Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: virus.doc
File size: 1212416 bytes
File type: data
MD5: ae4970e17a9a6089bc98650c307fe06c
SHA1: 7fc23494e8e5e826747e3dd08bfbf6aed4deb357
SHA256: edf1165d9d03455b14a079f87b1d3fe77da1ccf23c9a341f2a9510f14f399d5f
SSDEEP: 24576:87snkhyfcHGE1YxwB2HdBjvo9I2IhBgqcoOn5rGiYdtS6Ij2upbExU:fFdc2Hrjvt2I7HOn5rGv0dWU
Reported: 2016-03-12 14:00:25
Detection engine: 213
Result: MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 5

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: genexploit
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @203264 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 show hexdump

Embedded Executable Transposition cipher This program cannot be run in DOS mode: [202663] show hexdump
Embedded Executable: CreateFileA [291199] show hexdump
Embedded Executable: KERNEL32 [291249] show hexdump
Embedded Executable: GetSystemMetrics [291437] show hexdump

RepositoryStatusMore Info

vicheck.ca

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 100
Scan hits: 5

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

reported

click here

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: genexploit - MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 found @19145.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide