Malicious doc with Embedded SettingContent-ms | Files
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification: Trojan

3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5 (SHA256)

ggzn.doc

Word Document

Created at 2018-08-06 13:03:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\Nd9E1FYi\Desktop\ggzn.doc Sample File Word Document
Blacklisted
...
»
Mime Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 37.37 KB
MD5 bfff439fd127944fb77b11deaca2c1b2 Copy to Clipboard
SHA1 d72f22e0943ce68c1d69d77d9f5799f3fb540d61 Copy to Clipboard
SHA256 3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5 Copy to Clipboard
SSDeep 768:NmTVK8U63Ys8mtCQRhAl2Bp3oEvuZ9v13t3wH+3P:NG48ms8mIQ/ASyEv09v13tt3P Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-07-04 11:40 (UTC+2)
Last Seen 2018-07-22 00:13 (UTC+2)
Names Document-Word.Trojan.Dplink
Families Dplink
Classification Trojan
Office Information
»
Creator Windows User
Last Modified By Windows User
Revision 5
Create Time 2018-07-03 11:25:00+00:00
Modify Time 2018-07-03 14:15:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 15.0000
Template Normal
Document Security SecurityFlag.NONE
Editing Time 16.0
Page Count 1
Line Count 1
Paragraph Count 1
Word Count 3
Character Count 23
Chars With Spaces 25
ScaleCrop False
SharedDoc False
YARA Matches
»
Rule Name Rule Description Classification Severity Actions
Document_Office_SettingContentMS Document contains SettingContent-ms DeepLink tags -
3/5
...
Document_Office_SettingContentMS Document contains SettingContent-ms DeepLink tags -
3/5
...
30b20bc99f9f262d04f6e0447b798d40cb212667c0b44c4064929e2ed1ae1f6e Embedded File XML
Unknown
...
»
Parent File C:\Users\Nd9E1FYi\Desktop\ggzn.doc
Mime Type application/xml
File Size 1.20 KB
MD5 15c00a6dc6e2ec88e9182ef69215c712 Copy to Clipboard
SHA1 4fb818d4a10792169fa4e59cc20fa1dce62d499f Copy to Clipboard
SHA256 30b20bc99f9f262d04f6e0447b798d40cb212667c0b44c4064929e2ed1ae1f6e Copy to Clipboard
SSDeep 24:2dtWa6ffa7k6flYq7b6flYX7/6flY6J67a6flYR7V6flYIO7u6flYVv/cQ7o26fc:c01naQ6NYqX6NYXz6NY6UG6NYRh6NYVM Copy to Clipboard
bf85784e0bd4dda099eb979ebc8707b501c531285814f46c899061439e7cd363 Embedded File Stream
Unknown
...
»
Parent File C:\Users\Nd9E1FYi\Desktop\ggzn.doc
Mime Type application/octet-stream
File Size 1.48 KB
MD5 d8a5ee61c7335eaeb2a03fee864a3b4b Copy to Clipboard
SHA1 db7f3193eebc4a6f866634ffd92cfd67d413cf96 Copy to Clipboard
SHA256 bf85784e0bd4dda099eb979ebc8707b501c531285814f46c899061439e7cd363 Copy to Clipboard
SSDeep 24:2dN4+ypl3KbI3fTgd2UqMWhHaZuKpjXPjX03m5jXD:cJKFKk3fzMOa9NXrXDXD Copy to Clipboard
f9ec01b6911791cb2cd645f5a6e21cef2f01fb97408bb68b87474866c637b26d Embedded File Unknown
Unknown
...
»
Parent File C:\Users\Nd9E1FYi\Desktop\ggzn.doc
Mime Type application/CDFV2-unknown
File Size 4.50 KB
MD5 602a7050231845d6eb46f7d686eefae1 Copy to Clipboard
SHA1 3bfb295b26f80f9edfbfd318fcde23a59b81a688 Copy to Clipboard
SHA256 f9ec01b6911791cb2cd645f5a6e21cef2f01fb97408bb68b87474866c637b26d Copy to Clipboard
SSDeep 24:r1TFEQ8cyX8p88xWhi8K2dN4+ypl3KbI3fTgd2UqMWhHaZuKpjXPjX03m5jX:rpcMXxijKcJKFKk3fzMOa9NXrXDX Copy to Clipboard
d41a2994dcec113d056c3c61a6bfec7aee7d993e4ef02b9d542e4b58e96c1786 Embedded File XML
Unknown
...
»
Parent File C:\Users\Nd9E1FYi\Desktop\ggzn.doc
Mime Type application/xml
File Size 2.62 KB
MD5 d1ab032f16274ec9cbec39113ad141a3 Copy to Clipboard
SHA1 0e8109063f16f18eee537e0aa984b3f0b595bafc Copy to Clipboard
SHA256 d41a2994dcec113d056c3c61a6bfec7aee7d993e4ef02b9d542e4b58e96c1786 Copy to Clipboard
SSDeep 48:ciec6mNYYNEbliS+B1+m3Q14oM+lqM+IyM+wM+wM+M1YAayVKTgYTjvKbw:+c6mmY+bliSwDy4NExbuERQTgauE Copy to Clipboard
cc27dea7936f059bda395712647215418f7a7665ed5ba1bf2b2179bbf101bee3 Embedded File XML
Unknown
...
»
Parent File C:\Users\Nd9E1FYi\Desktop\ggzn.doc
Mime Type application/xml
File Size 13.37 KB
MD5 27e609abb6b3c9a2dc867eadfe3ba1a9 Copy to Clipboard
SHA1 3e833f16c02fdda7dc94901ce00be99e5286964d Copy to Clipboard
SHA256 cc27dea7936f059bda395712647215418f7a7665ed5ba1bf2b2179bbf101bee3 Copy to Clipboard
SSDeep 384:UxmRGsRuGFe817HjNOFeSpylOWSN/YjZyuyaI9omw9DclOWS61gdJM2T:UYRGs4wV1N4/0lOWEgfya9DclOWF1gdv Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image