Summary | ZeroBOX

Test.dotm

Category Machine Started Completed
FILE s1_win7_x6401 March 18, 2021, 4:57 p.m. March 18, 2021, 5 p.m.
Size 15.9KB
Type Zip archive data, at least v2.0 to extract
MD5 451ea5275e3477ae373894a35627a9b3
SHA256 df1e8e9c46971dd91ef1cedc8c78a4a2efb07dabd7e9dcff7e2206791379f469
CRC32 CECF3902
ssdeep 384:JdTCZ3nZhb8mtxK3+42WJ/RR7BzGp2wCwBvhJBm:JN8nZ22WJnVJwrJBm
Yara
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Elastic malicious (high confidence)
MicroWorld-eScan VB.Heur.EmoDldr.32.8881F5CB.Gen
FireEye VB.Heur.EmoDldr.32.8881F5CB.Gen
Sangfor Malware.Generic-Macro.Save.2c7b01cb
Arcabit VB.Heur.EmoDldr.32.8881F5CB.Gen
Cyren PP97M/Downldr.CG.gen!Eldorado
Symantec CL.Downloader!gen87
Avast VBA:Downloader-DXY [Trj]
Kaspersky HEUR:Trojan-Downloader.Script.Generic
BitDefender VB.Heur.EmoDldr.32.8881F5CB.Gen
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
Ad-Aware VB.Heur.EmoDldr.32.8881F5CB.Gen
F-Secure Heuristic.HEUR/Macro.Downloader.MROF.Gen
McAfee-GW-Edition BehavesLike.Downloader.lc
Emsisoft VB.Heur.EmoDldr.32.8881F5CB.Gen (B)
Avira HEUR/Macro.Downloader.MROF.Gen
MAX malware (ai score=81)
ZoneAlarm HEUR:Trojan.Win32.Generic
GData VB.Heur.EmoDldr.32.8881F5CB.Gen
Cynet Malicious (score: 85)
AhnLab-V3 VBA/Downloader.S2
TACHYON Suspicious/WOX.Obfus.Gen.6
ESET-NOD32 VBA/TrojanDownloader.Agent.NZX
SentinelOne Static AI - Suspicious OPENXML
Fortinet WM/Agent.D73A!tr
AVG VBA:Downloader-DXY [Trj]