MALICIOUS
144
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file exhibits a large slack space anomaly and is flagged as a password-protected archive lure, indicating an attempt to conceal malicious content. Although VBA macros could not be extracted, the presence of numerous embedded URLs suggests a downloader or redirection mechanism. The ClamAV detection further supports its malicious nature.
Heuristics 5
-
ClamAV: Doc.Malware.00536d-6923012-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.00536d-6923012-0
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 212,747 bytes but its declared streams total only 69,815 bytes — 142,932 bytes (67%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTEDThe Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ill3d.com/1685forum/images/avatars/gallery/ini_mod_filezipr.php In document text (OLE body)
- http://www.asistimossaludips.com/wp-admin/css/colors/ectoplasm/mod_filezipr.phpIn document text (OLE body)
- http://www.thirdstreetpartners.com/wp-content/plugins/really-simple-captcha/gentium/mod_filezipr.phpIn document text (OLE body)
- http://www.thesocialreel.com/wp-content/themes/twentyfourteen/css/mod_filezipr.phpIn document text (OLE body)
- http://www.chengyufuke.com/kong/lib/plugins/adminer/mod_filezipr.phpIn document text (OLE body)
- http://www.lojademo2.jstecnologia.com/wp-content/themes/spasalon/option_pannel/mod_filezipr.phpIn document text (OLE body)
- http://www.audioaccess.co.th/wp-content/uploads/2012/05/mod_filezipr.phpIn document text (OLE body)
- http://www.digitalkids.com.br/wp-admin/css/colors/coffee/mod_filezipr.phpIn document text (OLE body)
- http://www.bantuline.com/wp-content/plugins/all-in-one-seo-pack/inc/mod_filezipr.phpIn document text (OLE body)
- http://www.test.hessian-coffee.com/wp-content/plugins/woocommerce/i18n/mod_filezipr.phpIn document text (OLE body)
- http://www.wesandemily.com/hmofr/papkr342/idx_config/mod_filezipr.phpIn document text (OLE body)
- http://www.happyadventure.212dev.com/wp-content/plugins/duplicator/installer/mod_filezipr.phpIn document text (OLE body)
- http://www.jollyhands.com/wp-includes/Text/Diff/Renderer/mod_filezipr.phpIn document text (OLE body)
- http://59.124.65.165/Books/calendarD/txt/_notes/mod_filezipr.phpIn document text (OLE body)
- http://www.test5.ts.com.ps/wermure/wtuds/mod_filezipr.phpIn document text (OLE body)
- http://www.hifi.mocksitetest.com/wp-content/themes/betheme/muffin-options/mod_filezipr.phpIn document text (OLE body)
- http://www.ferretti-simulator.comwp-content/plugins/ewww-image-optimizer/images/mod_filezipr.phpIn document text (OLE body)
- http://www.ugandasurgeons.org/wp-content/themes/colormag/img/mod_filezipr.phpIn document text (OLE body)
- http://www.iss.tiensamedia.com/_rte/plugins/indent/lang/mod_filezipr.phpIn document text (OLE body)
- http://www.sdiarcelia.com/tics/message/output/airnotifier/mod_filezipr.phpIn document text (OLE body)
- http://www.mhmcconsultoria.com/wp-admin/css/colors/coffee/mod_filezipr.phpIn document text (OLE body)
- http://www.marathasellers.com/wp-admin/css/colors/sunrise/mod_filezipr.phpIn document text (OLE body)
- http://www.freebies.shop-mania.info/tyoinvur/wtuds/ini_mod_filezipr.phpIn document text (OLE body)
- http://www.bohoric.si/tyoinvur/sotpie/mod_filezipr.phpIn document text (OLE body)
- http://www.nutrisci.org/pligg/widgets/last_logged_in_users/templates/mod_filezipr.phpIn document text (OLE body)
- http://www.akstrade.com/components/com_user/views/register/mod_filezipr.phpIn document text (OLE body)
- http://www.halo.hoteltravelpro.xyz/wp-content/themes/twentyfifteen/inc/mod_filezipr.phpIn document text (OLE body)
- http://www.kattugla.no/wp-content/themes/twentythirteen/inc/mod_filezipr.phpIn document text (OLE body)
- http://www.blog.interofficesuperwisdom.com/rtypisjw/sotpie/mod_filezipr.phpIn document text (OLE body)
- http://www.curryleaf.co.in/wp-admin/css/colors/ocean/mod_filezipr.phpIn document text (OLE body)
- http://www.ahmedtalat.com/wp-content/plugins/ql-addons/post_types/mod_filezipr.phpIn document text (OLE body)
- http://www.patrol.hakancelik90.tk/wp-content/plugins/js_composer/locale/mod_filezipr.phpIn document text (OLE body)
- http://www.ibercomic.com/wp-content/themes/twentysixteen/genericons/mod_filezipr.phpIn document text (OLE body)
- http://www.thammyhk.com/wp-content/plugins/contact-form-7/images/mod_filezipr.phpIn document text (OLE body)
- http://www.tuinontwerp-caspers.nl/blog/wp-content/uploads/2018/mod_filezipr.phpIn document text (OLE body)
- http://www.letswonderholidays.com/wp-admin/css/colors/coffee/mod_filezipr.phpIn document text (OLE body)
- http://www.m2atech.ma/wp-content/plugins/LayerSlider/wp/mod_filezipr.phpIn document text (OLE body)
- http://www.avto-is.40rus.com/administrator777/components/com_search/models/mod_filezipr.phpIn document text (OLE body)
- http://www.jobs.iekaridaias.gr/wp-content/themes/twentysixteen/inc/mod_filezipr.phpIn document text (OLE body)
- http://www.guzhengchina.cn/wp-content/uploads/2018/08/mod_filezipr.phpIn document text (OLE body)
- http://www.pirateclubcr.com/wp-content/themes/twentyfifteen/js/mod_filezipr.phpIn document text (OLE body)
- http://www.brotherzam.com/wp-content/plugins/products-post-type/includes/mod_filezipr.phpIn document text (OLE body)
- http://www.noithattdc.com/wp-content/cache/et/87/mod_filezipr.phpIn document text (OLE body)
- http://www.gymotg.com/wp-content/themes/athlete/metaboxes/mod_filezipr.phpIn document text (OLE body)
- http://www.artone.mocksitetest.com/wp-content/plugins/contact-form-7/includes/mod_filezipr.phpIn document text (OLE body)
- http://www.nhaplus.net/wp-content/plugins/count-per-day/locale/mod_filezipr.phpIn document text (OLE body)
- http://www.medic2.mocksitetest.com/wp-content/themes/betheme/js/mod_filezipr.phpIn document text (OLE body)
- http://www.haridai.com/Xkeuangan/system/core/compat/mod_filezipr.phpIn document text (OLE body)
- http://www.lovemelos.com/wp-includes/js/tinymce/langs/mod_filezipr.phpIn document text (OLE body)
- http://www.allday360.com/wp-content/plugins/newsletter/emails/mod_filezipr.phpIn document text (OLE body)
+1020 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.