Blind DOCtorAnalysis results
| Feature | Result |
|---|---|
| Verdict | Malicious |
| SHA-256 | 5e84efe4d51ed6e3de4aca32ec599edaf9fd1a2ff1a45dae5d471a53fd121e3e |
| MD5 | c4dc25fdbdc0b722de6cb190e08757ce |
| File size | 1121792 bytes |
| MIME | application/msword |
| File info | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: 1, Template: Normal.dotm, Last Saved By: 1, Revision Number: 13, Name of Creating Application: Microsoft Office Word, Total Editing Time: 21:00, Create Time/Date: Mon Oct 5 16:45:00 2020, Last Saved Time/Date: Tue Oct 6 16:52:00 2020, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0 |
| Matching maldoc templates | TrickBot ZLoader |
| Suspicious findings in the VBA | Write Exec Base64 Strings CreateObject wscript.shell AutoExec run SendKeys Hex Strings shell Call CreateTextFile Chr |
| Malicious methods | LOLBAS |
| URLs | |
| First reported | 16/04/2021 13:20:19 |
| Scanning time | 14.72 sec |
| Consult others | Triage VirusTotal Hybrid Analysis |