Summary | ZeroBOX

docx007.docx

VBA_macro Word 2007 file format(docx) ZIP Format
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 26, 2024, 9:44 a.m. Nov. 26, 2024, 9:50 a.m.
Size 21.8KB
Type Microsoft Word 2007+
MD5 1f9d2be9980612244c80cbe9767d44e6
SHA256 9b24e36885da1e4240c61dd91fbd847010e3586027eac940a2ecc7d8b55f3eef
CRC32 6A0A62A3
ssdeep 384:AiQG4uaC78i2plNSFI+rvxYrcePhjAMx+EMIEkQM8q650J9DGxudCWTvVQ:AK8ieSFpxYQeP6MukgNwhGUdvQ
Yara
  • docx - Word 2007 file format detection
  • zip_file_format - ZIP file format
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\~$ocx007.docx
Time & API Arguments Status Return Repeated

NtCreateFile

create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000003ec
filepath: C:\Users\test22\AppData\Local\Temp\~$ocx007.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$ocx007.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Cynet Malicious (score: 99)
CAT-QuickHeal O97M.Agent.41752
ALYac VB:Trojan.Valyria.3672
VIPRE VB:Trojan.Valyria.3672
Sangfor Trojan.Macro.PowerShell.se
BitDefender VB:Trojan.Valyria.3672
Arcabit VB:Trojan.Valyria.DE58
Elastic malicious (high confidence)
ESET-NOD32 VBA/Agent.AAY
TrendMicro-HouseCall Trojan.W97M.DONOFF.USBLK524
Avast Script:SNH-gen [Trj]
ClamAV Doc.Malware.Valyria-10002559-0
Kaspersky HEUR:Trojan.MSOffice.Agent.gen
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
MicroWorld-eScan VB:Trojan.Valyria.3672
Rising Malware.Obfus/VBA@AI.91 (VBA)
Emsisoft VB:Trojan.Valyria.3672 (B)
F-Secure Heuristic.HEUR/Macro.Downloader.MRADQ.Gen
TrendMicro Trojan.W97M.DONOFF.USBLK524
CTX docx.trojan.valyria
Ikarus Trojan-Downloader.PS.Agent
FireEye VB:Trojan.Valyria.3672
Google Highly Suspicious
Avira HEUR/Macro.Downloader.MRADQ.Gen
Antiy-AVL Trojan/Macro.Agent.aay
Microsoft TrojanDownloader:O97M/Donoff.DR!MTB
ZoneAlarm HEUR:Trojan.MSOffice.Agent.gen
GData VB:Trojan.Valyria.3672
Varist PP97M/Agent.QR.gen!Eldorado
Acronis suspicious
TACHYON Suspicious/WOX.MDRP.Gen
huorong OMacro/Kryptik.a
Fortinet VBA/Valyria.3672!tr
AVG Script:SNH-gen [Trj]