Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: EK-1.doc
File size: 230946 bytes
File type: Rich Text Format data, version 1, unknown character set
MD5: 29af48f3566038aab803c77b35a12be5
SHA1: 8526a3b01cba933fe39a3488124be3dad8fca1ed
SHA256: 2bef4cfe4d8aca179b4750361dd82dcdc465b1d82ad7cd06e23eceaac89b7428
SSDEEP: 3072:s9uSOQbzhuWAQ8zbaZ+pF+5NfuFz13p2p:snNnMW6naUp05NfuFz13pK
Reported: 2016-02-25 14:14:59
Detection engine: 213
Result: Embedded Executable Transposition cipher This program cannot be run in DOS mode
Confidence: 100
Scan hits: 7

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @202752 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable Transposition cipher This program cannot be run in DOS mode: [194675] show hexdump

Embedded Executable: LoadLibraryA [204223] show hexdump
Embedded Executable: ExitProcess [204239] show hexdump
Embedded Executable: GetModuleHandleA [204265] show hexdump
Embedded Executable: KERNEL32 [204283] show hexdump
Embedded Executable: GetMessageA [204299] show hexdump
Embedded Executable: CreateWindowExA [204425] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable Transposition cipher This program cannot be run in DOS mode
Confidence: 100
Scan hits: 7

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

reported

click here

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Related Files

FileFile typeReport

File:
EK-1.zip
MD5:
bf790cae01116b13e6c04001babd70ea
SHA1:
774cc099b9ace27b46b9dc484fa10cbb97bd4378
SHA256:
6d38ae5bf72b6f33bc68092f08181f45438a5642451e335171b0d42f779f2077
SSDeep:
1536:qz7JRQzzf4lj0rxClT6VqohgkEUyiawvbZlzJUbeB5lM0:uHQzajSxC6soCkeiTvbbIea0

Zip archive data, at least v2.0 to extract

Virus Report
file format archive


Comments (0): show/hide