dbd8c7b39ad399db0ca6ef63f3e0461affa2033dfbb09de25565c2ed11e0a431

Sharing

Copy URL Twitter E-mail

General

Target

dbd8c7b39ad399db0ca6ef63f3e0461affa2033dfbb09de25565c2ed11e0a431
Size

14.4MB
MD5

b4edc8142dbf3d540d064d721061e407
SHA1

937b781986fc87c64125df0e55fab8b1918f426c
SHA256

dbd8c7b39ad399db0ca6ef63f3e0461affa2033dfbb09de25565c2ed11e0a431
SHA512

ef2ce69a5b715674e660c55bdbb10fffcd5f33f15d34d32ebec5fbbcaad23fd776b467f1a8ad9c763e8932ab0dfe401984013b4255eaa0786527db3ce1fb29c8
SSDEEP

196608:9T+b+98OeEPGIepjEC4VaHYKMzBYE/2OLLxq+zQVdXYG/Iqf:9T+b+apjEC4VXU+cVatqf

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

dbd8c7b39ad399db0ca6ef63f3e0461affa2033dfbb09de25565c2ed11e0a431
.doc windows office2003

ThisDocument

CButtonEventHandler

CCfgFile

CGenericNotifier

CLangsSimple

cTimer

FormSettings

frmCheckLang

frmFindFormat

frmFindText

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmNBSPLangs

frmRemoveHighlight

CResizer

frmSettings

frmSymbol

frmToDo

frmTradosProcess

Helpers

Localise

modCompatibility

modFR

modOffice2007

modProofreading

modStartup

Revisions

ToDo

Trados

TRICKS

Utils

cLangs

frmSpaces

modLangs

frmDocCleaner

modDocCleaner

modVersion

DocCleaner

cObjectInfo

cTableRowInfo

cProgress

modBrowseForFolder

frmHideUnhideHightlight

CAT

modHideHighlighting

cProgressEx

Symbols

CFileExModule

CFileEx

frmBilingual

Bilingual

modNormalizeFont

CUndo

CRevisionWarning

cPhraseSearch

QuickWorkspace

frmNbspPhraseAdd

modWorkspace

modColors

modQA

QA

frmNbspPhraseSearch

cQASettings

frmReplace

Main

frmRemoveAnim

modForms

modRangeManipulations

frmHideUnhideWarning

CComboEventHandler

CQuickWorkspaces

CWorkspaceAppEventTracker

frmWorkspaceRestore

frmWorkspaceSave

cLang

frmAbout

cGlobalization

modGlobalization

cSelection

cUnbreaker

frmUnbreaker

modUnbreak

modCollections

modStrings

cQuotations

cQuoteSearcher

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRegister

frmTrial

modRegistry

modDebug

modQuotationMagic

modRegistration

Formatting

modMD5

modKeyCode

frmSegmentColoring

modSegmentHighlight

TESTS

frmFormatConverter

modCaseInsensitiveLike

modFiles

modFormatConverter

Sharing

General

Malware Config

Signatures

Files

ThisDocument

CButtonEventHandler

CCfgFile

CGenericNotifier

CLangsSimple

cTimer

FormSettings

frmCheckLang

frmFindFormat

frmFindText

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmNBSPLangs

frmRemoveHighlight

CResizer

frmSettings

frmSymbol

frmToDo

frmTradosProcess

Helpers

Localise

modCompatibility

modFR

modOffice2007

modProofreading

modStartup

Revisions

ToDo

Trados

TRICKS

Utils

cLangs

frmSpaces

modLangs

frmDocCleaner

modDocCleaner

modVersion

DocCleaner

cObjectInfo

cTableRowInfo

cProgress

modBrowseForFolder

frmHideUnhideHightlight

CAT

modHideHighlighting

cProgressEx

Symbols

CFileExModule

CFileEx

frmBilingual

Bilingual

modNormalizeFont

CUndo

CRevisionWarning

cPhraseSearch

QuickWorkspace

frmNbspPhraseAdd

modWorkspace

modColors

modQA

QA

frmNbspPhraseSearch

cQASettings

frmReplace

Main

frmRemoveAnim

modForms

modRangeManipulations

frmHideUnhideWarning

CComboEventHandler

CQuickWorkspaces

CWorkspaceAppEventTracker

frmWorkspaceRestore

frmWorkspaceSave