Docs_c3447152fa1e87d68ce3e435e95c9cb0_doc_2019-06-25_20_30.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Docs_c3447152fa1e87d68ce3e435e95c9cb0.doc"
7. [*] File Size: 103424
8. [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: admin, Template: Normal, Last Saved By: FanTaZyX, Revision Number: 16, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Tue Oct 17 00:08:00 2017, Last Saved Time/Date: Wed May 22 15:46:00 2019, Number of Pages: 2, Number of Words: 307, Number of Characters: 1692, Security: 0"
9. [*] SHA256: "ab2c35132d846b466d6abe942d24667a21fcac7c8fe4a6e92db97cde7a0a2576"
10. [*] MD5: "c3447152fa1e87d68ce3e435e95c9cb0"
11. [*] SHA1: "634e353e4df0b9250dce800ba4d0903bb9ea0860"
12. [*] SHA512: "c87ece315a70e49a4be467308775f5c7f735cc59e487f479f4dd11f0e55172e06c87cfbb9486e8a43c822aa725d4603307439b89299fb7af861bc43964d1c691"
13. [*] CRC32: "BEAF4720"
14. [*] SSDEEP: "768:QfLHLuiw2Mq02ESMmsqkm1rM2sqUWESMmsqkmUbH5IoXrlgEPctCFtMrtD:XnjpGrt"
15.  
16. [*] Process Execution: []
17.  
18. [*] Signatures Detected: [
19. {
20. "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
21. "Details": [
22. {
23. "MicroWorld-eScan": "VB:Trojan.VBA.Downloader.QY"
24. },
25. {
26. "FireEye": "VB:Trojan.VBA.Downloader.QY"
27. },
28. {
29. "Arcabit": "HEUR.VBA.Trojan.d"
30. },
31. {
32. "Baidu": "VBA.Trojan-Downloader.Agent.dcx"
33. },
34. {
35. "NANO-Antivirus": "Trojan.Script.Agent.dmmmmt"
36. },
37. {
38. "F-Prot": "New or modified W97M/Downldr"
39. },
40. {
41. "Symantec": "W97M.Downloader"
42. },
43. {
44. "ESET-NOD32": "VBA/TrojanDownloader.Agent.DWR"
45. },
46. {
47. "Avast": "VBA:Downloader-BHL [Trj]"
48. },
49. {
50. "ClamAV": "Doc.Malware.Generic-6988714-0"
51. },
52. {
53. "Kaspersky": "HEUR:Trojan-Downloader.Script.Generic"
54. },
55. {
56. "BitDefender": "VB:Trojan.VBA.Downloader.QY"
57. },
58. {
59. "AegisLab": "Trojan.Script.Generic.4!c"
60. },
61. {
62. "Tencent": "Heur.MSWord.Downloader.d"
63. },
64. {
65. "Ad-Aware": "VB:Trojan.VBA.Downloader.QY"
66. },
67. {
68. "Emsisoft": "VB:Trojan.VBA.Downloader.QY (B)"
69. },
70. {
71. "F-Secure": "Malware.X97M/Agent.6938440"
72. },
73. {
74. "TrendMicro": "HEUR_VBA.O.ELBP"
75. },
76. {
77. "McAfee-GW-Edition": "BehavesLike.Downloader.cr"
78. },
79. {
80. "Sophos": "Troj/DocDl-TXV"
81. },
82. {
83. "SentinelOne": "DFI - Malicious OLE"
84. },
85. {
86. "Cyren": "W97M/Downldr"
87. },
88. {
89. "Avira": "X97M/Agent.6938440"
90. },
91. {
92. "Microsoft": "TrojanDownloader:O97M/Donoff"
93. },
94. {
95. "Endgame": "malicious (high confidence)"
96. },
97. {
98. "ZoneAlarm": "HEUR:Trojan-Downloader.Script.Generic"
99. },
100. {
101. "GData": "VB:Trojan.VBA.Downloader.QY"
102. },
103. {
104. "TACHYON": "Suspicious/W97M.Download.Gen"
105. },
106. {
107. "ALYac": "VB:Trojan.VBA.Downloader.QY"
108. },
109. {
110. "MAX": "malware (ai score=100)"
111. },
112. {
113. "Zoner": "Probably W97Obfuscated"
114. },
115. {
116. "Rising": "Downloader.Donoff!8.36C (TOPIS:E0:41yQrNthCfL)"
117. },
118. {
119. "Ikarus": "Trojan-Downloader.VBA.Agent"
120. },
121. {
122. "Fortinet": "VBA/Agent.DWR!tr.dldr"
123. },
124. {
125. "AVG": "VBA:Downloader-BHL [Trj]"
126. },
127. {
128. "Qihoo-360": "virus.office.qexvmc.1095"
129. }
130. ]
131. }
132. ]
133.  
134. [*] Started Service: []
135.  
136. [*] Executed Commands: []
137.  
138. [*] Mutexes: []
139.  
140. [*] Modified Files: []
141.  
142. [*] Deleted Files: []
143.  
144. [*] Modified Registry Keys: []
145.  
146. [*] Deleted Registry Keys: []
147.  
148. [*] DNS Communications: []
149.  
150. [*] Domains: []
151.  
152. [*] Network Communication - ICMP: []
153.  
154. [*] Network Communication - HTTP: []
155.  
156. [*] Network Communication - SMTP: []
157.  
158. [*] Network Communication - Hosts: []
159.  
160. [*] Network Communication - IRC: []
161.  
162. [*] Static Analysis: {}
163.  
164. [*] Resolved APIs: []
165.  
166. [*] Static Analysis: {}