Malicious
Classifications
Downloader
Threat Names
Mal/Generic-S Mal/HTMLGen-A VBS.Heur.Nyx.1.6E86CAD5.Gen Trojan.VBS.Agent.BMC
Dynamic Analysis Report
Created on 2021-09-28T11:25:00
7b5572ae246bcd3f6ee0375e1e7a8c8d4287dae4ca1803d72ae427d8ecc93a32.rtf
RTF Document
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\7b5572ae246bcd3f6ee0375e1e7a8c8d4287dae4ca1803d72ae427d8ecc93a32.rtf | Sample File | RTF |
malicious
|
...
|
»
AV Matches (1)
»
Threat Name | Verdict |
---|---|
VBS.Heur.Nyx.1.6E86CAD5.Gen |
malicious
|
Office Information
»
Controls (2)
»
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{00000300-0000-0000-C000-000000000046} | OleLink | CVE-2017-0199, CVE-2017-8570, CVE-2017-8759, CVE-2018-8174 |
{00000308-0000-0000-C000-000000000046} | PackagerMoniker | EmbededFile |
c:\users\keecfmwgj\desktop\~wrd0000.tmp | Dropped File | RTF |
malicious
|
...
|
»
AV Matches (2)
»
Threat Name | Verdict |
---|---|
VBS.Heur.Nyx.1.6E86CAD5.Gen |
malicious
|
VBS.Heur.Nyx.1.6E86CAD5.Gen |
malicious
|
Office Information
»
Revision | 2 |
Create Time | 2021-09-28 13:26:00+00:00 |
Modify Time | 2021-09-28 13:28:00+00:00 |
App Version | 85 |
Editing Time | 2.0 |
Page Count | 2 |
Word Count | 42 |
Character Count | 242 |
Chars With Spaces | 283 |
operator | kEecfMwgj |
Controls (2)
»
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{00000300-0000-0000-C000-000000000046} | OleLink | CVE-2017-0199, CVE-2017-8570, CVE-2017-8759, CVE-2018-8174 |
{0003000C-0000-0000-C000-000000000046} | Package | EmbeddedFile |
Document Content
»
c05Microsoft Office does not work in email Preview. Please download the document and clickEnable Editingwhen opening. |
C:\Users\kEecfMwgj\AppData\Roaming\doc.exe | Downloaded File | Binary |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x4726f2 |
Size Of Code | 0x70800 |
Size Of Initialized Data | 0x2b000 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-09-28 06:16:14+00:00 |
Version Information (11)
»
Comments | - |
CompanyName | Paradoxlost |
FileDescription | Paradoxlost WinForms Theme Engine |
FileVersion | 1.1.0.0 |
InternalName | InternalAssemblyBuild.exe |
LegalCopyright | Copyright © 2016 |
LegalTrademarks | - |
OriginalFilename | InternalAssemblyBuild.exe |
ProductName | Paradoxlost UX |
ProductVersion | 1.1.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x706f8 | 0x70800 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.02 |
.rsrc | 0x474000 | 0x2ad20 | 0x2ae00 | 0x70a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.59 |
.reloc | 0x4a0000 | 0xc | 0x200 | 0x9b800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0x726c8 | 0x708c8 | 0x0 |
abdtfhghgeghDh.ScT | Embedded File | Text |
malicious
|
...
|
»
AV Matches (1)
»
Threat Name | Verdict |
---|---|
VBS.Heur.Nyx.1.6E86CAD5.Gen |
malicious
|
C:\Users\kEecfMwgj\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | Modified File | Stream |
clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.word\~wrs{585e37b0-76b3-4e28-85d2-c19844bc5f60}.tmp | Dropped File | Stream |
clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\microsoft\office\otele\{d60d99f1-3a70-4d9d-bd27-d5d18917048f} (0) - 3392 - winword.exe - otele.dat | Dropped File | Stream |
clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp6692.tmp | Dropped File | Text |
clean
|
...
|
»
Office Information
»
Controls (1)
»
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{00000300-0000-0000-C000-000000000046} | OleLink | CVE-2017-0199, CVE-2017-8570, CVE-2017-8759, CVE-2018-8174 |
CFB Streams (4)
»
Name | ID | Size | Actions |
---|---|---|---|
Root\OlE | 1 | 2.08 KB |
...
|
Root\CompObj | 2 | 74 Bytes |
...
|
Root\ObjInfo | 3 | 10 Bytes |
...
|
Root\LinkInfo | 4 | 306 Bytes |
...
|