Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: qisqiche terjimihal.doc
File size: 142987 bytes
File type: data
MD5: 1ebab4bcf40099de1b715755af990da7
SHA1: 82bfa79f366268aa8a53d57d2516a66d0736e80f
SHA256: d975f86d2292d9af373a1a45010c251315765891f3351bc17a8ab84a32077fde
SSDEEP: 3072:+QV9ug9lQQd4MwhUGokpbOMIdT3wg47s:+29r9xbkpbO913D47s
Reported: 2015-09-05 13:30:05
Detection engine: 213
Result: Embedded Executable
Confidence: 100
Scan hits: 11

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @86016 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable: This program cannot be run in DOS mode [14639] show hexdump

Embedded Executable: user32.dll [82157] show hexdump
Embedded Executable: ExitProcess [82765] show hexdump
Embedded Executable: CreateFileA [82963] show hexdump
Embedded Executable: CloseHandle [82991] show hexdump
Embedded Executable: GetProcAddress [83057] show hexdump
Embedded Executable: LoadLibraryA [83089] show hexdump
Embedded Executable: KERNEL32 [83247] show hexdump
Embedded Executable: GetModuleHandleA [83661] show hexdump
Embedded Executable: GetCommandLineA [83699] show hexdump
Embedded Executable: GetEnvironmentVariableA [83731] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable
Confidence: 100
Scan hits: 11

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Embedded Files

Embedded executables, PDF, or MS Office documents found in this document:

FileFile typeReport

File:
1ebab4bcf40099de1b715755af990da7.virus-14561-f
MD5:
600ba807d69679f3e5a93af5cc85e45f
SHA1:
3db1ac6a4b106097287880025cd96dc9e67f1899
SHA256:
2210a50487012c9acb495d6fad5e4136b999adcc4777e04ddb5efc45eafd758f
SSDeep:
1536:xWZLR+u6yxfidCU8VcwlG4tyEKH/1mLF8uotDP28WVVzs:wR+u3idCU8VDlG4tyN1yHETWVVzs

PE32 executable (GUI) Intel 80386, for MS Windows

Virus Report
file format executable


Comments (0): show/hide