MALICIOUS
122
Risk Score
Heuristics 3
-
ClamAV: Doc.Downloader.Inject-118 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Inject-118
-
XOR-encoded strings (key 0x70) critical SC_XOR_ENCODEDFound 8 Windows library/API name(s) XOR-encoded with single-byte key 0x70: 'kernel32.dll', 'LoadLibraryA', 'LoadLibraryA', 'GetProcAddress', 'GetProcAddress', 'VirtualAlloc', 'VirtualAllocEx', 'CreateProcessA'
Disassembly
x86 disassembly · validity: code (0.705) — 2/3 branch targets land on an instruction boundary (67% coherence)00019C04 1b15021e151c sbb edx, dword ptr [0x1c151e02] 00019C0A 43 inc ebx 00019C0B 42 inc edx 00019C0C 5e pop esi 00019C0D 141c adc al, 0x1c 00019C0F 1c00 sbb al, 0 00019C11 0000 add byte ptr [eax], al 00019C13 0023 add byte ptr [ebx], ah 00019C15 1c15 sbb al, 0x15 00019C17 1570000000 adc eax, 0x70 00019C1C 331c1f xor ebx, dword ptr [edi + ebx] 00019C1F 031538111e14 add edx, dword ptr [0x141e1138] 00019C25 1c15 sbb al, 0x15 00019C27 0023 add byte ptr [ebx], ah 00019C29 2923 sub dword ptr [ebx], esp 00019C2B 2435 and al, 0x35 00019C2D 3d2c330502 cmp eax, 0x205332c 00019C32 02151e04331f add dl, byte ptr [0x1f33041e] 00019C38 1e push ds 00019C39 0402 add al, 2 00019C3B 1f pop ds 00019C3C 1c23 sbb al, 0x23 00019C3E 15042c2315 adc eax, 0x15232c04 00019C43 0206 add al, byte ptr [esi] 00019C45 1913 sbb dword ptr [ebx], edx 00019C47 15032c0000 adc eax, 0x2c03 00019C4C 261902 sbb dword ptr es:[edx], eax 00019C4F 0405 add al, 5 00019C51 111c31 adc dword ptr [ecx + esi], ebx 00019C54 1c1c sbb al, 0x1c 00019C56 1f pop ds 00019C57 133508000007 adc esi, dword ptr [0x7000008] 00019C5D 07 pop es 00019C5E 07 pop es 00019C5F 5e pop esi 00019C60 131419 adc edx, dword ptr [ecx + ebx] 00019C63 17 pop ss
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/iX/1.0/In document text (OLE body)
- http://ns.adobe.com/pdf/1.3/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://www.iec.chIn document text (OLE body)
Open this report in the interactive analyzer, or submit your own file for analysis.