popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

동아시아연구원 사례비 지급 서식.docx

VBA_macro Word 2007 file format(docx)
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Dec. 19, 2022, 9:25 a.m. Dec. 19, 2022, 9:27 a.m.
Size 329.5KB
Type Microsoft Word 2007+
MD5 bf41074e39bb3abbe4e4640401e7e655
SHA256 b9dcf7fe7e8ba30d363a19c2c43fc3eea93d281b10f6ee89cffe2a3e533af442
CRC32 00429D8A
ssdeep 6144:NxxVWZUEadK7X19HuM1JT5OQRMWAWTHuM1JT5OQRMWAWZgiDp:Nx7WZURKxMMOy6MOyWiDp
Yara
  • docx - Word 2007 file format detection
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\~$시아연구원 사례비 지급 서식.docx
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x00000454
filepath: C:\Users\test22\AppData\Local\Temp\~$시아연구원 사례비 지급 서식.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$시아연구원 사례비 지급 서식.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Lionic Trojan.MSWord.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
ALYac Trojan.Downloader.DOC.Gen
VIPRE VB.Heur.EmoooDldr.4.BD43D74B.Gen
Alibaba Trojan:Office/SAgent.22500587
Cyren ABRisk.WPRO-8
Symantec Trojan.Gen.NPE.C
ESET-NOD32 VBA/Kimsuky.K
TrendMicro-HouseCall TROJ_FRS.0NA103LG22
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender VB.Heur.EmoooDldr.4.BD43D74B.Gen
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ViRobot DOC.Z.Agent.16384.DNW
MicroWorld-eScan VB.Heur.EmoooDldr.4.BD43D74B.Gen
Tencent Trojan.MsOffice.MacroS.12461063
Ad-Aware VB.Heur.EmoooDldr.4.BD43D74B.Gen
TACHYON Suspicious/WOX.XSR.Gen
Emsisoft VB.Heur.EmoooDldr.4.BD43D74B.Gen (B)
F-Secure Heuristic.HEUR/Macro.Downloader.PBMD.Gen
DrWeb modification of W97M.Suspicious.1
TrendMicro TROJ_FRS.0NA103LG22
McAfee-GW-Edition RDN/Sadoca
FireEye VB.Heur.EmoooDldr.4.BD43D74B.Gen
GData VB.Heur.EmoooDldr.4.BD43D74B.Gen
Avira HEUR/Macro.Downloader.PBMD.Gen
Microsoft Trojan:Win32/Leonem
Arcabit VB.Heur.EmoooDldr.4.BD43D74B.Gen
Google Detected
MAX malware (ai score=88)
SentinelOne Static AI - Malicious OPENXML