Closed cccs-kevin closed 2 years ago
When an Office product uses WMI, this should be flagged as malicious or at least very suspicious.
Samples that raise this signature: https://www.virustotal.com/gui/file/5d3c9aebb0cae9d71e339df6dda52da6679ea1b95090eb51c66032f93516e800 https://www.virustotal.com/gui/file/1efd860e8367e87cfeb1cd59bfdf022f08bd4cf6411c29fdb514730d2f498018 https://www.virustotal.com/gui/file/7e76ae4f9778aa69a4adbf9766d0404ceb040c7db68f9358437c47f96151ee95
When an Office product uses WMI, this should be flagged as malicious or at least very suspicious.
Samples that raise this signature: https://www.virustotal.com/gui/file/5d3c9aebb0cae9d71e339df6dda52da6679ea1b95090eb51c66032f93516e800 https://www.virustotal.com/gui/file/1efd860e8367e87cfeb1cd59bfdf022f08bd4cf6411c29fdb514730d2f498018 https://www.virustotal.com/gui/file/7e76ae4f9778aa69a4adbf9766d0404ceb040c7db68f9358437c47f96151ee95