Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: Security instructions from Visa.doc
File size: 256931 bytes
File type: Rich Text Format data, version 1, unknown character set
MD5: 33edc70615de35b71e54f046d7fa3038
SHA1: 5bb2676c916ee71b81ab3e568a8b7321092d3c71
SHA256: 07f89dd94759af3d32448ee4da4f3aa14eb2209cb0469eaed859adccde0cc46a
SSDEEP: 1536:qs5YTOw5Npl9t55G5IJJlDt+U3vVxIuC2PSKb8uTD3H1W+U+KWFel03Gch/Bi:quIOIDl9trkIH+MVxo2PlbXn31xU+u0k
Reported: 2017-03-28 16:03:24
Detection engine: 213
Result: Embedded Executable
Confidence: 100
Scan hits: 11

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @228352 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable: ExitProcess [219951] show hexdump

Embedded Executable: CloseHandle [219965] show hexdump
Embedded Executable: CreateFileA [219995] show hexdump
Embedded Executable: GetEnvironmentVariableA [220207] show hexdump
Embedded Executable: GetModuleHandleA [220267] show hexdump
Embedded Executable: GetProcAddress [220335] show hexdump
Embedded Executable: LoadLibraryA [220417] show hexdump
Embedded Executable: KERNEL32 [220723] show hexdump
Embedded Executable: CreateWindowExA [220915] show hexdump
Embedded Executable: GetMessageA [221253] show hexdump
Embedded Executable: GetSystemMetrics [221279] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable
Confidence: 100
Scan hits: 11

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide