Password Protected Microsoft Word Document Analysis | VTI by Score
Try VMRay Analyzer
VTI Information
VTI Score
92 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Documents
Detected Threats
ArrowNetworkConnect to TOR hidden service
Connect to TOR hidden service at "fbbkvm7ezghq4dx3.onion.link".
Connect to TOR hidden service at "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
ArrowNetworkDownload data
Url "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
ArrowNetworkPerform DNS request
Resolve "fbbkvm7ezghq4dx3.onion.link".
Resolve "onion.link".
ArrowNetworkConnect to remote host
Outgoing TCP connection to host "188.166.203.69:80".
Outgoing TCP connection to host "103.198.0.2:443".
ArrowNetworkConnect to HTTP server
Remote address "fbbkvm7ezghq4dx3.onion.link/msbus24.exe".
ArrowVBA MacroExecute application
Shell Environ("temp") + "\test.bat", vbHide
ArrowProcessCreate system object
Create mutex with name "Global\.net clr networking".
ArrowVBA MacroExecute macro on specific worksheet event
Execute macro on "Open Document" event.
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image