SUSP_VBA_Kernel32_Import_Jun21_1

Rule Info

Description
Detects suspicious VBA Kernel32 imports
Reference
https://www.virustotal.com/gui/user/Hurricane/comments
Tags
['SCRIPT', 'SUSP', 'FILE']
Date
2021-06-26
Required Modules
[]
Rule Hash
a0366476c6227c492af8ca73077140af
Score
70
Av Ratio
9.61
Name
SUSP_VBA_Kernel32_Import_Jun21_1
Author
Florian Roth
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/susp_vba_kernel32_import_jun21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
24
Clean (0 engines)
1

Rule Matches

Total
Timestamp
Hash
Positives
VT
59
2022-05-16 02:31:58
3d0baa6e4183b72ebf82d4dd8d519cd328e743c83d40d96f6824e0ce643665ae
2
60
2022-05-14 01:37:28
b9f83130c8167d97d1234f21c4edb79d6776cb23b2017b3164f3c3f98ba9aa66
2
60
2022-05-13 20:12:44
0fcf6c5f304757c4750490147dd6cbd3ccdf890c752e2b681df8e4cc2e076783
2
60
2022-05-13 15:40:13
c1a4f840985fabeb26b248984eb9b7d617ff6471644cb530a55c299c202c2336
2
58
2022-05-13 12:12:34
5233982ea4dd475fd6e4d7b5fb4af66203b0faad83c2bd7b33641ad11fd7d570
2
59
2022-05-13 10:52:03
f8d5e917250b38e66d6c78be41760d98be58e6d6454670d9361d351cd717fcc2
2
60
2022-05-13 08:07:11
4f26b77177931f5e97f2453b97dff22a047add69dbb63ef61f43701444c49789
2
60
2022-05-13 07:46:52
3dac968071647ae1e2db21a247f9b26e40f5ab4881839bee76119a14de2ab25e
2
43
2022-05-13 04:37:49
192be1293917d45bfa6080b7752ae65aacb762d56b979984484ac0c264106e57
2
55
2022-05-13 04:08:20
b62b648437c17ef1c1e3b2561596d334536448b8f412361a4dc14e6f9322c836
2
57
2022-05-13 03:07:13
b62be29064ae0b5037c13186958a4cb49bf295b92cc71d1e43566ea24ab54f4e
2
60
2022-05-12 23:46:30
e3bfc896593c27d4bf1b551d7ada871b68d47793d047d70410e8bdcde3d18a16
2
60
2022-05-12 21:42:20
ee7b3f90c5b32953465f90a3c7b9d6b735b8362ab56e52edd202dad0aea6cba8
2
60
2022-05-12 20:38:43
241da6cdf53fcd825df0e364c347f6cfd0a6f99b67a884bbef15ccd88834311c
2
60
2022-05-12 18:07:39
1cf0a8c81d2cd2cae0623293c2eb32c54ef5f57c3694f60484d2b4d7a7fcd0ea
2
59
2022-05-12 18:04:49
3aa563e852767c251e2ff892ab03f72f1136e12cb56860970868bf204c992fa6
2
60
2022-05-12 16:11:19
30580adce23ba9d9c44eddee04c9775181b2b7ed2e0b4cea7d7634ff3974e8b7
2
60
2022-05-11 18:09:00
fb991ce2fc64a6ae5348a0daab4814b6f923209190224b75a2244ecc1e4f2034
2
60
2022-05-10 21:10:43
dbd1bd93b817ecca574d00938e22235eb807a4999cfa561be50060300c5f9113
2
59
2022-05-10 21:10:43
50326551cfaa927133c5b1432b81d5c463926dd9d4dd87b44442dbb9178665ba
1
60
2022-05-09 23:26:10
422db6df9bde00429774e6100f41162638ff83683e9d1f059ec9e4298e973a65
2
60
2022-05-09 12:20:55
f59e15cc45d049c0c062c7839d03fc9383d31c498f0198fd381186f26c9d1051
2
59
2022-02-10 03:50:15
d48e5f7685f87fb75329b8543be2c076ace12fd47e9e3e87c6c552755943ad63
0
59
2021-11-11 12:24:17
547fc6201bd798a9dca1f68434b87f166541a5c49a0a683ce6c920ec3b1deff2
30
58
2021-11-11 12:24:11
5f6d7d95b7b0a7944841884f61e6c11a20c39635e1b42a796fa0f6b044216a4c
29
59
2021-11-11 12:22:41
377d1eb3cd7b6a0c2d078829dd36c7fd148c58db8bc78ab9cb17f43961133bff
30
58
2021-11-11 12:21:26
05efee50ab7b81dd92d6e34d160c2735363aeb47e4047a29540faa0093e1d660
22
57
2021-09-24 19:33:23
96911f873172eb9d4617f58ffd3b4c46de6bff2a24a3d911ad50fa3e4567adf7
1
59
2021-08-18 19:32:42
f5b3834ba845f83c44177da4ce0d310657cc45584c692ebe58ab2106b471f3ab
8

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020