Analyze Result

When the analysis process of the file you have uploaded is completed, you can investigate the details.

Status

The status will be defined as below.

  • Threat Undetected: No suspicious activity was detected.

  • Suspicious: Suspicious activity was detected.

File Details

Title

Description

Mimetype

Mime type of file (ex: application/msword

Size

The space occupied by the file on the disk

MD5

MD5 hash of file

SHA256

SHA256 hash of file

Submission date

Information about when the file was shared

Submitted by

Username of the person who shared the file

Analyze Details

Cubelyzer looks for all OLE files stored in it (e.g. vbaProject.bin, editdata.mso), and identifies all the VBA projects stored in the OLE structure. Each VBA project is parsed to find the corresponding OLE streams containing macro code. In each of these OLE streams, the VBA macro source code is extracted and decompressed (RLE compression).

Looks for specific strings obfuscated with various algorithms (Hex, Base64, StrReverse, Dridex, VBA expressions) and scans the macro source code. Also can be deobfuscate strings to find suspicious keywords, auto-executable macros and potential IOCs (URLs, IP addresses, e-mail addresses, executable filenames, etc).

It shows the results obtained as a result of these examinations. Once a file has been marked as suspicious, the organization must analyze its behavior, identify the attacker, define future steps, then accordingly set the right mitigations.

File Structure

The analyzed file is mapped. In this map, the names of bin, xml and image files can be displayed.

File Metadata

Metadata is information stored in almost any type of file. It can include your name, your company or organization's name, the name of your computer, the name of the network server or drive where you saved the file, personalized comments and the names and times of previous document authors, revisions, or versions. Cubelyzer reveals all metadata of the analyzed file.

Macros

Macros automate frequently used tasks to save time on keystrokes and mouse actions. Many were created by using Visual Basic for Applications (VBA) and are written by software developers. However, some macros can pose a potential security risk. Macros are often used by people with malicious intent to quietly install malware, such as a virus, on your computer or into your organization's network. Cubelyzer reveals all macros of the analyzed file.

Texts

Cubelyzer extracts all the texts in the uploaded file and shows it to you. Sometimes, whether a file is malicious or not can be understood from the texts in it.

Links

Cubelyzer extracts all the links in the uploaded file and shows it to you. The addresses that the malicious file communicates with can be detected by this method.

Images

All images in the document are scanned with the OCR technology. Even if some files are not harmful, images can cheat users. Cubelyzer can be detect and analyze texts of images.

PreviousAnalyzerNextSubmissions

Last updated

Was this helpful?