VirusTotal += Docguard

We are excited to announce our integration with DOCGuard for the analysis of
Office documents, PDFs and other file
types as a behavioral analysis engine.   This document analysis collaboration will
allow the community to get the another opinion on the scanned
documents. 

In their own words:

DOCGuard is a malware analysis service, whose main use case
is to integrate with SEGs (Secure Email Gateways) and SOAR
solutions.

 

The service performs a new kind of static analysis called
structural analysis. The structural analysis dissembles the
malwares and passes it to the core engines with respect to
file structure components. By the aid of this approach,
DOCGuard can precisely detect the malwares and extract the
F/P free IOCs and may also identify obfuscation and
encryption in the form of string encoding and document
encryption.

 

The currently supported file types are Microsoft Office
Files, PDFs, HTMLs, HTMs, LNKs, JScripts, ISOs, IMGs, VHDs,
VCFs, and archives(.zip, .rar, .7z etc.). The detailed
findings of the structural analysis are presented in an
aggregated view in the GUI and can be downloaded as a JSON
report and can also be gathered over API.

Going further, users can explore the behavior tab of the file
scanned for more details. In the example below, we see a
detected macro of a malicious Excel XLS file


In a malicious document, we can see memory pattern urls.
9cd785dbcceced90590f87734b8a3dbc066a26bd90d4e4db9a480889731b6d29

Additional examples:

We believe that our integration with DOCGuard is a valuable
addition to our platform and we are excited to offer this new
service to our community. If you have any questions, please do
not hesitate to contact us.

Read more: VirusTotal += Docguard

Story added 20. June 2023, content source with full text you can find at link above.