Joe Sandbox Cloud Basic Analysis Report
Play interactive tourEdit tour

Windows Analysis Report hancitor.dll

Overview

General Information

Sample Name:hancitor.dll
Analysis ID:527392
MD5:10f35ddd335ecd684cecf96372aac468
SHA1:942574b14f31d8f6fa53ba52362eb1d44ca68735
SHA256:cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914
Tags:dlldocx

Most interesting Screenshot:

Errors
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Machine Learning detection for sample
Document contains an embedded VBA macro which executes code when the document is opened / closed

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

  • AV Detection
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: hancitor.dllReversingLabs: Detection: 20%
Machine Learning detection for sample
Source: hancitor.dllJoe Sandbox ML: detected

System Summary:

barindex
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Source: hancitor.dllStream path 'Macros/VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, read, write
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function pppx, found possibly 'ADODB.Stream' functions open, read, write
Source: hancitor.dllOLE, VBA macro line: Private Sub Document_Open()
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function Document_Open
Source: hancitor.dllReversingLabs: Detection: 20%
Source: classification engineClassification label: mal56.winDLL@0/0@0/0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting11Path InterceptionPath InterceptionScripting11OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 527392 Sample: hancitor.dll Startdate: 23/11/2021 Architecture: WINDOWS Score: 56 5 Multi AV Scanner detection for submitted file 2->5 7 Machine Learning detection for sample 2->7 9 Document contains an embedded VBA with functions possibly related to ADO stream file operations 2->9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
hancitor.dll20%ReversingLabsScript.Dropper.Heuristic
hancitor.dll100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:527392
Start date:23.11.2021
Start time:17:46:56
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 59s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:hancitor.dll
Cookbook file name:defaultwindowsofficecookbook.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:Potential for more IOCs and behavior
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • GSI enabled (VBA)
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal56.winDLL@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .dll
  • Close Viewer
Warnings:
  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/527392/sample/hancitor.dll
Errors:
  • No process behavior to analyse as no analysis process or sample was found

Simulations

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Kulo, Template: Normal.dotm, Last Saved By: Kulo, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Nov 23 11:34:00 2021, Last Saved Time/Date: Tue Nov 23 11:34:00 2021, Number of Pages: 1, Number of Words: 3, Number of Characters: 19, Security: 0
Entropy (8bit):7.902929190158783
TrID:
  • Microsoft Word document (32009/1) 54.23%
  • Microsoft Word document (old ver.) (19008/1) 32.20%
  • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
File name:hancitor.dll
File size:914432
MD5:10f35ddd335ecd684cecf96372aac468
SHA1:942574b14f31d8f6fa53ba52362eb1d44ca68735
SHA256:cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914
SHA512:126bcd8400f551a30f7b0ae5237a85de3df5fb9868d8d21e1e66dfe1fb5c9f1df3d3ccd4432cc59e34829c6f5658029a2487db084194b2697a5f669c1fcd512a
SSDEEP:24576:JEIZ4wAK74NAx5KxZTBG75gd8tYkzyHrSD:J+wZ74Nx3c75OtWyHr
File Content Preview:........................>.......................`...........l...............W...X...Y...Z...[...\...]...^..._...o...p...q...r...s..............................................................................................................................

File Icon

Icon Hash:74f0e4ecccdce0e4

Static OLE Info

General

Document Type:OLE
Number of OLE Files:1

OLE File "hancitor.dll"

Indicators

Has Summary Info:True
Application Name:Microsoft Office Word
Encrypted Document:False
Contains Word Document Stream:True
Contains Workbook/Book Stream:False
Contains PowerPoint Document Stream:False
Contains Visio Document Stream:False
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:True

Summary

Code Page:1252
Title:
Subject:
Author:Kulo
Keywords:
Comments:
Template:Normal.dotm
Last Saved By:Kulo
Revion Number:2
Total Edit Time:0
Create Time:2021-11-23 11:34:00
Last Saved Time:2021-11-23 11:34:00
Number of Pages:1
Number of Words:3
Number of Characters:19
Creating Application:Microsoft Office Word
Security:0

