× Cookies sú vypnuté! Aby táto stránka vyžaduje mať zapnuté cookies aby fungovala správne.
SHA256: 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
Názov súboru: Health_insurance_registration.doc
Pomer detekcie: 34 / 57
Dátum analýzy: 2017-05-18 21:34:16 UTC ( pred 1 mesiac, 1 týždeň )
Antivírus Výsledok Aktualizovať
Ad-Aware W97m.Downloader.FAN 20170518
AegisLab W97M.Pws.Gen!c 20170518
AhnLab-V3 W97M/Downloader 20170518
ALYac W97m.Downloader.FAN 20170518
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayl 20170518
Arcabit W97m.Downloader.FAN 20170518
Avast VBA:Downloader-CFK [Trj] 20170518
AVG W97M/PWS 20170518
BitDefender W97m.Downloader.FAN 20170518
CAT-QuickHeal W97M.Downloader.TX 20170518
ClamAV Doc.Dropper.MagicHound-5859115-0 20170518
Cyren W97M/Agent.gen 20170518
DrWeb W97M.DownLoader.1378 20170518
Emsisoft W97m.Downloader.FAN (B) 20170518
ESET-NOD32 VBA/TrojanDownloader.Agent.CHX 20170518
F-Prot W97M/Agent.gen 20170518
F-Secure W97m.Downloader.FAN 20170518
Fortinet WM/Agent.E3C2!tr 20170518
GData W97m.Downloader.FAN 20170518
Ikarus Trojan-Downloader.VBA.Agent 20170518
Kaspersky Trojan-Downloader.MSWord.Agent.ayl 20170518
McAfee W97M/Downloader.buq 20170518
McAfee-GW-Edition W97M/Downloader.buq 20170518
Microsoft TrojanDownloader:O97M/Powmet.A 20170518
eScan W97m.Downloader.FAN 20170518
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170518
Qihoo-360 heur.macro.powershell.b 20170518
Rising Heur.Macro.powershell.a (classic) 20170518
Sophos Troj/DocDl-HMJ 20170518
Symantec W97M.Downloader 20170518
Tencent Word.Trojan-downloader.Agent.Dzas 20170518
TrendMicro W2KM_POWMET.NM 20170518
TrendMicro-HouseCall W2KM_POWMET.NM 20170518
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayl 20170518
Alibaba 20170518
Avira (no cloud) 20170518
AVware 20170518
Baidu 20170503
Bkav 20170518
CMC 20170518
Comodo 20170518
CrowdStrike Falcon (ML) 20170130
Endgame 20170515
Invincea 20170516
Jiangmin 20170518
K7AntiVirus 20170518
K7GW 20170518
Kingsoft 20170518
Malwarebytes 20170518
nProtect 20170518
Palo Alto Networks (Known Signatures) 20170518
Panda 20170518
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170518
Symantec Mobile Insight 20170518
TheHacker 20170516
TotalDefense 20170518
Trustlook 20170518
VBA32 20170518
VIPRE 20170518
ViRobot 20170518
Webroot 20170518
WhiteArmor 20170517
Yandex 20170518
Zillya 20170518
Zoner 20170518
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-02 07:49:00
revision_number
2
author
ArcherR
word_count
502
page_count
1
comments
HealthSecure User Registration Form
last_saved
2017-01-02 07:49:00
template
Forms template.dot
last_printed
2013-06-20 07:27:00
keywords
HealthSecure User Registration Form
title
HealthSecure User Registration Form
character_count
2866
subject
HealthSecure User Registration Form
code_page
Latin I
application_name
Microsoft Office Word
Document summary
category
Form
line_count
23
company
ACC
characters_with_spaces
3362
manager
n
version
983040
paragraph_count
6
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7104
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
360
name
\x05DocumentSummaryInformation
sid
12
type_literal
stream
size
576
name
\x05SummaryInformation
sid
11
type_literal
stream
size
49587
name
1Table
sid
10
type_literal
stream
size
38346
name
Data
sid
1
type_literal
stream
size
446
name
Macros/PROJECT
sid
18
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
15762
type
macro
name
Macros/VBA/ThisDocument
sid
16
type_literal
stream
size
3589
name
Macros/VBA/_VBA_PROJECT
sid
17
type_literal
stream
size
774
name
Macros/VBA/dir
sid
15
type_literal
stream
size
128
name
ObjectPool/_1544855745/\x01CompObj
sid
6
type_literal
stream
size
32
name
ObjectPool/_1544855745/\x03OCXNAME
sid
8
type_literal
stream
size
6
name
ObjectPool/_1544855745/\x03ObjInfo
sid
7
type_literal
stream
size
612
name
ObjectPool/_1544855745/\x03PRINT
sid
5
type_literal
stream
size
84
name
ObjectPool/_1544855745/contents
sid
9
type_literal
stream
size
33840
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9280 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
Category
Form

SharedDoc
No

Author
ArcherR

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Forms template.dot

CharCountWithSpaces
3362

CreateDate
2017:01:02 06:49:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:02 06:49:00

TitleOfParts
HealthSecure User Registration Form

Company
ACC

Title
HealthSecure User Registration Form

HyperlinksChanged
No

Characters
2866

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
502

FileType
DOC

Lines
23

AppVersion
15.0

Comments
HealthSecure User Registration Form

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Manager
n

FileTypeExtension
doc

Paragraphs
6

Keywords
HealthSecure User Registration Form

LastPrinted
2013:06:20 06:27:00

Subject
HealthSecure User Registration Form

File identification
MD5 1b5e33e5a244d2d67d7a09c4ccf16e56
SHA1 934c51ff1ea00af2cb3b8465f0a3effcf759d866
SHA256 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
ssdeep
3072:Y/E10b0O1gnTTTrF60yDTTTTTnDRDxHiIBgOSbZXO49W:RlPFANHiIBgOSbZXO

Veľkosť súboru 147.5 KB ( 151040 bytes )
Typ súboru MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: HealthSecure User Registration Form, Subject: HealthSecure User Registration Form, Author: ArcherR, Keywords: HealthSecure User Registration Form, Comments: HealthSecure User Registration Form, Template: Forms template.dot, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Last Printed: Wed Jun 19 06:27:00 2013, Create Time/Date: Sun Jan 01 06:49:00 2017, Last Saved Time/Date: Sun Jan 01 06:49:00 2017, Number of Pages: 1, Number of Words: 502, Number of Characters: 2866, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-02 15:36:50 UTC ( pred 5 mesiacov, 3 týždne )
Last submission 2017-02-03 04:01:05 UTC ( pred 4 mesiace, 3 týždne )
Názov súborov: Health_insurance_registration.doc
0j74w
Žiadne komentáre. Žiaden člen VirusTotal komunity sa ešte nevyjadril. Buď prvý, kto sa vyjadrí!

Zanechať komentár...

?
Pridať komentár

Nie ste prihlásený. Iba registrovaný užívatelia môžu písať komentáre, príhlásiť sa a niečo zmeniť!

Žiadne hlasy. Nikto ešte nehlasoval. Buďte prvý kto tak urobí!