Summary | ZeroBOX

docx003.docx

VBA_macro Word 2007 file format(docx) ZIP Format
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 26, 2024, 9:42 a.m. Nov. 26, 2024, 9:55 a.m.
Size 22.9KB
Type Microsoft Word 2007+
MD5 03c5b2ed5ee3d2e881c7a2e2cfc64114
SHA256 48901417081e784faafa85be831523dd6ad7b56acd242c3ac9b1b444e3077e1c
CRC32 03B85EA5
ssdeep 384:C6LZC78raOC1PQuEsDFL0VqvWGoBVmVQF9p0lhS0w/izefxY4WU/:Bq8+D1PQFUFFof6Qvp0lhS0awefxY8
Yara
  • docx - Word 2007 file format detection
  • zip_file_format - ZIP file format
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\~$ocx003.docx
Time & API Arguments Status Return Repeated

NtCreateFile

create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x00000490
filepath: C:\Users\test22\AppData\Local\Temp\~$ocx003.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$ocx003.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x7ef80000
process_handle: 0xffffffff
1 0 0
Cynet Malicious (score: 70)
Skyhigh W97M/Thus.gen.f
ALYac VB:Trojan.Valyria.1610
VIPRE VB:Trojan.Valyria.1610
Sangfor Virus.Win32-Macro.Save.APMP
BitDefender VB:Trojan.Valyria.1610
Arcabit VB:Trojan.Valyria.D64A
Elastic malicious (high confidence)
ESET-NOD32 W97M/Thus.NAC
TrendMicro-HouseCall V97M_Generic
Avast Script:SNH-gen [Trj]
ClamAV Doc.Macro.APMPKILL-6097118-0
Kaspersky HEUR:Virus.Script.Generic
NANO-Antivirus Trojan.Script.Agent.dsetwk
MicroWorld-eScan VB:Trojan.Valyria.1610
Rising Macro.Word.Agent.c (CLASSIC)
Emsisoft VB:Trojan.Valyria.1610 (B)
F-Secure Heuristic.HEUR/Macro.VBA5
DrWeb MACRO.Virus
TrendMicro V97M_Generic
CTX docx.trojan.valyria
Sophos WM97/Thus-Fam
Ikarus Trojan.Script.Agent
FireEye VB:Trojan.Valyria.1610
Jiangmin WM/APMP.a
Google Highly Suspicious
Avira HEUR/Macro.VBA5
Antiy-AVL Trojan/MSWord.Thus.nac
Microsoft Virus:W97M/Thus
ZoneAlarm HEUR:Virus.Script.Generic
GData VB:Trojan.Valyria.1610
Varist VBA/ABTrojan.YATZ-
McAfee W97M/Thus.gen.f
Tencent OLE.Win32.Macro.700319
huorong OMacro/Thus.a
Fortinet VBA/Thus.1A61!tr
AVG Script:SNH-gen [Trj]
Panda W97M/Badmacro