× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6
檔案名稱: qhtma
偵測率: 36 / 57
分析日期: 2017-03-30 04:54:45 UTC ( 5 月, 3 週 前 )
防毒 結果 更新
Ad-Aware W97m.Downloader.FAN 20170330
AegisLab Troj.Downloader.Msword.Agent!c 20170330
AhnLab-V3 W2KM/Downloader 20170329
ALYac W97m.Downloader.FAN 20170330
Antiy-AVL Trojan[Downloader]/MSWord.Agent.ayk 20170330
Arcabit W97m.Downloader.FAN 20170330
Avast VBA:Downloader-CFK [Trj] 20170330
AVG W97M/PWS 20170330
Baidu VBA.Trojan-Downloader.Agent.bft 20170330
BitDefender W97m.Downloader.FAN 20170330
CAT-QuickHeal W97M.Downloader.TC 20170329
ClamAV Doc.Dropper.MagicHound-5859115-0 20170330
Cyren W97M/Agent.gen 20170330
DrWeb W97M.DownLoader.1378 20170330
Emsisoft W97m.Downloader.FAN (B) 20170330
ESET-NOD32 VBA/TrojanDownloader.Agent.CHV 20170330
F-Prot W97M/Agent.gen 20170330
F-Secure W97m.Downloader.FAN 20170330
Fortinet WM/Agent.E3C2!tr 20170330
GData W97m.Downloader.FAN 20170330
Ikarus Trojan-Downloader.VBA.Agent 20170329
Kaspersky Trojan-Downloader.MSWord.Agent.ayk 20170330
McAfee W97M/Downloader.buq 20170330
McAfee-GW-Edition W97M/Downloader.buq 20170330
Microsoft TrojanDownloader:O97M/Powmet.A 20170330
eScan W97m.Downloader.FAN 20170330
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170330
Qihoo-360 heur.macro.powershell.b 20170330
Rising Heur.Macro.powershell.a (classic) 20170330
Sophos AV Troj/DocDl-GPI 20170330
Symantec W97M.Downloader 20170329
Tencent Word.Trojan-downloader.Agent.Peqc 20170330
TrendMicro W2KM_POWMET.BZT 20170330
TrendMicro-HouseCall W2KM_POWMET.BZT 20170330
ViRobot DOC.Z.Agent.2773504[h] 20170330
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.ayk 20170330
Alibaba 20170330
Avira (no cloud) 20170330
AVware 20170330
Bkav 20170329
CMC 20170330
Comodo 20170330
CrowdStrike Falcon (ML) 20170130
Endgame 20170329
Sophos ML 20170203
Jiangmin 20170330
K7AntiVirus 20170329
K7GW 20170330
Kingsoft 20170330
Malwarebytes 20170330
nProtect 20170330
Palo Alto Networks (Known Signatures) 20170330
Panda 20170329
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
TheHacker 20170330
TotalDefense 20170330
Trustlook 20170330
VBA32 20170329
VIPRE 20170330
Webroot 20170330
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
Zoner 20170330
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May try to run other files, shell commands or applications.
May execute powershell commands.
May execute code from Dynamically Linked Libraries.
May try to download additional files from the Internet.
Summary
last_author
Windows User
creation_datetime
2017-01-01 07:51:00
revision_number
2
author
Windows User
page_count
2
last_saved
2017-01-01 07:51:00
word_count
1997
template
Normal.dotm
application_name
Microsoft Office Word
character_count
11383
code_page
Latin I
Document summary
line_count
94
characters_with_spaces
13354
version
983040
paragraph_count
26
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
11136
type_literal
stream
sid
24
name
\x01CompObj
size
114
type_literal
stream
sid
12
name
\x05DocumentSummaryInformation
size
280
type_literal
stream
sid
11
name
\x05SummaryInformation
size
428
type_literal
stream
sid
10
name
1Table
size
1214227
type_literal
stream
sid
1
name
Data
size
8775
type_literal
stream
sid
22
name
Macros/PROJECT
size
444
type_literal
stream
sid
23
name
Macros/PROJECTwm
size
41
type_literal
stream
sid
20
type
macro
name
Macros/VBA/ThisDocument
size
18649
type_literal
stream
sid
21
name
Macros/VBA/_VBA_PROJECT
size
3720
type_literal
stream
sid
16
name
Macros/VBA/__SRP_0
size
19783
type_literal
stream
sid
17
name
Macros/VBA/__SRP_1
size
478
type_literal
stream
sid
18
name
Macros/VBA/__SRP_2
size
3067
type_literal
stream
sid
19
name
Macros/VBA/__SRP_3
size
522
type_literal
stream
sid
15
name
Macros/VBA/dir
size
772
type_literal
stream
sid
6
name
ObjectPool/_1544769442/\x01CompObj
size
128
type_literal
stream
sid
8
name
ObjectPool/_1544769442/\x03OCXNAME
size
32
type_literal
stream
sid
7
name
ObjectPool/_1544769442/\x03ObjInfo
size
6
type_literal
stream
sid
5
name
ObjectPool/_1544769442/\x03PRINT
size
570
type_literal
stream
sid
9
name
ObjectPool/_1544769442/contents
size
80
type_literal
stream
sid
2
name
WordDocument
size
1472398
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 9483 bytes
exe-pattern download powershell run-dll run-file
ExifTool file metadata
SharedDoc
No

Author
Windows User

CodePage
Windows Latin 1 (Western European)

LinksUpToDate
No

LastModifiedBy
Windows User

HeadingPairs
Title, 1

Template
Normal.dotm

CharCountWithSpaces
13354

CreateDate
2017:01:01 06:51:00

CompObjUserType
Microsoft Word 97-2003 Document

ModifyDate
2017:01:01 06:51:00

HyperlinksChanged
No

Characters
11383

ScaleCrop
No

RevisionNumber
2

MIMEType
application/msword

Words
1997

FileType
DOC

Lines
94

AppVersion
15.0

Security
None

Software
Microsoft Office Word

TotalEditTime
0

Pages
2

CompObjUserTypeLen
32

FileTypeExtension
doc

Paragraphs
26

File identification
MD5 43fad2d62bc23ffdc6d301571135222c
SHA1 735f5d7ef0c5129f0574bec3cf3d6b06b052744a
SHA256 e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6
ssdeep
49152:WWaIzOEKjDfUzSM6tI2Wy/L86dMMnpMisarqImfpbxtcw:WWCRjL+ShW3u9npMUqImxc

File size 2.6 MB ( 2773504 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: Windows User, Template: Normal.dotm, Last Saved By: Windows User, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sat Dec 31 06:51:00 2016, Last Saved Time/Date: Sat Dec 31 06:51:00 2016, Number of Pages: 2, Number of Words: 1997, Number of Characters: 11383, Security: 0

TrID Microsoft Word document (54.2%)
Microsoft Word document (old ver.) (32.2%)
Generic OLE2 / Multistream Compound File (13.5%)
Tags
run-file exe-pattern doc macros run-dll download powershell

VirusTotal metadata
First submission 2017-01-01 20:29:43 UTC ( 8 月, 3 週 前 )
Last submission 2017-01-02 10:23:44 UTC ( 8 月, 3 週 前 )
檔案名稱 qhtma
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!