Malware Hash Query

This utility queries our own database,,, and Team-CYMRU for known malware hashes and links to analysis reports.


File: APT_9.DOC
File size: 86096 bytes
File type: Composite Document File V2 Document, No summary info
MD5: c17aa4d63759c7f5c278238f94cfdc99
SHA1: a3bd5d2b20a83ef57d9b3d3ac4071098c34d1adf
SHA256: ab51c51dd26420b61cf201bb56aaf7391cd626f80ecd136a68e50f272a6abc2e
SSDEEP: 768:USPaCzA6HGGXNmCIcVsx5yaXcpK3qSjoiP2rmhlXykQW:YHw59lSx5RXh3qkoiemhAk7
Reported: 2016-07-07 15:28:37
Detection engine: 213
Result: MS Office encrypted document
Confidence: 100
Scan hits: 8

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: genexploit
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @40960 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 10cb9b876fd84714525752ae6ebd54a2 More
XOR Key:

Detected entities:

MS Office encrypted document show hexdump

Embedded Executable: This program cannot be run in DOS mode [40094] show hexdump
Embedded Executable: GetModuleHandleA [48600] show hexdump
Embedded Executable: GetProcAddress [48634] show hexdump
Embedded Executable: LoadLibraryA [48652] show hexdump
Embedded Executable: CreateProcessA [48704] show hexdump
Embedded Executable: KERNEL32 [48736] show hexdump
Embedded Executable: Advapi32.dll [52404] show hexdump

RepositoryStatusMore Info

MS Office encrypted document
Confidence: 100
Scan hits: 8

New/Nothing Found


New/Nothing Found


New/Nothing Found


Shellcode Scan:

Shellcode not found.

Exploit Scan:

Exploit: genexploit - MS Office encrypted document found @9260.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide