ddd2e4c37cad1ffa5232dff0b8e4d113482c3cc882152b848252c9129dcb8db1

Sharing

Copy URL

Twitter E-mail

General

Target

ddd2e4c37cad1ffa5232dff0b8e4d113482c3cc882152b848252c9129dcb8db1
Size

6.0MB
MD5

fde87d9dab42cd695f0a67a8de58e345
SHA1

b66e1667bcce39dea1a3bdba1c18209876047c05
SHA256

ddd2e4c37cad1ffa5232dff0b8e4d113482c3cc882152b848252c9129dcb8db1
SHA512

0e191a291345cb9d518ccc121703597fdd89a7805f3a50a06aed1822f0f82bed895b3a3530769768833bca59083dd09139e7236419dca63a64c452381d5fecc3
SSDEEP

49152:Qj/nRkr/gvI6wAHWU3H9loV4no1tlXleF7Zx0IYbPzwdlFz2Nn8kagPJPSo:jr4vBwAHWU3dlxnFyPIBdo

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

ddd2e4c37cad1ffa5232dff0b8e4d113482c3cc882152b848252c9129dcb8db1
.doc windows office2003

ThisDocument

CButtonEventHandler

CGenericNotifier

cTimer

FormSettings

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmTradosProcess

Helpers

Localise

modProofreading

modStartup

ToDo

cObjectInfo

DocCleaner

Revisions

CLangsSimple

cTableRowInfo

frmNbspLangs

frmRemoveAnim

modLangs

modNormalizeFont

frmFindText

frmReplace

modFR

frmNbspPhraseAdd

frmSpaces

frmCheckLang

frmHideUnhideWarning

CComboEventHandler

modCompatibility

QuickWorkspace

CWorkspaceAppEventTracker

modWorkspace

CQuickWorkspaces

frmWorkspaceRestore

Trados

CCfgFile

CFileEx

CFileExModule

cGlobalization

cLang

cLangs

cPhraseSearch

cProgress

cProgressEx

cQASettings

cQuotations

CResizer

CRevisionWarning

CUndo

frmFindFormat

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRemoveHighlight

frmSymbol

frmToDo

frmTrial

frmWorkspaceSave

modBrowseForFolder

modCollections

modColors

modDebug

modGlobalization

modRangeManipulations

modRegistry

modStrings

modVersion

QA

Symbols

TRICKS

cQuoteSearcher

Formatting

frmRegister

modKeyCode

modMD5

CAT

cUnbreaker

frmSegmentColoring

frmSettings

frmUnbreaker

modQuotationMagic

modSegmentHighlight

modUnbreak

cSelection

frmAbout

frmDocCleaner

modDocCleaner

modHideHighlighting

modQA

frmNbspPhraseSearch

frmBilingual

frmHideUnhideHightlight

Main

modCaseInsensitiveLike

modFiles

modForms

modOffice2007

modRegistration

Utils

modFormatConverter

Bilingual

frmFormatConverter

Sharing

General

Malware Config

Signatures

Files

ThisDocument

CButtonEventHandler

CGenericNotifier

cTimer

FormSettings

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmTradosProcess

Helpers

Localise

modProofreading

modStartup

ToDo

cObjectInfo

DocCleaner

Revisions

CLangsSimple

cTableRowInfo

frmNbspLangs

frmRemoveAnim

modLangs

modNormalizeFont

frmFindText

frmReplace

modFR

frmNbspPhraseAdd

frmSpaces

frmCheckLang

frmHideUnhideWarning

CComboEventHandler

modCompatibility

QuickWorkspace

CWorkspaceAppEventTracker

modWorkspace

CQuickWorkspaces

frmWorkspaceRestore

Trados

CCfgFile

CFileEx

CFileExModule

cGlobalization

cLang

cLangs

cPhraseSearch

cProgress

cProgressEx

cQASettings

cQuotations

CResizer

CRevisionWarning

CUndo

frmFindFormat

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRemoveHighlight

frmSymbol

frmToDo

frmTrial

frmWorkspaceSave

modBrowseForFolder

modCollections

modColors

modDebug

modGlobalization

modRangeManipulations

modRegistry

modStrings

modVersion

QA

Symbols

TRICKS

cQuoteSearcher

Formatting