Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: s.doc
File size: 824465 bytes
File type: Rich Text Format data, version 1, unknown character set
MD5: 99df4eaa5766457bbd22de4bf8f014b1
SHA1: 6a7ee3b506d0f12afcbcc0fbb9ad4c8e366fb672
SHA256: 4289286337598fe88c8a4600765aa60d2630d6bed0ec5036ad769e6cec04514a
SSDEEP: 12288:bLn9RKP17wH/XhcXAm/8wZkhRkKlKCSLOU9AamsAkmdSp6gQBRcXjgyP:bxsN7I/XQAa6hKxKH7Tg6ti
Reported: 2017-01-20 20:08:37
Detection engine: 213
Result: Embedded Executable Transposition cipher This program cannot be run in DOS mode
Confidence: 100
Scan hits: 13

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xor
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @416256 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

Embedded Executable Transposition cipher This program cannot be run in DOS mode: [259807] show hexdump

Embedded Executable: ExitProcess [389512] show hexdump
Embedded Executable: KERNEL32 [400853] show hexdump
Embedded Executable: CreateFileA [411221] show hexdump
Embedded Executable: GetProcAddress [411585] show hexdump
Embedded Executable: LoadLibraryA [411603] show hexdump
Embedded Executable: GetModuleHandleA [411669] show hexdump
Embedded Executable: CloseHandle [411733] show hexdump
Embedded Executable: GetSystemMetrics [412017] show hexdump
Embedded Executable: CreateWindowExA [412255] show hexdump
Embedded Executable: GetMessageA [412721] show hexdump
Embedded Executable: EnterCriticalSection [414475] show hexdump
Embedded Executable: GetCommandLineA [414677] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Executable Transposition cipher This program cannot be run in DOS mode
Confidence: 100
Scan hits: 13

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide