Malicious
Malicious

3a95186019af1943a0ea0f8eb07a288f

MS Office Document
|
MD5: 3a95186019af1943a0ea0f8eb07a288f
|
Size: 2.92 MB
|
application/vnd.ms-office

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
3a95186019af1943a0ea0f8eb07a288f
Sha1
b7e56f4b31f4fdbe844c3d4a4156f1d0e3b3ea97
Sha256
f38a56b8dc0e8a581999621eef65ef497f0ac0d35e953bd94335926f00e9464f
Sha384
26da4a5a6068d9a63a976dc31de61639a7b3fd8ff3747f7323cf4d661b77bd101356b71140f052c233a06a8ec9c6afb9
Sha512
fdb90c89555feb62eb263067041304de7528f44c5cfde668c04b3113e060e674b508fb1308df46641e91ac104223117cce65588e41a8ad1d2cc1901446d2e75f
SSDeep
24576:J97DkXCl6mchTj6QZ0sedNOX7Prm4M3fbVaVHqkP3O55+D1K:b76CQm
TLSH
6BD5C6D05AC54A81F157D844B494FFE2093A7A67FADC0CF2D37A2A09CF6E9221647E4C
File Structure
3a95186019af1943a0ea0f8eb07a288f
Malicious
[Repaired @0x002C822A]
Malicious
[Content_Types].xml
_rels
.rels
theme
theme
themeManager.xml
theme1.xml
_rels
themeManager.xml.rels
Root Entry
Malicious
Data
1Table
Malicious
[Repaired @0x0000082A]
Malicious
CompObj
WordDocument
SummaryInformation
DocumentSummaryInformation
Macros
PROJECT
PROJECTwm
VBA
dir
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
ThisDocument

ThisDocument

[Stored VBA]
[PCode]
[Decompiled VBA]
_VBA_PROJECT
UserForm1
f
o
CompObj
VBFrame
ObjectPool
_1829073733
PRINT
CompObj
ObjInfo
OCXNAME
contents
MsoDataStore
ÀWBE02ORNE4ÁÝUÑKÊÔ5ÊVÐ==
Item
Properties
Artefacts
Name
 Value
URLs in VB Code - #1

http://schemas.openxmlformats.org/officeDocument/2006/
URLs in VB Code - #2

http://schemas.openxmlformats.org/officeDocument/2006/bibliography
URLs in VB Code - #3

http://schemas.openxmlformats.org/officeDocument/2006/customXml
URLs in VB Code - #4

http://schemas.openxmlformats.org/drawingml/2006/main
3a95186019af1943a0ea0f8eb07a288f (2.92 MB)
File Structure
3a95186019af1943a0ea0f8eb07a288f
Malicious
[Repaired @0x002C822A]
Malicious
[Content_Types].xml
_rels
.rels
theme
theme
themeManager.xml
theme1.xml
_rels
themeManager.xml.rels
Root Entry
Malicious
Data
1Table
Malicious
[Repaired @0x0000082A]
Malicious
CompObj
WordDocument
SummaryInformation
DocumentSummaryInformation
Macros
PROJECT
PROJECTwm
VBA
dir
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
ThisDocument

ThisDocument

[Stored VBA]
[PCode]
[Decompiled VBA]
_VBA_PROJECT
UserForm1
f
o
CompObj
VBFrame
ObjectPool
_1829073733
PRINT
CompObj
ObjInfo
OCXNAME
contents
MsoDataStore
ÀWBE02ORNE4ÁÝUÑKÊÔ5ÊVÐ==
Item
Properties
Characteristics

vbaDNA - VBA Stomping & Purging Stategy detection

Module Name
ThisDocument
Blacklist VBA
VBA Macro
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://schemas.openxmlformats.org/officeDocument/2006/

3a95186019af1943a0ea0f8eb07a288f
URLs in VB Code - #2

http://schemas.openxmlformats.org/officeDocument/2006/bibliography

3a95186019af1943a0ea0f8eb07a288f
URLs in VB Code - #3

http://schemas.openxmlformats.org/officeDocument/2006/customXml

3a95186019af1943a0ea0f8eb07a288f
URLs in VB Code - #4

http://schemas.openxmlformats.org/drawingml/2006/main

3a95186019af1943a0ea0f8eb07a288f
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