Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: Invoice_101970~1.doc
File size: 522803 bytes
File type: Rich Text Format data, version 1, unknown character set
MD5: 99cf22f4adeb6baf887de7e1eecc4b9e
SHA1: a36c4225af317b6ce3aa6fc14959402e9d6165ab
SHA256: 41791fd591230f430fb33d8f9b4f0812971c99e05a7c7691e3502ba1cc45f9b4
SSDEEP: 12288:a8MFkp0CZ95suKFw2m99ej2l70q9TccyW4Xe4sqy5:a8MFkp1Wfm99ej2yq9Tc7b3E5
Reported: 2016-02-03 20:51:44
Detection engine: 213
Result: MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 12

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: genexploit
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @397824 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 show hexdump

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 show hexdump
Embedded Executable Transposition cipher This program cannot be run in DOS mode: [181889] show hexdump
Embedded Executable: ExitProcess [360250] show hexdump
Embedded Executable: GetProcAddress [389921] show hexdump
Embedded Executable: LoadLibraryA [389939] show hexdump
Embedded Executable: CloseHandle [390077] show hexdump
Embedded Executable: KERNEL32 [390127] show hexdump
Embedded Executable: GetSystemMetrics [390223] show hexdump
Embedded Executable: GetCommandLineA [391839] show hexdump
Embedded Executable: EnterCriticalSection [391905] show hexdump
Embedded Executable: CreateFileA [392803] show hexdump

RepositoryStatusMore Info

vicheck.ca

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 12

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: genexploit - MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 found @14515.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide