Malware Hash Query

This utility queries our own database,,, and Team-CYMRU for known malware hashes and links to analysis reports.


File: kuntertip.doc
File size: 345411 bytes
File type: data
MD5: e6cdd9ba9872e3c010b0476196a3a5df
SHA1: f1f87009bcc73d3f06ac5184ec9eb21085c32f1b
SHA256: 029c962ad6c44b481434bf18c0b8d2082236562238a1c19a97a84e13eab1d481
SSDEEP: 6144:kVT1EQDg9gS9+KG5cL1qNGEAWDYZZEtfe/gM9upuE3:kFyQaPvwchqNGn1TEF0kuE
Reported: 2016-09-27 00:00:45
Detection engine: 213
Result: Suspicious file - Embedded Executable
Confidence: 50
Scan hits: 1

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: xordb
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @14561 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @225 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:

Detected entities:

Embedded Executable: This program cannot be run in DOS mode [14639] show hexdump

RepositoryStatusMore Info

Embedded Executable
Confidence: 50
Scan hits: 1

New/Nothing Found


New/Nothing Found


New/Nothing Found


Shellcode Scan:

Shellcode not found.

Exploit Scan:

Exploit: not found.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide