서울대학교 교육저널 교지편집위원회(설명).hwp
This report is generated from a file or URL submitted to this webservice on May 23rd 2017 05:12:57 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v6.50 © Hybrid Analysis
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 2
-
Environment Awareness
-
Possibly tries to implement anti-virtualization techniques
- details
- "<$?1HK#EN'$+Wv[&R3z/]Mp%<T@_TtI7q62v9LEJq_o#Co"`|?xoUBl|[ow"vCRCocQi9G&h=jFb\GqP2bEzF`%tK>qpp!>'9o#nQiXUt?m,90;AoUl|[;ok0prVBOXfT&Vh}P" (Indicator: "vbox")
- source
- File/Memory
- relevance
- 4/10
-
Possibly tries to implement anti-virtualization techniques
-
Unusual Characteristics
-
Contains embedded string with suspicious keywords
- details
- Found suspicious keyword "Windows" which indicates: "May enumerate application windows (if combined with Shell.Application object)"
- source
- File/Memory
- relevance
- 10/10
-
Contains embedded string with suspicious keywords
-
Informative 15
-
Environment Awareness
-
Reads the active computer name
- details
- "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
- source
- Registry Access
- relevance
- 5/10
-
Reads the cryptographic machine GUID
- details
- "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
-
Reads the registry for installed applications
- details
-
"WINWORD.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\WINWORD.EXE")
"WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\WINWORD.EXE") - source
- Registry Access
- relevance
- 10/10
-
Reads the active computer name
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/55 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates a writable file in a temporary directory
- details
-
"WINWORD.EXE" created file "%TEMP%\~DF0FC7F96B6CEFE36B.TMP"
"WINWORD.EXE" created file "%TEMP%\~DFADE52EB45A65BF96.TMP"
"WINWORD.EXE" created file "%TEMP%\~DFE8917D6D5778A699.TMP"
"WINWORD.EXE" created file "%TEMP%\~DFF5420E83FCE48AA9.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF74D57BC989768D62.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF1A173B3A3733EB34.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF543302D65D02E3D4.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF24696CC0147DAFB3.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF6523B0EF1DDD081A.TMP" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"Local\ZoneAttributeCacheCounterMutex"
"Local\ZonesLockedCacheCounterMutex"
"Global\552FFA80-3393-423d-8671-7BA046BB5906"
"Local\10MU_ACBPIDS_S-1-5-5-0-61684"
"Local\ZonesCounterMutex"
"Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCacheCounterMutex"
"Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\10MU_ACB10_S-1-5-5-0-61684"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-61684"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-61684"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000" - source
- Created Mutant
- relevance
- 3/10
-
Loads rich edit control libraries
- details
- "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 695A0000
- source
- Loaded Module
-
Scanning for window names
- details
-
"WINWORD.EXE" searching for class "REListbox20W"
"WINWORD.EXE" searching for class "OfficeTooltip"
"WINWORD.EXE" searching for class "MsoCommandBarPopup"
"WINWORD.EXE" searching for class "MSOBALLOON"
"WINWORD.EXE" searching for class "MsoHelp10"
"WINWORD.EXE" searching for class "AgentAnim" - source
- API Call
- relevance
- 10/10
-
Creates a writable file in a temporary directory
-
Installation/Persistance
-
Dropped files
- details
-
"_ _ _.hwp.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Tue May 23 03:14:29 2017 mtime=Tue May 23 03:14:29 2017 atime=Tue May 23 03:14:35 2017 length=311296 window=hide"
"index.dat" has type "data"
"~WRD0000.doc" has type "dBase IV DBT of \241.DBF blocks size 14680081 next free block index 13566160 1st item "\377""
"~$_ _.hwp.doc" has type "data"
"~WRS{A5A23E13-98F0-48A1-BE0E-77EB9A41D801}.tmp" has type "data"
"~WRD0002.doc" has type "dBase IV DBT of \241.DBF blocks size 14680081 next free block index 13566160 1st item "\377""
"~WRS{2ACD758C-FAD3-4C7E-AD01-43597AA6D2F2}.tmp" has type "FoxPro FPT blocks size 0 next free block index 218103808 1st used item "\375""
"ExcludeDictionaryEN0409.lex" has type "Little-endian UTF-16 Unicode text with no line terminators"
"~WRD0001.doc" has type "dBase IV DBT of \241.DBF blocks size 14680081 next free block index 13566160 1st item "\377""
"~$Normal.dotm" has type "data" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"WINWORD.EXE" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
"WINWORD.EXE" touched file "%WINDIR%\Fonts\staticcache.dat"
"WINWORD.EXE" touched file "%WINDIR%\system32\en-US\USER32.dll.mui"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll"
"WINWORD.EXE" touched file "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll"
"WINWORD.EXE" touched file "%WINDIR%\system32\en-US\SETUPAPI.dll.mui"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
"WINWORD.EXE" touched file "%WINDIR%\system32\rsaenh.dll"
"WINWORD.EXE" touched file "%WINDIR%\system32\en-US\KERNELBASE.dll.mui"
"WINWORD.EXE" touched file "%WINDIR%\System32\msxml6r.dll"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2ACD758C-FAD3-4C7E-AD01-43597AA6D2F2}.tmp"
"WINWORD.EXE" touched file "%WINDIR%\system32\en-US\MSCTF.dll.mui" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "UXpKwric,b=Eg:#b0`'Yf>FB-vOPj34]$/~3V^oosX~hwTuNi>Uo6`;'B;oO#ho%SFp;S$Pj3.Ae"
Heuristic match: "bHD H.o/Ye$@$@$|6{$HD HD Hk@ mkq!HD HD HoD HD HD 2fD HD HD |6 HD HD Hk@ mkq!HD HD HoD HD HD 2N:6-wz1nn< @>77?HB*#AoMmJu7~KNB.My"
Pattern match: "cnNI1DH.GEKW/$o7aQ?ZknaM\p"
Pattern match: "JIu.DW/_&d"
Pattern match: "nQ.lV/G^`KLOOA!RR0mh\\VC_-#M!1ph4pPI"
Heuristic match: "^~_m}o:j!4YvO$gFHUlFtPZB3+W;d3<wruMp{$)x+$,&BG`0Dtn|5tY1+TpN.ch"
Pattern match: "I.kZ/mku~@Og`wHlaA'[wGyr"
Pattern match: "Cv2.CeK/X]:LyOZBp[Nh7alVKKV\@$VC|x5\D"
Heuristic match: "UX9 pK`wri 9 c! ,b=Eg: :#b0`'Y f>FB: -vO Pj0 34 ]$/~3V^oos X~ hwTuNi>Uo6`; : 'B;oO & # ho%SFp! ;S}$xPj3.Ae"
Heuristic match: "xb& 0 HD H.!o/Ye$0 @$0 @$|: 6{$HD HD Hk@ mkq!HD HD H!oD HD HD 2fD HD HD |: 6 HD HD Hk@ mkq!HD HD H!oD HD HD 2N:6-wz1nn<0 @>7: 7?HB *#AoMmJu7~K: NB.My" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Hooks API calls
- details
-
"SysFreeString@OLEAUT32.DLL" in "WINWORD.EXE"
"SysAllocStringByteLen@OLEAUT32.DLL" in "WINWORD.EXE"
"VariantChangeType@OLEAUT32.DLL" in "WINWORD.EXE"
"OleLoadFromStream@OLE32.DLL" in "WINWORD.EXE"
"VariantClear@OLEAUT32.DLL" in "WINWORD.EXE" - source
- Hook Detection
- relevance
- 10/10
-
Queries sensitive IE security settings
- details
- "WINWORD.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
-
Hooks API calls
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"WINWORD.EXE" wrote bytes "78636570" to virtual address "0x69F0BE64" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "8bf1810e" to virtual address "0x6ABFBE64" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "00000000" to virtual address "0x69F17FA4" (part of module "WPFT632.CNV")
"WINWORD.EXE" wrote bytes "47ca03e7" to virtual address "0x69CCCA70" (part of module "GFX.DLL")
"WINWORD.EXE" wrote bytes "e99a5443f0" to virtual address "0x76A63E59" ("SysFreeString@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "00000000" to virtual address "0x6AC17FA4" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "e99e482df0" to virtual address "0x76B93D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
"WINWORD.EXE" wrote bytes "89018b4d" to virtual address "0x6AC0BE64" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "9a2735e6" to virtual address "0x69F510AC" (part of module "MSPTLS.DLL")
"WINWORD.EXE" wrote bytes "289403e7" to virtual address "0x640378E4" (part of module "OART.DLL")
"WINWORD.EXE" wrote bytes "6a5203e7" to virtual address "0x6822F530" (part of module "WWLIB.DLL")
"WINWORD.EXE" wrote bytes "e9603344f0" to virtual address "0x76A64731" ("SysAllocStringByteLen@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "0200a1b0" to virtual address "0x6AC41524" (part of module "WKS9PXY.CNV")
"WINWORD.EXE" wrote bytes "c4cab87680bbb876fc1db4769fbbb87608bbb87646ceb8766138b976de2fb976d0d9b8760000000017792c774f912c777f6f2c77f4f72c7711f72c77f2832c77857e2c7700000000" to virtual address "0x69CA1000" (part of module "MSIMG32.DLL")
"WINWORD.EXE" wrote bytes "affe27e6" to virtual address "0x695E9904" (part of module "RICHED20.DLL")
"WINWORD.EXE" wrote bytes "6e6e6e6e" to virtual address "0x6AB663DC" (part of module "WPFT532.CNV")
"WINWORD.EXE" wrote bytes "e9239946f0" to virtual address "0x76A65DEE" ("VariantChangeType@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "31002d00" to virtual address "0x6AC263DC" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "1ac064fd" to virtual address "0x69F3BE64" (part of module "MSCONV97.DLL")
"WINWORD.EXE" wrote bytes "e5fd97e7" to virtual address "0x670C0BA8" (part of module "MSO.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Reads information about supported languages
- details
-
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000401")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000040D")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000041E")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000042A")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000439")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000420")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000429")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000402")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000403")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000404")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000405")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000406")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000407")
"WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000408") - source
- Registry Access
- relevance
- 3/10
-
Installs hooks/patches the running process
File Details
서울대학교 교육저널 교지편집위원회(설명).hwp
- Filename
- 서울대학교 교육저널 교지편집위원회(설명).hwp
- Size
- 304KiB (311296 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, No summary info
- Architecture
- WINDOWS
- SHA256
- 952be444df940bef4e35967170e091ba5475bc9857bf29d705018a27917d83c6
- MD5
- c0042fdddb332d9bf285ecb60eca5634
- SHA1
- b80408b6cc6dc81fdf6b306c911f8c00958b6454
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- WINWORD.EXE /n "C:\_ _ _.hwp.doc" (PID: 3156)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative Selection 2
-
-
~WRD0001.doc
- Size
- 608KiB (622592 bytes)
- Type
- doc office
- Description
- dBase IV DBT of \241.DBF, blocks size 14680081, next free block index 13566160, 1st item "\377"
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- 7f89fa205f0101f8d49a594f686f7cb2
- SHA1
- 4d6ec20ee2674993b384b842c831e7b05cc46a67
- SHA256
- 041155e9b39ab2a3dd2a168e08bad2f33bc7fb9263f85549c8403ab9c0eaedcc
-
~WRD0002.doc
- Size
- 608KiB (622592 bytes)
- Type
- doc office
- Description
- dBase IV DBT of \241.DBF, blocks size 14680081, next free block index 13566160, 1st item "\377"
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- 7f89fa205f0101f8d49a594f686f7cb2
- SHA1
- 4d6ec20ee2674993b384b842c831e7b05cc46a67
- SHA256
- 041155e9b39ab2a3dd2a168e08bad2f33bc7fb9263f85549c8403ab9c0eaedcc
-
-
Informative 8
-
-
_ _ _.hwp.LNK
- Size
- 458B (458 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue May 23 03:14:29 2017, mtime=Tue May 23 03:14:29 2017, atime=Tue May 23 03:14:35 2017, length=311296, window=hide
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- ec7356bcd9582cfdb2be6ef51fb3ed43
- SHA1
- 034019f6906e53222f6c86f056fb0e36b0adb49c
- SHA256
- 19717bb535899310122e8f5fdf40b84802adc0649b36be83eb3fe14c81951ecc
-
index.dat
- Size
- 147B (147 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- 80a24c43b3ddca105f34cba9ef9bc22b
- SHA1
- 4e341a10f40ee9456a4598cf3092203460ec20d3
- SHA256
- 7f82c7f63697fbd155c0275841e76f091b3899f383c09a6a6f03427617f8dd9e
-
~$Normal.dotm
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- c31cd1b511ae23ed6e9023b69fe88312
- SHA1
- 73cf3d484613dc68d8a4da27b7aa242579e4ef82
- SHA256
- 96e5cdf8d9ff7ffe7c71f0abceb0d6caa247edbce3c1d0d7f69edc35b6c5c270
-
ExcludeDictionaryEN0409.lex
- Size
- 2B (2 bytes)
- Type
- text
- Description
- Little-endian UTF-16 Unicode text, with no line terminators
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- f3b25701fe362ec84616a93a45ce9998
- SHA1
- d62636d8caec13f04e28442a0a6fa1afeb024bbb
- SHA256
- b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
-
~WRD0000.doc
- Size
- 608KiB (622592 bytes)
- Type
- doc office
- Description
- dBase IV DBT of \241.DBF, blocks size 14680081, next free block index 13566160, 1st item "\377"
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- 7f89fa205f0101f8d49a594f686f7cb2
- SHA1
- 4d6ec20ee2674993b384b842c831e7b05cc46a67
- SHA256
- 041155e9b39ab2a3dd2a168e08bad2f33bc7fb9263f85549c8403ab9c0eaedcc
-
~WRS{2ACD758C-FAD3-4C7E-AD01-43597AA6D2F2}.tmp
- Size
- 1KiB (1024 bytes)
- Type
- unknown
- Description
- FoxPro FPT, blocks size 0, next free block index 218103808, 1st used item "\375"
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- 5d4d94ee7e06bbb0af9584119797b23a
- SHA1
- dbb111419c704f116efa8e72471dd83e86e49677
- SHA256
- 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
-
~WRS{A5A23E13-98F0-48A1-BE0E-77EB9A41D801}.tmp
- Size
- 1.5KiB (1536 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- ef38d60fc081d466930b6ce54b76c356
- SHA1
- 5cf96f3045738580a54e32b6a58bd23b1149de8e
- SHA256
- c63443139889e2d9622ae56eff129b0c005f66df8d2322b8de945fc9107ff0ed
-
~$_ _.hwp.doc
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3156)
- MD5
- c31cd1b511ae23ed6e9023b69fe88312
- SHA1
- 73cf3d484613dc68d8a4da27b7aa242579e4ef82
- SHA256
- 96e5cdf8d9ff7ffe7c71f0abceb0d6caa247edbce3c1d0d7f69edc35b6c5c270
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Extracted file "~$_ _.hwp.doc" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/96e5cdf8d9ff7ffe7c71f0abceb0d6caa247edbce3c1d0d7f69edc35b6c5c270/analysis/1495509679/")
- Extracted file "~WRD0000.doc" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/041155e9b39ab2a3dd2a168e08bad2f33bc7fb9263f85549c8403ab9c0eaedcc/analysis/1495509678/")
- Not all sources for signature ID "api-55" are available in the report
- Not all sources for signature ID "api-70" are available in the report
- Not all sources for signature ID "hooks-8" are available in the report
- Not all sources for signature ID "registry-25" are available in the report