× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: 17e89651bb35aba8a89b527c3f1c8a2bca1d06e3e070c8f2e11bfaa0c0600533
Ime datoteke: Payslip_Dec_2016_6946345.doc
Omjer otkrivanja: 12 / 55
Datum analize: 2016-12-19 11:33:52 UTC (prije 6 mjeseci) Pogledaj posljednje
Antivirus Rezultat Ažuriranje
AegisLab HERU.VBA.8okc 20161219
AhnLab-V3 VBA/Form 20161219
Arcabit HEUR.VBA.Trojan.e 20161219
CAT-QuickHeal O97M.Locky.AA 20161219
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20161219
McAfee W97M/Downloader.brv 20161219
McAfee-GW-Edition W97M/Downloader.brv 20161219
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20161219
Panda O97M/Downloader 20161218
Qihoo-360 virus.office.obfuscated.1 20161219
Rising Trojan.DL-Generic/Macro!1.A4C9 (classic) 20161219
TrendMicro HEUR_VBA.O2 20161219
Ad-Aware 20161219
Alibaba 20161219
ALYac 20161219
Antiy-AVL 20161219
Avast 20161219
AVG 20161219
Avira (no cloud) 20161219
AVware 20161219
Baidu 20161207
BitDefender 20161219
Bkav 20161217
ClamAV 20161219
CMC 20161219
Comodo 20161219
CrowdStrike Falcon (ML) 20161024
Cyren 20161219
DrWeb 20161219
Emsisoft 20161219
ESET-NOD32 20161219
F-Prot 20161219
F-Secure 20161219
Fortinet 20161219
GData 20161219
Ikarus 20161219
Invincea 20161216
Jiangmin 20161219
K7AntiVirus 20161218
K7GW 20161219
Kingsoft 20161219
Malwarebytes 20161219
Microsoft 20161219
eScan 20161219
nProtect 20161219
Sophos 20161219
SUPERAntiSpyware 20161219
Symantec 20161219
Tencent 20161219
TheHacker 20161214
TrendMicro-HouseCall 20161219
Trustlook 20161219
VBA32 20161219
VIPRE 20161219
ViRobot 20161219
WhiteArmor 20161212
Yandex 20161217
Zillya 20161216
Zoner 20161219
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May try to run other files, shell commands or applications.
May create OLE objects.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] FozaLogic.cls word/vbaProject.bin VBA/FozaLogic 75 bytes
[+] Modu__le1.bas word/vbaProject.bin VBA/Modu__le1 8904 bytes
exe-pattern create-ole handle-file obfuscated open-file write-file
[+] Vernisagee__4.bas word/vbaProject.bin VBA/Vernisagee__4 3381 bytes
obfuscated open-file run-file write-file
[+] Ishimitsu.cls word/vbaProject.bin VBA/Ishimitsu 1237 bytes
Content types
bin
rels
xml
Package relationships
word/document.xml
docProps/custom.xml
docProps/app.xml
docProps/core.xml
Core document properties
revision
1
created
2016-12-19T10:28:00Z
modified
2016-12-19T10:28:00Z
contentStatus
\u041e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
1
Words
0
Characters
0
Application
Microsoft Office Word
DocSecurity
0
Lines
0
Paragraphs
0
ScaleCrop
false
LinksUpToDate
false
CharactersWithSpaces
0
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
2
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2016:12:19 10:28:00Z

ZipCRC
0x20019884

Tag_MarkAsFinal
True

Words
0

ScaleCrop
No

RevisionNumber
1

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2016:12:19 10:28:00Z

Lines
0

AppVersion
16.0

ZipUncompressedSize
1578

ZipCompressedSize
404

Characters
0

CharactersWithSpaces
0

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
1

FileTypeExtension
docm

Paragraphs
0

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
93153
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
11
bin
1
Contained files by type
XML
14
Microsoft Office
1
File identification
MD5 28e3bf9d1c254eda1badd8505ab59324
SHA1 98ebec33819c12228667295739abe4fd86a56939
SHA256 17e89651bb35aba8a89b527c3f1c8a2bca1d06e3e070c8f2e11bfaa0c0600533
ssdeep
768:Ddivyre/H3FL615lDXh2yrUEeeOK06STirLfxl1EO:ZiKq3F+15lwIre3KzLfxd

File size 33.1 KB ( 33857 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.6%)
Word Microsoft Office Open XML Format document (24.2%)
Open Packaging Conventions container (18.0%)
ZIP compressed archive (4.1%)
Tags
obfuscated open-file exe-pattern handle-file run-file macros docx attachment write-file create-ole

VirusTotal metadata
First submission 2016-12-19 11:10:59 UTC (prije 6 mjeseci)
Last submission 2017-01-04 16:40:32 UTC (prije 5 mjeseci, 2 tjedna)
Imena datoteka Payslip_Dec_2016_1675139.doc
Payslip_Dec_2016_18311344.doc
Payslip_Dec_2016_638555.doc
0888f31aeb3b1907106ec500b8d3b2be
Payslip_Dec_2016_78736.doc
Payslip_Dec_2016_5089944.doc
Payslip_Dec_2016_911895.doc
Payslip_Dec_2016_46402.doc
Payslip_Dec_2016_23436.doc
Payslip_Dec_2016_44886802.doc
Payslip_Dec_2016_5417648.doc
Payslip_Dec_2016_544291.doc
Payslip_Dec_2016_1829567.doc
Payslip_Dec_2016_6946345.doc
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!