Document Summary

Document Code Page:-535
Number of Lines:1
Number of Paragraphs:1
Thumbnail Scaling Desired:False
Company:
Contains Dirty Links:False
Shared Document:False
Changed Hyperlinks:False
Application Version:1048576
General
Stream Path:Macros/VBA/Module1
VBA File Name:Module1.bas
Stream Size:4012
Data ASCII:. . . . . . . . . J . . . . . . . . . . . . . . . Q . . . E . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:01 16 03 00 00 f0 00 00 00 4a 04 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 51 04 00 00 45 0c 00 00 00 00 00 00 01 00 00 00 69 e8 ea b7 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
VBA Code
General
Stream Path:Macros/VBA/ThisDocument
VBA File Name:ThisDocument.cls
Stream Size:3006
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:01 16 03 00 00 f0 00 00 00 e4 04 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff eb 04 00 00 bb 08 00 00 00 00 00 00 01 00 00 00 69 e8 46 81 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
VBA Code
General
Stream Path:\x1CompObj
File Type:data
Stream Size:114
Entropy:4.2359563651
Base64 Encoded:True
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . .
Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
General
Stream Path:\x5DocumentSummaryInformation
File Type:data
Stream Size:320
Entropy:2.63012313926
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 10 01 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
General
Stream Path:\x5SummaryInformation
File Type:data
Stream Size:412
Entropy:3.07315222578
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . @ . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K u l o . . . . . . . . . . . . . . . . . . . .
Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 ec 00 00 00 09 00 00 00 fc 00 00 00
General
Stream Path:1Table
File Type:data
Stream Size:21295
Entropy:6.46994510864
Base64 Encoded:True
Data ASCII:. . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . .
Data Raw:0a 06 0f 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
General
Stream Path:Data
File Type:data
Stream Size:566105
Entropy:7.97268163388
Base64 Encoded:True
Data ASCII:. . . . D . d . . . . . . . . . . . . . . . . . . . . . . J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B . . . . . . . . . . . . . . . . . . . C . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . y . 6 . . . . . . . . . . . . . . . b . . . . . . . . . ` . > 2 . . . { . . . . . . . . . . . . . . . . . . D . . . . . . . . n . . . . . . ` . > 2 . . . { . . . . . . . . . . P N G . . . . . . . . I H D R . . . . . . . . . . . . | . . . . . . . s R G B . . . .
Data Raw:8a 9d 08 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 fe 4a df 2e e7 01 e7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 42 00 00 00 b2 04 0a f0 08 00 00 00 13 04 00 00 00 0a 00 00 43 00 0b f0 1e 00 00 00 04 41 02 00 00 00 05 c1 06 00 00 00 06 01 02 00 00 00 ff 01 00 00 08 00 79 00 36 00
General
Stream Path:Macros/PROJECT
File Type:ASCII text, with CRLF line terminators
Stream Size:412
Entropy:5.34484833553
Base64 Encoded:True
Data ASCII:I D = " { D 2 6 2 5 B 3 E - 6 5 6 C - 4 3 4 9 - 8 9 C 3 - 7 E 0 D E 9 A 0 6 A 9 8 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 8 1 8 3 5 E 6 6 6 2 6 6 6 2 6 6 6 2 6 6 6 2 " . . D P B = " 0 2 0 0 D D 5 E 5 F 5 F 5 F 5 F 5 F " . . G C = " 8 3 8 1 5 C E 1 D C E 2 D C E 2 2 3 " . . . . [ H o s t E x t e
Data Raw:49 44 3d 22 7b 44 32 36 32 35 42 33 45 2d 36 35 36 43 2d 34 33 34 39 2d 38 39 43 33 2d 37 45 30 44 45 39 41 30 36 41 39 38 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22
General
Stream Path:Macros/PROJECTwm
File Type:data
Stream Size:65
Entropy:3.27802992751
Base64 Encoded:False
Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00
General
Stream Path:Macros/VBA/_VBA_PROJECT
File Type:data
Stream Size:3529
Entropy:4.64044155357
Base64 Encoded:False
Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
Data Raw:cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
General
Stream Path:Macros/VBA/dir
File Type:data
Stream Size:684
Entropy:6.36639493748
Base64 Encoded:True
Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . = . . c . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . . . c .
Data Raw:01 a8 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 3d fc 93 63 06 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30
General
Stream Path:ObjectPool/_1699143983/\x1CompObj
File Type:data
Stream Size:76
Entropy:3.09344952647
Base64 Encoded:False
Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .
Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
General
Stream Path:ObjectPool/_1699143983/\x1Ole10Native
File Type:data
Stream Size:292131
Entropy:7.92720349976
Base64 Encoded:True
Data ASCII:. u . . . . z o r o . k l . C : \\ U s e r s \\ K u l o \\ D e s k t o p \\ N e w f o l d e r \\ z o r o . k l . . . . . ) . . . C : \\ U s e r s \\ K u l o \\ A p p D a t a \\ L o c a l \\ T e m p \\ z o r o . k l . . t . . . . . . . . . . . . . . . . . . . . . . . . . . > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:1f 75 04 00 02 00 7a 6f 72 6f 2e 6b 6c 00 43 3a 5c 55 73 65 72 73 5c 4b 75 6c 6f 5c 44 65 73 6b 74 6f 70 5c 4e 65 77 66 6f 6c 64 65 72 5c 7a 6f 72 6f 2e 6b 6c 00 00 00 03 00 29 00 00 00 43 3a 5c 55 73 65 72 73 5c 4b 75 6c 6f 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 7a 6f 72 6f 2e 6b 6c 00 00 74 04 00 d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00
General
Stream Path:ObjectPool/_1699143983/\x3EPRINT
File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
Stream Size:4976
Entropy:3.39273392095
Base64 Encoded:False
Data ASCII:. . . . l . . . . . . . . . . . & . . . / . . . . . . . . . . . . . . . . . . . E M F . . . . p . . . . . . . . . . . . . . . . . . . . . . . V . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . 5 . . . R . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . e . g . o . e . . U . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . . . . . . .
Data Raw:01 00 00 00 6c 00 00 00 04 00 00 00 00 00 00 00 26 00 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 a5 04 00 00 91 05 00 00 20 45 4d 46 00 00 01 00 70 13 00 00 0d 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 05 00 00 97 02 00 00 69 01 00 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 83 05 00 3a ad 02 00 0a 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00
General
Stream Path:ObjectPool/_1699143983/\x3ObjInfo
File Type:data
Stream Size:6
Entropy:1.25162916739
Base64 Encoded:False
Data ASCII:. . . . . .
Data Raw:00 00 03 00 0d 00
General
Stream Path:WordDocument
File Type:data
Stream Size:4096
Entropy:1.29808369913
Base64 Encoded:False
Data ASCII:. . . . ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b j b j : / : / . . . . . . . . . . . . . . . . . . . . . . . . . . X E . b X E . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:ec a5 c1 00 5d 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 16 08 00 00 0e 00 62 6a 62 6a 3a 2f 3a 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 58 45 1e 62 58 45 1e 62 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly