Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Docs_c3447152fa1e87d68ce3e435e95c9cb0.doc"
- [*] File Size: 103424
- [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: admin, Template: Normal, Last Saved By: FanTaZyX, Revision Number: 16, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Tue Oct 17 00:08:00 2017, Last Saved Time/Date: Wed May 22 15:46:00 2019, Number of Pages: 2, Number of Words: 307, Number of Characters: 1692, Security: 0"
- [*] SHA256: "ab2c35132d846b466d6abe942d24667a21fcac7c8fe4a6e92db97cde7a0a2576"
- [*] MD5: "c3447152fa1e87d68ce3e435e95c9cb0"
- [*] SHA1: "634e353e4df0b9250dce800ba4d0903bb9ea0860"
- [*] SHA512: "c87ece315a70e49a4be467308775f5c7f735cc59e487f479f4dd11f0e55172e06c87cfbb9486e8a43c822aa725d4603307439b89299fb7af861bc43964d1c691"
- [*] CRC32: "BEAF4720"
- [*] SSDEEP: "768:QfLHLuiw2Mq02ESMmsqkm1rM2sqUWESMmsqkmUbH5IoXrlgEPctCFtMrtD:XnjpGrt"
- [*] Process Execution: []
- [*] Signatures Detected: [
- {
- "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "FireEye": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "Arcabit": "HEUR.VBA.Trojan.d"
- },
- {
- "Baidu": "VBA.Trojan-Downloader.Agent.dcx"
- },
- {
- "NANO-Antivirus": "Trojan.Script.Agent.dmmmmt"
- },
- {
- "F-Prot": "New or modified W97M/Downldr"
- },
- {
- "Symantec": "W97M.Downloader"
- },
- {
- "ESET-NOD32": "VBA/TrojanDownloader.Agent.DWR"
- },
- {
- "Avast": "VBA:Downloader-BHL [Trj]"
- },
- {
- "ClamAV": "Doc.Malware.Generic-6988714-0"
- },
- {
- "Kaspersky": "HEUR:Trojan-Downloader.Script.Generic"
- },
- {
- "BitDefender": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "AegisLab": "Trojan.Script.Generic.4!c"
- },
- {
- "Tencent": "Heur.MSWord.Downloader.d"
- },
- {
- "Ad-Aware": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "Emsisoft": "VB:Trojan.VBA.Downloader.QY (B)"
- },
- {
- "F-Secure": "Malware.X97M/Agent.6938440"
- },
- {
- "TrendMicro": "HEUR_VBA.O.ELBP"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Downloader.cr"
- },
- {
- "Sophos": "Troj/DocDl-TXV"
- },
- {
- "SentinelOne": "DFI - Malicious OLE"
- },
- {
- "Cyren": "W97M/Downldr"
- },
- {
- "Avira": "X97M/Agent.6938440"
- },
- {
- "Microsoft": "TrojanDownloader:O97M/Donoff"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-Downloader.Script.Generic"
- },
- {
- "GData": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "TACHYON": "Suspicious/W97M.Download.Gen"
- },
- {
- "ALYac": "VB:Trojan.VBA.Downloader.QY"
- },
- {
- "MAX": "malware (ai score=100)"
- },
- {
- "Zoner": "Probably W97Obfuscated"
- },
- {
- "Rising": "Downloader.Donoff!8.36C (TOPIS:E0:41yQrNthCfL)"
- },
- {
- "Ikarus": "Trojan-Downloader.VBA.Agent"
- },
- {
- "Fortinet": "VBA/Agent.DWR!tr.dldr"
- },
- {
- "AVG": "VBA:Downloader-BHL [Trj]"
- },
- {
- "Qihoo-360": "virus.office.qexvmc.1095"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {}
- [*] Resolved APIs: []
- [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement