× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
檔案名稱: Health_insurance_registration.doc
偵測率: 34 / 58
分析日期: 2017-07-18 20:54:18 UTC ( 1 週 前 )
防毒 結果 更新
Ad-Aware W97m.Downloader.FAN 20170718
AegisLab W97M.Pws.Gen!c 20170718
AhnLab-V3 W97M/Downloader 20170718
ALYac W97m.Downloader.FAN 20170718
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayl 20170718
Arcabit W97m.Downloader.FAN 20170718
Avast VBA:Downloader-CFK [Trj] 20170718
AVG VBA:Downloader-CFK [Trj] 20170718
BitDefender W97m.Downloader.FAN 20170718
CAT-QuickHeal W97M.Downloader.TX 20170718
ClamAV Doc.Dropper.MagicHound-5859115-0 20170718
Cyren W97M/Agent.gen 20170718
DrWeb W97M.DownLoader.1378 20170718
Emsisoft W97m.Downloader.FAN (B) 20170718
ESET-NOD32 VBA/TrojanDownloader.Agent.CHX 20170718
F-Prot W97M/Agent.gen 20170718
F-Secure W97m.Downloader.FAN 20170718
Fortinet WM/Agent.E3C2!tr 20170718
GData W97m.Downloader.FAN 20170718
Ikarus Trojan-Downloader.VBA.Agent 20170718
Kaspersky Trojan-Downloader.MSWord.Agent.ayl 20170718
MAX malware (ai score=86) 20170718
McAfee W97M/Downloader.buq 20170718
McAfee-GW-Edition W97M/Downloader.buq 20170718
Microsoft TrojanDownloader:O97M/Powmet.A 20170718
eScan W97m.Downloader.FAN 20170718
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170718
Qihoo-360 heur.macro.powershell.b 20170718
Rising Heur.Macro.powershell.a (classic) 20170718
Sophos AV Troj/DocDl-HMJ 20170718
Symantec W97M.Downloader 20170718
Tencent Word.Trojan-downloader.Agent.Dzas 20170718
TrendMicro W2KM_POWMET.NM 20170718
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayl 20170718
Alibaba 20170718
Avira (no cloud) 20170718
AVware 20170718
Baidu 20170718
Bkav 20170718
CMC 20170718
Comodo 20170718
CrowdStrike Falcon (ML) 20170710
Cylance 20170718
Endgame 20170713
Sophos ML 20170607
Jiangmin 20170718
K7AntiVirus 20170718
K7GW 20170718
Kingsoft 20170718
Malwarebytes 20170718
nProtect 20170718
Palo Alto Networks (Known Signatures) 20170718
Panda 20170718
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170718
Symantec Mobile Insight 20170718
TheHacker 20170717
TotalDefense 20170718
TrendMicro-HouseCall 20170718
Trustlook 20170718
VBA32 20170718
VIPRE 20170718
ViRobot 20170718
Webroot 20170718
WhiteArmor 20170713
Yandex 20170717
Zillya 20170718
Zoner 20170718
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-02 07:49:00
revision_number
2
author
ArcherR
word_count
502
page_count
1
comments
HealthSecure User Registration Form
last_saved
2017-01-02 07:49:00
template
Forms template.dot
last_printed
2013-06-20 07:27:00
keywords
HealthSecure User Registration Form
title
HealthSecure User Registration Form
character_count
2866
subject
HealthSecure User Registration Form
code_page
Latin I
application_name
Microsoft Office Word
Document summary
category
Form
line_count
23
company
ACC
characters_with_spaces
3362
manager
n
version
983040
paragraph_count
6
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
7104
type_literal
stream
size
114
name
\x01CompObj
sid
20
type_literal
stream
size
360
name
\x05DocumentSummaryInformation
sid
12
type_literal
stream
size
576
name
\x05SummaryInformation
sid
11
type_literal
stream
size
49587
name
1Table
sid
10
type_literal
stream
size
38346
name
Data
sid
1
type_literal
stream
size
446
name
Macros/PROJECT
sid
18
type_literal
stream
size
41
name
Macros/PROJECTwm
sid
19
type_literal
stream
size
15762
type
macro
name
Macros/VBA/ThisDocument
sid
16
type_literal
stream
size
3589
name
Macros/VBA/_VBA_PROJECT
sid
17
type_literal
stream
size
774
name
Macros/VBA/dir
sid
15
type_literal
stream
size
128
name
ObjectPool/_1544855745/\x01CompObj
sid
6
type_literal
stream
size
32
name
ObjectPool/_1544855745/\x03OCXNAME
sid
8
type_literal
stream
size
6
name
ObjectPool/_1544855745/\x03ObjInfo
sid
7
type_literal
stream
size
612
name
ObjectPool/_1544855745/\x03PRINT
sid
5
type_literal
stream
size
84
name
ObjectPool/_1544855745/contents
sid
9
type_literal
stream
size
33840
name
WordDocument
sid
2
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9280 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
Category
Form

SharedDoc
No

Author
ArcherR

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Forms template.dot

CharCountWithSpaces
3362

CreateDate
2017:01:02 06:49:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:02 06:49:00

TitleOfParts
HealthSecure User Registration Form

Company
ACC

Title
HealthSecure User Registration Form

HyperlinksChanged
No

Characters
2866

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
502

FileType
DOC

Lines
23

AppVersion
15.0

Comments
HealthSecure User Registration Form

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
1

CompObjUserTypeLen
32

Manager
n

FileTypeExtension
doc

Paragraphs
6

Keywords
HealthSecure User Registration Form

LastPrinted
2013:06:20 06:27:00

Subject
HealthSecure User Registration Form

File identification
MD5 1b5e33e5a244d2d67d7a09c4ccf16e56
SHA1 934c51ff1ea00af2cb3b8465f0a3effcf759d866
SHA256 66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b
ssdeep
3072:Y/E10b0O1gnTTTrF60yDTTTTTnDRDxHiIBgOSbZXO49W:RlPFANHiIBgOSbZXO

File size 147.5 KB ( 151040 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: HealthSecure User Registration Form, Subject: HealthSecure User Registration Form, Author: ArcherR, Keywords: HealthSecure User Registration Form, Comments: HealthSecure User Registration Form, Template: Forms template.dot, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Last Printed: Wed Jun 19 06:27:00 2013, Create Time/Date: Sun Jan 01 06:49:00 2017, Last Saved Time/Date: Sun Jan 01 06:49:00 2017, Number of Pages: 1, Number of Words: 502, Number of Characters: 2866, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-02 15:36:50 UTC ( 6 月, 3 週 前 )
Last submission 2017-02-03 04:01:05 UTC ( 5 月, 3 週 前 )
檔案名稱 Health_insurance_registration.doc
0j74w
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!