Tuesday, June 20, 2023

, , , , ,

VirusTotal += Docguard

We are excited to announce our integration with DOCGuard for the analysis of Office documents, PDFs and other file types as a behavioral analysis engine.   This document analysis collaboration will allow the community to get the another opinion on the scanned documents. 

In their own words:
DOCGuard is a malware analysis service, whose main use case is to integrate with SEGs (Secure Email Gateways) and SOAR solutions.


The service performs a new kind of static analysis called structural analysis. The structural analysis dissembles the malwares and passes it to the core engines with respect to file structure components. By the aid of this approach, DOCGuard can precisely detect the malwares and extract the F/P free IOCs and may also identify obfuscation and encryption in the form of string encoding and document encryption.


The currently supported file types are Microsoft Office Files, PDFs, HTMLs, HTMs, LNKs, JScripts, ISOs, IMGs, VHDs, VCFs, and archives(.zip, .rar, .7z etc.). The detailed findings of the structural analysis are presented in an aggregated view in the GUI and can be downloaded as a JSON report and can also be gathered over API.

Going further, users can explore the behavior tab of the file scanned for more details. In the example below, we see a detected macro of a malicious Excel XLS file

In a malicious document, we can see memory pattern urls.

Additional examples:

We believe that our integration with DOCGuard is a valuable addition to our platform and we are excited to offer this new service to our community. If you have any questions, please do not hesitate to contact us.