Report - docx003.docx

VBA_macro Word 2007 file format(docx) ZIP Format
ScreenShot
Created 2024.11.26 09:56 Machine s1_win7_x6403
Filename docx003.docx
Type Microsoft Word 2007+
AI Score Not founds Behavior Score
2.6
ZERO API file : clean
VT API (file) 38 detected (Malicious, score, Thus, Valyria, Save, APMP, high confidence, V97M, APMPKILL, dsetwk, CLASSIC, VBA5, docx, WM97, Highly Suspicious, ABTrojan, YATZ, OMacro)
md5 03c5b2ed5ee3d2e881c7a2e2cfc64114
sha256 48901417081e784faafa85be831523dd6ad7b56acd242c3ac9b1b444e3077e1c
ssdeep 384:C6LZC78raOC1PQuEsDFL0VqvWGoBVmVQF9p0lhS0w/izefxY4WU/:Bq8+D1PQFUFFof6Qvp0lhS0awefxY8
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 38 AntiVirus engines on VirusTotal as malicious
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Word document hooks document open

Rules (3cnts)

Level Name Description Collection
warning Contains_VBA_macro_code Detect a MS Office document with embedded VBA macro code [binaries] binaries (upload)
info docx Word 2007 file format detection binaries (upload)
info zip_file_format ZIP file format binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure