Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: Nuclear report.pps
File size: 838144 bytes
File type: Microsoft Office Document
MD5: 71803d893ed7d052fdb58f10da200fe9
SHA1: 6b7fc67382ba6985bd41784e85e1c5df6dffa6bc
SHA256: 3bb1d1d441ab7412ca429ec2db6dbcf48e2b19323bf589d37698e76dc305044f
SSDEEP: 6144:JUBRnbIWa3gNiZBTQASF9+oCBKyf6g7UixvYlz1M44Y6ivtvLRjLClbaC+UpayBM:JUTRYZBTmHITLBsVbj6baCxm
Reported: 2010-07-21 12:24:36
Detection engine: 193
Result: Embedded Executable
Confidence: 100
Scan hits: 18

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @5888 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: c9b69399459095f1b991eb1997a4d066 More
XOR Key:


Detected entities:

Embedded Executable: This program cannot be run in DOS mode [4174] show hexdump

Embedded Executable: GetSystemMetrics [85400] show hexdump
Embedded Executable: user32.dll [87668] show hexdump
Embedded Executable: CloseHandle [97232] show hexdump
Embedded Executable: CreateFileA [97288] show hexdump
Embedded Executable: GetModuleHandleA [97324] show hexdump
Embedded Executable: GetCommandLineA [97344] show hexdump
Embedded Executable: CreateProcessA [97458] show hexdump
Embedded Executable: EnterCriticalSection [97810] show hexdump
Embedded Executable: GetProcAddress [98030] show hexdump
Embedded Executable: LoadLibraryA [98150] show hexdump
Embedded Executable: ExitProcess [98230] show hexdump
Embedded Executable: GetEnvironmentVariableA [98550] show hexdump
Embedded Executable: KERNEL32 [98802] show hexdump
Embedded Executable: GetMessageA [99056] show hexdump
Embedded Executable: CreateWindowExA [99896] show hexdump
Embedded Executable: RegDeleteKeyA [100718] show hexdump
Embedded Executable: RegOpenKeyExA [100734] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable
Confidence: 100
Scan hits: 18

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Metadata:

Embedded Files

Embedded executables, PDF, or MS Office documents found in this document:

FileFile typeReport

File:
71803d893ed7d052fdb58f10da200fe9.virus-4096-f
MD5:
88264844a45923786dcc0c6eb2d88ba3
SHA1:
13aa69d82318f39e94ef4e364e3a89e952ebe752
SHA256:
213a22dc5e41cb2948d3573020cfdf74cb12989ebf80b8733657d1fa845eead1
SSDeep:
3072:NTMIaFJhU+o6j+zU0n9EoETo8Taana1m+fNS:VdmhLVq/Wnwm

PE32 executable for MS Windows (console) Intel 80386 32-bit

Virus Report
file format executable

File:
71803d893ed7d052fdb58f10da200fe9.virus-147000
MD5:
29fb544962191d296119310a6cfd69ee
SHA1:
79a921791cb101ea111d9f9ceed11f73c84b345c
SHA256:
49a0fb6890c951bf7b854552c213756cda372f977f912e5f730b5067f945e40e
SSDeep:
6144:+MpbIIjE5oXpF4RY7qvKOcy0watOGveXkr8NhlIWGGOVZcNOyV2R/RQ8MEe:+0bqCXpkYCfcIXHxROVON5V2R/it

Microsoft Office Document

Virus Report


Comments (0): show/hide