Password Protected Microsoft Word Document Analysis | VTI by Category
Try VMRay Analyzer
VTI Information
VTI Score
92 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Documents
Detected Threats
ArrowNetwork
Arrow
Connect to TOR hidden service
Connect to TOR hidden service at "fbbkvm7ezghq4dx3.onion.link".
Connect to TOR hidden service at "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
Arrow
Download data
Url "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
Arrow
Perform DNS request
Resolve "fbbkvm7ezghq4dx3.onion.link".
Resolve "onion.link".
Arrow
Connect to remote host
Outgoing TCP connection to host "188.166.203.69:80".
Outgoing TCP connection to host "103.198.0.2:443".
Arrow
Connect to HTTP server
Remote address "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
ArrowProcess
Arrow
Create system object
Create mutex with name "Global\.net clr networking".
ArrowVBA Macro
Arrow
Execute application
Shell Environ("temp") + "\test.bat", vbHide
Arrow
Execute macro on specific worksheet event
Execute macro on "Open Document" event.
-Anti Analysis
-Browser
-Device
-OS
-File System
-Hide Tracks
-Information Stealing
-Injection
-Kernel
-Masquerade
-PE
-Persistence
-User
-YARA
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image