Summary

5940e4_1d6f6958422645b7a7273b85fcb29b6f.pps

File 5940e4_1d6f6958422645b7a7273b85fcb29b6f.pps

Summary
Download Resubmit sample

Size 100.5KB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE EEE, Author: EEE, Keywords: EEE, Last Saved By: Microsoft , Revision Number: 37, Name of Creating Application: Microsoft Office PowerPoint, Total Editing Time: 28:17, Create Time/Date: Sat Feb 27 07:31:42 2021, Last Saved Time/Date: Wed Mar 3 21:42:22 2021, Number of Words: 0
MD5 fb6dd16cd0ebdae5509d6bd489d7ec45
SHA1 ce02dd0215cd0d668d3485311e2b8d8834c60473
SHA256 4e4af36ea7a2acde68aedad308e91306301701c32342ad264cd10d042cc0c944
SHA512
244b3ba12303e7f055fb9e99a912b67bf98575158ef01ef26a9f7cfd8abcff281d21364d48097ff2e003461da81677421a6bfd2a4e545d80e5da6e446b54a86d
CRC32 50C227E6
ssdeep None
Yara
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Aug. 15, 2025, 5:15 a.m. Aug. 15, 2025, 5:16 a.m. 38 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-08-15 05:15:42,002 [root] DEBUG: Starting analyzer from: /tmp/tmpMtInrf
2025-08-15 05:15:42,003 [root] DEBUG: Storing results at: /tmp/YiHtQxSm
2025-08-15 05:15:42,005 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpMtInrf/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpMtInrf/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpMtInrf/lib/core/packages.py", line 47, in choose_package_class
    "{1}".format(full_name, err))
Exception: Unable to select package class (package=modules.packages.ppt): list index out of range
Traceback (most recent call last):
  File "/tmp/tmpMtInrf/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpMtInrf/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpMtInrf/lib/core/packages.py", line 47, in choose_package_class
    "{1}".format(full_name, err))
Exception: Unable to select package class (package=modules.packages.ppt): list index out of range

Cuckoo Log

2025-08-15 05:15:44,588 [cuckoo.core.scheduler] INFO: Task #6833967: acquired machine Ubuntu1904x646 (label=Ubuntu1904x646)
2025-08-15 05:15:44,589 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.106 for task #6833967
2025-08-15 05:15:45,183 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1335352 (interface=vboxnet0, host=192.168.168.106)
2025-08-15 05:15:45,221 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x646
2025-08-15 05:15:46,029 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x646 to Snapshot
2025-08-15 05:16:04,177 [cuckoo.core.guest] INFO: Starting analysis #6833967 on guest (id=Ubuntu1904x646, ip=192.168.168.106)
2025-08-15 05:16:05,186 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: not ready yet
2025-08-15 05:16:10,292 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x646, ip=192.168.168.106)
2025-08-15 05:16:10,325 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x646, ip=192.168.168.106, monitor=latest, size=73219)
2025-08-15 05:16:10,555 [cuckoo.core.resultserver] DEBUG: Task #6833967: live log analysis.log initialized.
2025-08-15 05:16:13,451 [cuckoo.core.guest] INFO: Ubuntu1904x646: analysis completed successfully
2025-08-15 05:16:13,463 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-15 05:16:13,496 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-15 05:16:14,728 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x646 to path /srv/cuckoo/cwd/storage/analyses/6833967/memory.dmp
2025-08-15 05:16:14,729 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x646
2025-08-15 05:16:23,086 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.106 for task #6833967
2025-08-15 05:16:23,423 [cuckoo.core.scheduler] DEBUG: Released database task #6833967
2025-08-15 05:16:23,448 [cuckoo.core.scheduler] INFO: Task #6833967: analysis procedure completed

Signatures

Yara rule detected for file (1 event)
description Detect a MS Office document with embedded VBA macro code rule Contains_VBA_macro_code
File has been identified by 9 AntiVirus engine on IRMA as malicious (9 events)
G Data Antivirus (Windows) Virus: VBA:Amphitryon.4660 (Engine A)
Avast Core Security (Linux) VBA:Dropper-BG [Trj]
Trellix (Linux) W97M/Downloader.dmf trojan
eScan Antivirus (Linux) VBA:Amphitryon.4660(DB)
ESET Security (Windows) VBA/TrojanDownloader.Agent.VRP trojan
DrWeb Antivirus (Linux) Exploit.Siggen3.14655
Bitdefender Antivirus (Linux) VBA:Amphitryon.4660
Kaspersky Standard (Windows) HEUR:Trojan.Script.Generic
Emsisoft Commandline Scanner (Windows) VBA:Amphitryon.4660 (B)
File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)
Lionic Trojan.Script.Generic.a!c
McAfee RDN/Generic Downloader.x
Sangfor Malware.Generic-VBA.Save.Obfuscated
Cyren PP97M/Agent.SK.gen!Eldorado
Symantec W97M.Downloader
ESET-NOD32 VBA/TrojanDownloader.Agent.VRP
Avast VBA:Dropper-BG [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Downloader.Script.Generic
BitDefender Trojan.GenericKD.36450680
MicroWorld-eScan Trojan.GenericKD.36450680
Rising Downloader.Obfuse!8.105AD (TOPIS:E0:ObxPPQsCnfM)
Ad-Aware Trojan.GenericKD.36450680
Emsisoft Trojan.GenericKD.36450680 (B)
DrWeb Exploit.Siggen3.14655
McAfee-GW-Edition BehavesLike.OLE2.Downloader.cr
FireEye Trojan.GenericKD.36450680
Ikarus Trojan-Downloader.VBA.Agent
Avira VBA/Dldr.Agent.fnpdn
MAX malware (ai score=99)
Microsoft TrojanDownloader:O97M/Obfuse.RA!MTB
ViRobot PPT.Z.Agent.102912.C
GData Trojan.GenericKD.36450680
TACHYON Suspicious/X97M.Obfus.Gen.1
Tencent Heur.Macro.Generic.h.661e8fb5
SentinelOne Static AI - Malicious OLE
Fortinet VBA/Agent.EEB5!tr
AVG VBA:Dropper-BG [Trj]
Qihoo-360 virus.office.qexvmc.1065
Screenshots
No screenshots available.
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.