LetsDefend : Presentation As a Malware

Can ppt file be malware?

File link: https://app.letsdefend.io/download/downloadfile/PO00187.zip/
Password: infected

Load up the malware in VirusTotal and examine the analysis. Sign up for an account to view more details.

Question 1

What was the general name / category of the malicious file in the analyzed ppt file?

A number of security vendor’s have labeled them as a VB Trojan.

Question 2

Which of the url addresses it communicates with has been detected as harmful by sandboxes?

Examine the URL that has the most detections.

Question 3

What is the name of the htm file that drops to disk?

Question 4

Which process is running to persistent under mshta.exe after the relevant malware runs?

Found a good resource on persistence scheduled tasks here.

Question 5

If there was a snort IDS in the environment at the time of the incident, which rules would it match?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: