Agent.CHX 20171118
F-Prot W97M/Agent.gen 20171118
F-Secure W97m.Downloader.FAN 20171118
Fortinet WM/Agent.E3C2!tr 20171118
GData W97m.Downloader.FAN 20171118
Ikarus Trojan-Downloader.VBA.Agent 20171117
Kaspersky Trojan-Downloader.MSWord.Agent.ayl 20171118
MAX malware (ai score=100) 20171118
McAfee W97M/Downloader.buq 20171118
McAfee-GW-Edition W97M/Downloader.buq 20171118
Microsoft TrojanDownloader:O97M/Powmet.A 20171118
eScan W97m.Downloader.FAN 20171118
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20171118
Qihoo-360 heur.macro.powershell.b 20171118
Sophos AV Troj/DocDl-HMJ 20171118
Symantec W97M.Downloader 20171117
Tencent Heur:Trojan.Script.Generic.7026064.0 20171118
TrendMicro-HouseCall W2KM_POWMET.NM 20171117
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayl 20171118
Alibaba 20170911
Arcabit 20171117
Avast-Mobile 20171117
Avira (no cloud) 20171117
AVware 20171118
Bkav 20171117
CMC 20171117
Comodo 20171118
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Endgame 20171024
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171118
Kingsoft 20171118
Malwarebytes 20171118
nProtect 20171118
Palo Alto Networks (Known Signatures) 20171118
Panda 20171117
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171118
Symantec Mobile Insight 20171117
TheHacker 20171117
TotalDefense 20171117
Trustlook 20171118
VBA32 20171117
VIPRE 20171117
ViRobot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171117
Zoner 20171118
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-02 07:49:00
revision_number
2
author
ArcherR
word_count
502
page_count
1
comments
HealthSecure User Registration Form
last_saved
2017-01-02 07:49:00
template
Forms template.dot
last_printed
2013-06-20 07:27:00
keywords
HealthSecure User Registration Form
title
HealthSecure User Registration Form
character_count
2866
subject
HealthSecure User Registration Form
code_page
Latin I
application_name
Microsoft Office Word
Document summary
category
Form
line_count
23
company
ACC
characters_with_spaces
3362
manager
n
version
983040
paragraph_count
6
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7104
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
360
name
\x05DocumentSummaryInformation
sid
12
type_literal
stream
size
576
name
\x05SummaryInformation
sid
11
type_literal
stream
size
49587
name
1Table
sid
10
type_literal
stream
size
38346
name
Data
sid
1
type_literal
stream
size
446
name
Macros/PROJECT
sid
18
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
15762
type
macro
name
Macros/VBA/ThisDocument
sid
16
type_literal
stream
size
3589
name
Macros/VBA/_VBA_PROJECT
sid
17
type_literal
stream
size
774
name
Macros/VBA/dir
sid
15
type_literal
stream
size
128
name
ObjectPool/_1544855745/\x01CompObj
sid
6
type_literal
stream
size
32
name
ObjectPool/_1544855745/\x03OCXNAME
sid
8
type_literal
stream
size
6
name
ObjectPool/_1544855745/\x03ObjInfo
sid
7
type_literal
stream
size
612
name
ObjectPool/_1544855745/\x03PRINT
sid
5
type_literal
stream
size
84
name
ObjectPool/_1544855745/contents
sid
9
type_literal
stream
size
33840
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9280 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
Category
Form

SharedDoc
No

Author
ArcherR

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Forms template.dot

CharCountWithSpaces
3362

CreateDate
2017:01:02 06:49:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:02 06:49:00

TitleOfParts
HealthSecure User Registration Form

Company
ACC

Title
HealthSecure User Registration Form

HyperlinksChanged
No

Characters
2866

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
502

FileType
DOC

Lines
23

AppVersion
15.0

Comments
HealthSecure User Registration Form

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Manager
n

FileTypeExtension
doc

Paragraphs
6

Keywords
HealthSecure User Registration Form

LastPrinted
2013:06:20 06:27:00

Subject
HealthSecure User Registration Form

File identification
MD5 1b5e33e5a244d2d67d7a09c4ccf16e56
SHA1 934c51ff1ea00af2cb3b8465f0a3effcf759d866
SHA256 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
ssdeep
3072:Y/E10b0O1gnTTTrF60yDTTTTTnDRDxHiIBgOSbZXO49W:RlPFANHiIBgOSbZXO

Tamaño del fichero 147.5 KB ( 151040 bytes )
Tipo MS Word Document
Magic literal
Windows, Version 6.2, Code page: 1252, Title: HealthSecure User Registration Form, Subject: HealthSecure User Registration Form, Author: ArcherR, Keywords: HealthSecure User Registration Form, Comments: HealthSecure User Registration Form, Template: Forms template.dot, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Last Printed: Wed Jun 19 06:27:00 2013, Create Time/Date: Sun Jan 01 06:49:00 2017, Last Saved Time/Date: Sun Jan 01 06:49:00 2017, Number of Pages: 1, Number of Words: 502, Number of Characters: 2866, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-02 15:36:50 UTC ( hace 10 meses, 3 semanas )
Last submission 2017-11-08 22:31:58 UTC ( hace 2 semanas, 2 días )
Nombres Health_insurance_registration.doc
Health_insurance_registration.doc_
myvtfile.exe
0j74w
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!