× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6
ファイル名: qhtma
検出率: 36 / 57
分析日時: 2017-03-30 04:54:45 UTC (4 ヶ月前)
ウイルス対策ソフト 結果 更新日
Ad-Aware W97m.Downloader.FAN 20170330
AegisLab Troj.Downloader.Msword.Agent!c 20170330
AhnLab-V3 W2KM/Downloader 20170329
ALYac W97m.Downloader.FAN 20170330
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayk 20170330
Arcabit W97m.Downloader.FAN 20170330
Avast VBA:Downloader-CFK [Trj] 20170330
AVG W97M/PWS 20170330
Baidu VBA.Trojan-Downloader.Agent.bft 20170330
BitDefender W97m.Downloader.FAN 20170330
CAT-QuickHeal W97M.Downloader.TC 20170329
ClamAV Doc.Dropper.MagicHound-5859115-0 20170330
Cyren W97M/Agent.gen 20170330
DrWeb W97M.DownLoader.1378 20170330
Emsisoft W97m.Downloader.FAN (B) 20170330
ESET-NOD32 VBA/TrojanDownloader.Agent.CHV 20170330
F-Prot W97M/Agent.gen 20170330
F-Secure W97m.Downloader.FAN 20170330
Fortinet WM/Agent.E3C2!tr 20170330
GData W97m.Downloader.FAN 20170330
Ikarus Trojan-Downloader.VBA.Agent 20170329
Kaspersky Trojan-Downloader.MSWord.Agent.ayk 20170330
McAfee W97M/Downloader.buq 20170330
McAfee-GW-Edition W97M/Downloader.buq 20170330
Microsoft TrojanDownloader:O97M/Powmet.A 20170330
eScan W97m.Downloader.FAN 20170330
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170330
Qihoo-360 heur.macro.powershell.b 20170330
Rising Heur.Macro.powershell.a (classic) 20170330
Sophos AV Troj/DocDl-GPI 20170330
Symantec W97M.Downloader 20170329
Tencent Word.Trojan-downloader.Agent.Peqc 20170330
TrendMicro W2KM_POWMET.BZT 20170330
TrendMicro-HouseCall W2KM_POWMET.BZT 20170330
ViRobot DOC.Z.Agent.2773504[h] 20170330
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayk 20170330
Alibaba 20170330
Avira (no cloud) 20170330
AVware 20170330
Bkav 20170329
CMC 20170330
Comodo 20170330
CrowdStrike Falcon (ML) 20170130
Endgame 20170329
Sophos ML 20170203
Jiangmin 20170330
K7AntiVirus 20170329
K7GW 20170330
Kingsoft 20170330
Malwarebytes 20170330
nProtect 20170330
Palo Alto Networks (Known Signatures) 20170330
Panda 20170329
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
TheHacker 20170330
TotalDefense 20170330
Trustlook 20170330
VBA32 20170329
VIPRE 20170330
Webroot 20170330
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
Zoner 20170330
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-01 07:51:00
template
Normal.dotm
author
Windows User
page_count
2
last_saved
2017-01-01 07:51:00
word_count
1997
revision_number
2
application_name
Microsoft Office Word
character_count
11383
code_page
Latin I
Document summary
line_count
94
characters_with_spaces
13354
version
983040
paragraph_count
26
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
11136
type_literal
stream
size
114
name
\x01CompObj
sid
24
type_literal
stream
size
280
name
\x05DocumentSummaryInformation
sid
12
type_literal
stream
size
428
name
\x05SummaryInformation
sid
11
type_literal
stream
size
1214227
name
1Table
sid
10
type_literal
stream
size
8775
name
Data
sid
1
type_literal
stream
size
444
name
Macros/PROJECT
sid
22
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
23
type_literal
stream
size
18649
type
macro
name
Macros/VBA/ThisDocument
sid
20
type_literal
stream
size
3720
name
Macros/VBA/_VBA_PROJECT
sid
21
type_literal
stream
size
19783
name
Macros/VBA/__SRP_0
sid
16
type_literal
stream
size
478
name
Macros/VBA/__SRP_1
sid
17
type_literal
stream
size
3067
name
Macros/VBA/__SRP_2
sid
18
type_literal
stream
size
522
name
Macros/VBA/__SRP_3
sid
19
type_literal
stream
size
772
name
Macros/VBA/dir
sid
15
type_literal
stream
size
128
name
ObjectPool/_1544769442/\x01CompObj
sid
6
type_literal
stream
size
32
name
ObjectPool/_1544769442/\x03OCXNAME
sid
8
type_literal
stream
size
6
name
ObjectPool/_1544769442/\x03ObjInfo
sid
7
type_literal
stream
size
570
name
ObjectPool/_1544769442/\x03PRINT
sid
5
type_literal
stream
size
80
name
ObjectPool/_1544769442/contents
sid
9
type_literal
stream
size
1472398
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9483 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
SharedDoc
No

Author
Windows User

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
13354

CreateDate
2017:01:01 06:51:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:01 06:51:00

HyperlinksChanged
No

Characters
11383

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
1997

FileType
DOC

Lines
94

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
26

File identification
MD5 43fad2d62bc23ffdc6d301571135222c
SHA1 735f5d7ef0c5129f0574bec3cf3d6b06b052744a
SHA256 e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6
ssdeep
49152:WWaIzOEKjDfUzSM6tI2Wy/L86dMMnpMisarqImfpbxtcw:WWCRjL+ShW3u9npMUqImxc

File size 2.6 MB ( 2773504 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: Windows User, Template: Normal.dotm, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sat Dec 31 06:51:00 2016, Last Saved Time/Date: Sat Dec 31 06:51:00 2016, Number of Pages: 2, Number of Words: 1997, Number of Characters: 11383, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-01 20:29:43 UTC (6 ヶ月, 3 週間前)
Last submission 2017-01-02 10:23:44 UTC (6 ヶ月, 3 週間前)
ファイル名 qhtma
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。