Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: schet2071.01.03.16.doc
File size: 1236712 bytes
File type: data
MD5: 70edefbefaee9a7a1f520b5552ac1a38
SHA1: 545cfbc71be2d1c9db428e8c8b80f647d48ce01d
SHA256: 018ad8199a586c4cbd756d7d3c0ff8882f30d0094ac329c3404b6370ba33b4dc
SSDEEP: 24576:7iSfsnkIUHHHHpIbCL9vtbo4c3fOvDLHB4Fo4O81:vI+L9JrDzKF3l
Reported: 2016-03-02 22:27:53
Detection engine: 213
Result: MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 5

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: genexploit
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @200192 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 show hexdump

Embedded Executable Transposition cipher This program cannot be run in DOS mode: [199476] show hexdump
Embedded Executable: CreateFileA [244418] show hexdump
Embedded Executable: GetModuleHandleA [244468] show hexdump
Embedded Executable: KERNEL32 [244486] show hexdump

RepositoryStatusMore Info

vicheck.ca

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 5

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: genexploit - MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 found @16982.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide