6ac22d039ec1ba16a657cb7b18dfad948538beb628099df5bc53955ed8f5b3c3

Sharing

Copy URL Twitter E-mail

General

Target

6ac22d039ec1ba16a657cb7b18dfad948538beb628099df5bc53955ed8f5b3c3
Size

5.8MB
MD5

ff3d3e1d9c2a8a37edb5e3554d1390f0
SHA1

973d06ffde7ad01e6a6eaea4116287614075f35d
SHA256

6ac22d039ec1ba16a657cb7b18dfad948538beb628099df5bc53955ed8f5b3c3
SHA512

d45321c4bc38d149c60d37742ffc0e248bd03961909f5d072e1d51ec58457e922724accd19f60e57a765bbc47091a8112a3272e245162c59d8d57bc191c19f08
SSDEEP

49152:ijUx4ZfHMR2nzdxDnIde7rRlRNQyxtll+kuelqEUkMQtPd2xIhwqkdOU:EfsR+zdxDnOe7NlsyHYSN/FU

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

6ac22d039ec1ba16a657cb7b18dfad948538beb628099df5bc53955ed8f5b3c3
.doc windows office2003

ThisDocument

CButtonEventHandler

CGenericNotifier

cTimer

FormSettings

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmTradosProcess

Helpers

Localise

modProofreading

modStartup

ToDo

Utils

cObjectInfo

DocCleaner

Revisions

CLangsSimple

cTableRowInfo

frmNbspLangs

frmRemoveAnim

modLangs

modNormalizeFont

frmFindText

frmReplace

modFR

frmNbspPhraseAdd

frmSpaces

frmCheckLang

frmHideUnhideHightlight

frmHideUnhideWarning

CComboEventHandler

modCompatibility

QuickWorkspace

CWorkspaceAppEventTracker

modWorkspace

CQuickWorkspaces

frmWorkspaceRestore

Trados

CCfgFile

CFileEx

CFileExModule

cGlobalization

cLang

cLangs

cPhraseSearch

cProgress

cProgressEx

cQASettings

cQuotations

CResizer

CRevisionWarning

CUndo

frmFindFormat

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRemoveHighlight

frmSymbol

frmToDo

frmTrial

frmWorkspaceSave

modBrowseForFolder

modCollections

modColors

modDebug

modForms

modGlobalization

modRangeManipulations

modRegistry

modStrings

modVersion

QA

Symbols

TRICKS

cQuoteSearcher

Formatting

frmRegister

modKeyCode

modMD5

modRegistration

CAT

cUnbreaker

frmSegmentColoring

frmSettings

frmUnbreaker

modOffice2007

modQuotationMagic

modSegmentHighlight

modUnbreak

Bilingual

cSelection

frmAbout

frmBilingual

frmDocCleaner

modQA

Main

modDocCleaner

modHideHighlighting

frmNbspPhraseSearch

Sharing

General

Malware Config

Signatures

Files

ThisDocument

CButtonEventHandler

CGenericNotifier

cTimer

FormSettings

frmImageCollect

frmLocaliseAll

frmLocaliseManual

frmTradosProcess

Helpers

Localise

modProofreading

modStartup

ToDo

Utils

cObjectInfo

DocCleaner

Revisions

CLangsSimple

cTableRowInfo

frmNbspLangs

frmRemoveAnim

modLangs

modNormalizeFont

frmFindText

frmReplace

modFR

frmNbspPhraseAdd

frmSpaces

frmCheckLang

frmHideUnhideHightlight

frmHideUnhideWarning

CComboEventHandler

modCompatibility

QuickWorkspace

CWorkspaceAppEventTracker

modWorkspace

CQuickWorkspaces

frmWorkspaceRestore

Trados

CCfgFile

CFileEx

CFileExModule

cGlobalization

cLang

cLangs

cPhraseSearch

cProgress

cProgressEx

cQASettings

cQuotations

CResizer

CRevisionWarning

CUndo

frmFindFormat

frmQuotationConfig

frmQuotationMagic

frmQuotationStyleAdd

frmRemoveHighlight

frmSymbol

frmToDo

frmTrial

frmWorkspaceSave

modBrowseForFolder

modCollections

modColors

modDebug

modForms

modGlobalization

modRangeManipulations

modRegistry

modStrings

modVersion

QA

Symbols