× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 4028d721c34b7aa28f00522d5fa843f2ded811a8d837875d82d80ed89c46aded
Nome del file: vbaProject.bin
Rapporto rilevamento: 32 / 58
Data analisi: 2019-01-06 17:22:50 UTC ( 4 mesi, 2 settimane fa )
Antivirus Risultato Aggiornamento
Ad-Aware W97m.Downloader.HIQ 20190106
AegisLab Trojan.VBS.Agent.4!c 20190106
ALYac W97m.Downloader.HIQ 20190106
Arcabit W97m.Downloader.HIQ 20190106
Avast Other:Malware-gen [Trj] 20190106
AVG Other:Malware-gen [Trj] 20190106
Baidu VBA.Trojan-Downloader.Agent.dnl 20190104
BitDefender W97m.Downloader.HIQ 20190106
Cyren PP97M/Downldr 20190106
Emsisoft W97m.Downloader.HIQ (B) 20190106
Endgame malicious (high confidence) 20181108
ESET-NOD32 VBA/TrojanDownloader.Agent.LEZ 20190106
F-Prot New or modified PP97M/Downldr 20190106
F-Secure W97m.Downloader.HIQ 20190106
Fortinet VBA/Agent.31A1!tr.dldr 20190106
GData W97m.Downloader.HIQ 20190106
Ikarus Trojan-Downloader.VBA.Agent 20190106
Kaspersky Trojan-Downloader.VBS.Agent.a 20190106
MAX malware (ai score=99) 20190106
McAfee RDN/Generic Downloader.x 20190106
McAfee-GW-Edition BehavesLike.Downloader.ql 20190106
eScan W97m.Downloader.HIQ 20190106
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20190106
Qihoo-360 virus.office.qexvmc.1070 20190106
SentinelOne (Static ML) static engine - malicious 20181223
Symantec W97M.Downloader 20190105
TACHYON Suspicious/X97M.Obfus.Gen.1 20190106
Tencent Heur.Macro.Generic.Gen.h 20190106
TrendMicro HEUR_VBA.O2 20190106
ViRobot DOC.Z.Agent.51712.IT 20190106
ZoneAlarm by Check Point Trojan-Downloader.VBS.Agent.a 20190106
Zoner Probably W97Obfuscated 20190106
Acronis 20181227
AhnLab-V3 20190106
Alibaba 20180921
Antiy-AVL 20190106
Avast-Mobile 20190106
Avira (no cloud) 20190106
Babable 20180918
Bkav 20190104
CAT-QuickHeal 20190106
ClamAV 20190106
CMC 20190105
Comodo 20190106
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20190106
DrWeb 20190106
eGambit 20190106
Sophos ML 20181128
Jiangmin 20190106
K7AntiVirus 20190106
K7GW 20190106
Kingsoft 20190106
Malwarebytes 20190106
Microsoft 20190106
Palo Alto Networks (Known Signatures) 20190106
Panda 20190106
Rising 20190106
Sophos AV 20190106
SUPERAntiSpyware 20190102
TheHacker 20190104
Trapmine 20190103
TrendMicro-HouseCall 20190106
Trustlook 20190106
VBA32 20190104
Webroot 20190106
Yandex 20181229
Zillya 20190105
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May open a file.
May try to run other files, shell commands or applications.
May try to interact with other applications, for example, by sending key strokes.
Seems to contain deobfuscation code.
OLE Streams
name
Root Entry
clsid
type_literal
root
clsid_literal
on
sid
0
size
1152
type_literal
stream
size
411
name
PROJECT
sid
6
type_literal
stream
size
65
name
PROJECTwm
sid
7
type_literal
stream
size
32372
type
macro
name
VBA/HFeqbtb
sid
3
type_literal
stream
size
6229
type
macro
name
VBA/ThisDocument
sid
4
type_literal
stream
size
8057
name
VBA/_VBA_PROJECT
sid
5
type_literal
stream
size
529
name
VBA/dir
sid
2
Macros and VBA code streams
[+] ThisDocument.cls VBA/ThisDocument 2465 bytes
[+] HFeqbtb.bas VBA/HFeqbtb 19065 bytes
exe-pattern url-pattern obfuscated open-file run-file send-keys
ExifTool file metadata
MIMEType
image/vnd.fpx

FileType
FPX

FileTypeExtension
fpx

Compressed bundles
File identification
MD5 b9424310a0f03043beb503d0afb19ca2
SHA1 2d69704f2527d256f7799ad8ac0abec7fc863fae
SHA256 4028d721c34b7aa28f00522d5fa843f2ded811a8d837875d82d80ed89c46aded
ssdeep
1536:Vylq/mzJk6nu6oQ56VvfGldUZqBmc3cUfu3Ge65S86:Vylq/mzJk6nu6Avf2nAcsXGhk86

File size 50.5 KB ( 51712 bytes )
File type MS Word Document
Magic literal
CDF V2 Document, corrupt: Cannot read summary info

TrID Generic OLE2 / Multistream Compound File (100.0%)
Tags
obfuscated open-file exe-pattern url-pattern via-tor run-file macros doc send-keys

VirusTotal metadata
First submission 2018-11-03 17:21:26 UTC ( 6 mesi, 2 settimane fa )
Last submission 2019-01-06 17:22:50 UTC ( 4 mesi, 2 settimane fa )
Nomi dei files vbaProject.bin
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!