3fdd38d124a61aecc3308cadd1e474b8978c09e0aa4a7c5967f0d647e7e70848

Sharing

Copy URL

Twitter E-mail

General

Target

3fdd38d124a61aecc3308cadd1e474b8978c09e0aa4a7c5967f0d647e7e70848
Size

13.5MB
MD5

02ce5533e8047711b5590813fd02ce82
SHA1

7504c8ab809650dbb36531ab7abc0d87e01a29c5
SHA256

3fdd38d124a61aecc3308cadd1e474b8978c09e0aa4a7c5967f0d647e7e70848
SHA512

70f08d617134d11546a84fa24783f5fcee034b74cbc5792a476f6e28c708271b4e7fd788e98b9d2c5f882ee9b1ab7638aa9060108d60bc7193500933615e1f79
SSDEEP

196608:i+0+e8OeEFAhSxjEo4VODlc/oMfTExprlMwkYxZXifBRkv:i+0+wxjEo4VwWBYzSHkv

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

3fdd38d124a61aecc3308cadd1e474b8978c09e0aa4a7c5967f0d647e7e70848
.doc windows office2003

ThisDocument

CButtonEventHandler

CCfgFile

CGenericNotifier

CLangsSimple

cTimer

FormSettings

frmCheckLang

frmFindFormat

frmFindText

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmNBSPLangs

frmRemoveHighlight

CResizer

frmSettings

frmSymbol

frmToDo

frmTradosProcess

Helpers

Localise

modCompatibility

modFR

modOffice2007

modProofreading

modStartup

Revisions

ToDo

Trados

TRICKS

Utils

cLangs

frmSpaces

modLangs

frmDocCleaner

modDocCleaner

modVersion

DocCleaner

cObjectInfo

cTableRowInfo

cProgress

modBrowseForFolder

frmHideUnhideHightlight

CAT

modHideHighlighting

cProgressEx

Symbols

CFileExModule

CFileEx

frmBilingual

Bilingual

modNormalizeFont

CUndo

CRevisionWarning

cPhraseSearch

QuickWorkspace

frmNbspPhraseAdd

modWorkspace

modColors

modQA

QA

frmNbspPhraseSearch

cQASettings

frmReplace

Main

frmRemoveAnim

modForms

modRangeManipulations

frmHideUnhideWarning

CComboEventHandler

CQuickWorkspaces

CWorkspaceAppEventTracker

frmWorkspaceRestore

frmWorkspaceSave

cLang

frmAbout

cGlobalization

modGlobalization

cSelection

cUnbreaker

frmUnbreaker

modUnbreak

modCollections

modStrings

cQuotations

cQuoteSearcher

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRegister

frmTrial

modRegistry

modDebug

modQuotationMagic

modRegistration

Formatting

modMD5

modKeyCode

frmSegmentColoring

modSegmentHighlight

Sharing

General

Malware Config

Signatures

Files

ThisDocument

CButtonEventHandler

CCfgFile

CGenericNotifier

CLangsSimple

cTimer

FormSettings

frmCheckLang

frmFindFormat

frmFindText

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmNBSPLangs

frmRemoveHighlight

CResizer

frmSettings

frmSymbol

frmToDo

frmTradosProcess

Helpers

Localise

modCompatibility

modFR

modOffice2007

modProofreading

modStartup

Revisions

ToDo

Trados

TRICKS

Utils

cLangs

frmSpaces

modLangs

frmDocCleaner

modDocCleaner

modVersion

DocCleaner

cObjectInfo

cTableRowInfo

cProgress

modBrowseForFolder

frmHideUnhideHightlight

CAT

modHideHighlighting

cProgressEx

Symbols

CFileExModule

CFileEx

frmBilingual

Bilingual

modNormalizeFont

CUndo

CRevisionWarning

cPhraseSearch

QuickWorkspace

frmNbspPhraseAdd

modWorkspace

modColors

modQA

QA

frmNbspPhraseSearch

cQASettings

frmReplace

Main

frmRemoveAnim

modForms

modRangeManipulations

frmHideUnhideWarning

CComboEventHandler

CQuickWorkspaces

CWorkspaceAppEventTracker

frmWorkspaceRestore

frmWorkspaceSave