Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: chaqiriq.doc
File size: 334757 bytes
File type: data
MD5: 5dc62a802210b2d20a9b9c2d23b1efbf
SHA1: 9013b85f32393f09a9e94fbfbc7cdbaf03ec64e7
SHA256: 248103de8c038c359c84e622388950721089d0105a02136a0e52fcb88ee3e57d
SSDEEP: 6144:khT1EQDg9gS9+KG5cL1qNGEAWDYZZEhPP+0F2aX2d2+Y:khyQaPvwchqNGn1TEhW0Fgd2l
Reported: 2016-09-06 10:07:49
Detection engine: 213
Result: Suspicious file - Embedded Executable
Confidence: 50
Scan hits: 1

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xordb
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @14561 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @225 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable: This program cannot be run in DOS mode [14639] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable
Confidence: 50
Scan hits: 1

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Embedded Files

Embedded executables, PDF, or MS Office documents found in this document:

FileFile typeReport

File:
e6cdd9ba9872e3c010b0476196a3a5df.virus-14336-f
MD5:
c9d2eac2c5c415f94ad599d1327f1e8f
SHA1:
ff94506e929ff3440a2bb70060ab9d1729247255
SHA256:
e1e5bdecaa621a45c97fc732917c1c36bfd8d83158c88a3f444536c3e2bd389b
SSDeep:
3072:pRp5nnCv84Qyp294MEQ9msWDEzl3Ew7WI0/Y7glekCif503ykKU/+6p2/8/Hkb:DG8Nypeg5k0//Y7gxCiCZDp9/

PE32 executable (GUI) Intel 80386, for MS Windows

Virus Report
file format executable

File:
e208251c3837c32f1886629ba5484189.virus-14336-f
MD5:
c9d2eac2c5c415f94ad599d1327f1e8f
SHA1:
ff94506e929ff3440a2bb70060ab9d1729247255
SHA256:
e1e5bdecaa621a45c97fc732917c1c36bfd8d83158c88a3f444536c3e2bd389b
SSDeep:
3072:pRp5nnCv84Qyp294MEQ9msWDEzl3Ew7WI0/Y7glekCif503ykKU/+6p2/8/Hkb:DG8Nypeg5k0//Y7gxCiCZDp9/

PE32 executable (GUI) Intel 80386, for MS Windows

Virus Report
file format executable

File:
5dc62a802210b2d20a9b9c2d23b1efbf.virus-14336-f
MD5:
c9d2eac2c5c415f94ad599d1327f1e8f
SHA1:
ff94506e929ff3440a2bb70060ab9d1729247255
SHA256:
e1e5bdecaa621a45c97fc732917c1c36bfd8d83158c88a3f444536c3e2bd389b
SSDeep:
3072:pRp5nnCv84Qyp294MEQ9msWDEzl3Ew7WI0/Y7glekCif503ykKU/+6p2/8/Hkb:DG8Nypeg5k0//Y7gxCiCZDp9/

PE32 executable (GUI) Intel 80386, for MS Windows

Virus Report
file format executable


Comments (0): show/hide