Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Source: |
File opened: |
Jump to behavior |
Software Vulnerabilities: |
|
---|
Document exploit detected (UrlDownloadToFile) |
Source: |
Section loaded: |
Jump to behavior |
Allocates a big amount of memory (probably used for heap spraying) |
Source: |
Memory has grown: |
Potential document exploit detected (performs HTTP gets) |
Source: |
TCP traffic: |
Potential document exploit detected (unknown TCP traffic) |
Source: |
TCP traffic: |
Networking: |
|
---|
Uses a known web browser user agent for HTTP communication |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
File created: |
Jump to behavior |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
System Summary: |
|
---|
Found malicious Excel 4.0 Macro |
Source: |
Initial sample: |
Document contains an embedded VBA macro which may execute processes |
Source: |
OLE, VBA macro: |
Name: Auto_Open |
Found Excel 4.0 Macro with suspicious formulas |
Source: |
Initial sample: |
Document contains an embedded VBA macro which executes code when the document is opened / closed |
Source: |
OLE, VBA macro line: |
|||
Source: |
OLE, VBA macro: |
Name: Auto_Open |
Document contains embedded VBA macros |
Source: |
OLE indicator, VBA macros: |
Source: |
Classification label: |
Source: |
File created: |
Jump to behavior |
Source: |
File created: |
Jump to behavior |
Source: |
File read: |
Jump to behavior |
Source: |
Window detected: |
Source: |
Initial sample: |
||
Source: |
Initial sample: |
||
Source: |
Initial sample: |
Source: |
Key opened: |
Jump to behavior |
Source: |
File opened: |
Jump to behavior |
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
190.14.37.46 | unknown | Panama | 52469 | OffshoreRacksSAPA | false | |
91.211.91.83 | unknown | Ukraine | 206638 | HOSTFORYUA | false | |
185.244.149.204 | unknown | Netherlands | 60117 | HSAE | false |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
|
unknown | |
false |
|
unknown | |
false |
|
unknown |