× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: 60446bc37e8930607008e6cae80015c2a6619f202ad1d73eab21ef9efd1765ed
Tên tập tin: QG61RL.docm
Tỷ lệ phát hiện: 15 / 58
Ngày phân tích: 2017-05-11 08:50:13 UTC ( 7 tháng trước ) Xem mới nhất
Chương trình Kết quả Cập nhật
AegisLab Vba.Gen!c 20170511
Avira (no cloud) W2000M/Agent.0446414 20170511
Baidu VBA.Trojan-Downloader.Agent.bae 20170503
CAT-QuickHeal O97M.Downloader.AJK 20170511
F-Secure Trojan-Downloader:W97M/Dridex.Z 20170511
Fortinet WM/TrojanDownloader.7A51!tr 20170511
Ikarus Trojan-Downloader.VBA.Agent 20170511
McAfee W97M/Downloader.bxw 20170511
McAfee-GW-Edition W97M/Downloader.bxw 20170510
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170511
Qihoo-360 virus.office.obfuscated.1 20170511
Rising Heur.Macro.Downloader.d (classic) 20170511
Symantec W97M.Downloader 20170510
TrendMicro HEUR_VBA.O2 20170511
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170511
Ad-Aware 20170511
AhnLab-V3 20170511
Alibaba 20170511
ALYac 20170511
Antiy-AVL 20170511
Arcabit 20170511
Avast 20170511
AVG 20170511
AVware 20170508
BitDefender 20170511
Bkav 20170511
ClamAV 20170511
CMC 20170510
Comodo 20170511
CrowdStrike Falcon (ML) 20170130
Cyren 20170511
DrWeb 20170511
Emsisoft 20170511
Endgame 20170503
ESET-NOD32 20170511
F-Prot 20170511
GData 20170511
Sophos ML 20170413
Jiangmin 20170510
K7AntiVirus 20170511
K7GW 20170510
Kaspersky 20170511
Kingsoft 20170511
Malwarebytes 20170511
Microsoft 20170511
eScan 20170511
nProtect 20170511
Palo Alto Networks (Known Signatures) 20170511
Panda 20170510
SentinelOne (Static ML) 20170330
Sophos AV 20170511
SUPERAntiSpyware 20170511
Symantec Mobile Insight 20170511
Tencent 20170511
TheHacker 20170508
TrendMicro-HouseCall 20170511
VBA32 20170510
VIPRE 20170511
ViRobot 20170511
Webroot 20170511
WhiteArmor 20170502
Yandex 20170510
Zillya 20170505
Zoner 20170511
The file being studied follows the Open XML file format! More specifically, it is a Office Open XML Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May write to a file.
May perform operations with other files.
May create OLE objects.
May enumerate open windows.
Seems to contain deobfuscation code.
Macros and VBA code streams
[+] ThisDocument.cls word/vbaProject.bin VBA/ThisDocument 80 bytes
[+] Cooper.cls word/vbaProject.bin VBA/Cooper 253 bytes
[+] Module3.bas word/vbaProject.bin VBA/Module3 3256 bytes
exe-pattern
[+] Module1.bas word/vbaProject.bin VBA/Module1 3709 bytes
create-ole enum-windows handle-file obfuscated open-file write-file
[+] Module2.bas word/vbaProject.bin VBA/Module2 2559 bytes
exe-pattern create-ole obfuscated
Content types
bin
rels
jpg
xml
Package relationships
word/document.xml
docProps/app.xml
docProps/core.xml
Core document properties
dc:creator
2
cp:lastModifiedBy
1
cp:revision
2
dcterms:created
2017-05-09T08:24:00Z
dcterms:modified
2017-05-09T08:24:00Z
Application document properties
Template
Normal.dotm
TotalTime
0
Pages
2
Words
1
Characters
6
Application
Microsoft Office Word
DocSecurity
0
Lines
1
Paragraphs
1
ScaleCrop
false
vt:lpstr
\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
vt:i4
1
LinksUpToDate
false
CharactersWithSpaces
6
SharedDoc
false
HyperlinksChanged
false
AppVersion
16.0000
Document languages
Language
Prevalence
ru-ru
3
en-us
1
ar-sa
1
ExifTool file metadata
SharedDoc
No

HyperlinksChanged
No

LinksUpToDate
No

LastModifiedBy
1

HeadingPairs
, 1

ZipFileName
[Content_Types].xml

Template
Normal.dotm

ZipRequiredVersion
20

ModifyDate
2017:05:09 08:24:00Z

ZipCRC
0x2d551a4d

Words
1

ScaleCrop
No

RevisionNumber
2

MIMEType
application/vnd.ms-word.document.macroEnabled

ZipBitFlag
0x0006

CreateDate
2017:05:09 08:24:00Z

Lines
1

AppVersion
16.0

ZipUncompressedSize
1504

ZipCompressedSize
400

Characters
6

CharactersWithSpaces
6

DocSecurity
None

ZipModifyDate
1980:01:01 00:00:00

FileType
DOCM

Application
Microsoft Office Word

TotalEditTime
0

ZipCompression
Deflated

Pages
2

Creator
2

FileTypeExtension
docm

Paragraphs
1

The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
15
Uncompressed size
137906
Highest datetime
1980-01-01 00:00:00
Lowest datetime
1980-01-01 00:00:00
Contained files by extension
xml
10
bin
1
jpg
1
Contained files by type
XML
13
Microsoft Office
1
JPG
1
File identification
MD5 ccb025f7334dfbe0d51d02aa3a234640
SHA1 720eb725d345da8f24d45229258b2dbdb2718a96
SHA256 60446bc37e8930607008e6cae80015c2a6619f202ad1d73eab21ef9efd1765ed
ssdeep
1536:i24fA7wV11Xjoemr/3lypPpHSNZetooifW09lEq7aX:OfA21THmj3lypVSNZetookW0Lw

File size 71.4 KB ( 73163 bytes )
File type Office Open XML Document
Magic literal
Zip archive data, at least v2.0 to extract

TrID Word Microsoft Office Open XML Format document (with Macro) (53.6%)
Word Microsoft Office Open XML Format document (24.2%)
Open Packaging Conventions container (18.0%)
ZIP compressed archive (4.1%)
Tags
obfuscated open-file enum-windows exe-pattern handle-file docx macros write-file create-ole

VirusTotal metadata
First submission 2017-05-11 07:59:10 UTC ( 7 tháng trước )
Last submission 2017-05-11 13:11:02 UTC ( 7 tháng trước )
Tên tập tin QG61RL.docm
JAFF RANSOMWARE (3)
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!