Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: 04042017summary.doc
File size: 266659 bytes
File type: Rich Text Format data, version 1, unknown character set
MD5: 996054b4ebf1a81661b6b450113257a2
SHA1: 2d736f3f0d0ab9ac6d80511e848cbf1bfcdabe29
SHA256: 00bc76898f07f18122f386b890d79c9338d223a5b5c89213a4bbf1040bccfa28
SSDEEP: 3072:quIOdIq+UtrBgYP/4usn/beyjgmDW0AA/YsVOK8AVs:E7crBgYP/ds/LO0AA/YsN7q
Reported: 2017-04-06 07:40:06
Detection engine: 213
Result: Embedded Executable
Confidence: 100
Scan hits: 11

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @229632 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable: CloseHandle [219951] show hexdump

Embedded Executable: CreateFileA [220007] show hexdump
Embedded Executable: ExitProcess [220237] show hexdump
Embedded Executable: GetEnvironmentVariableA [220251] show hexdump
Embedded Executable: GetModuleHandleA [220329] show hexdump
Embedded Executable: GetProcAddress [220349] show hexdump
Embedded Executable: LoadLibraryA [220451] show hexdump
Embedded Executable: KERNEL32 [220723] show hexdump
Embedded Executable: CreateWindowExA [220915] show hexdump
Embedded Executable: GetMessageA [221253] show hexdump
Embedded Executable: GetSystemMetrics [221279] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable
Confidence: 100
Scan hits: 11

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide