Summary | ZeroBOX

docx005.docx

VBA_macro Word 2007 file format(docx) ZIP Format
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 26, 2024, 9:42 a.m. Nov. 26, 2024, 9:53 a.m.
Size 22.9KB
Type Microsoft Word 2007+
MD5 6d3b90b7d6da1af9cd77b1a348c3e1a7
SHA256 7d66370f91b0574e202760391402acaa5216f3f2fe7748573e43cdb93f933e4c
CRC32 C940AC35
ssdeep 384:C6LZC78+isH2SNkuHekv0VqvWGoBnJ9VQF9p0lhS0wMrzizefxY4WHg3:Bq8xDSNklOFo3Qvp0lhS0nzwefxYU
Yara
  • docx - Word 2007 file format detection
  • zip_file_format - ZIP file format
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\~$ocx005.docx
Time & API Arguments Status Return Repeated

NtCreateFile

create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000003ec
filepath: C:\Users\test22\AppData\Local\Temp\~$ocx005.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$ocx005.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Cynet Malicious (score: 70)
Skyhigh W97M/Thus.gen.f
ALYac VB:Trojan.Valyria.1610
VIPRE VB:Trojan.Valyria.1610
Sangfor Virus.Win32-Macro.Save.APMP
BitDefender VB:Trojan.Valyria.1610
Arcabit VB:Trojan.Valyria.D64A
Elastic malicious (high confidence)
ESET-NOD32 W97M/Thus.NAC
TrendMicro-HouseCall V97M_Generic
Avast Script:SNH-gen [Trj]
ClamAV Doc.Macro.APMPKILL-6097118-0
Kaspersky HEUR:Virus.Script.Generic
NANO-Antivirus Trojan.Script.Agent.dsetwk
MicroWorld-eScan VB:Trojan.Valyria.1610
Rising Macro.Word.Agent.c (CLASSIC)
Emsisoft VB:Trojan.Valyria.1610 (B)
F-Secure Heuristic.HEUR/Macro.VBA5
DrWeb MACRO.Virus
TrendMicro V97M_Generic
CTX docx.trojan.valyria
Sophos WM97/Thus-Fam
Ikarus Trojan.Script.Agent
FireEye VB:Trojan.Valyria.1610
Jiangmin WM/APMP.a
Google Highly Suspicious
Avira HEUR/Macro.VBA5
Antiy-AVL Trojan/MSWord.Thus.nac
Microsoft Virus:W97M/Thus
ZoneAlarm HEUR:Virus.Script.Generic
GData VB:Trojan.Valyria.1610
Varist VBA/ABTrojan.YATZ-
McAfee W97M/Thus.gen.f
Tencent OLE.Win32.Macro.700319
huorong OMacro/Thus.a
Fortinet VBA/Thus.1A61!tr
AVG Script:SNH-gen [Trj]
Panda W97M/Badmacro