Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: schet2071.26.02.16.doc
File size: 1208320 bytes
File type: data
MD5: ff995b6b553c6c7e0f22fe81a5149b7b
SHA1: e677cd7402dec6d2f485d93f7183bc3378c2a798
SHA256: 2619f64d92878ec52fe5edd5b3dd6c81c2805794fff5209c5051a9f55e0b5ccb
SSDEEP: 24576:7iSfsnkS2yFQrep8rXxTI69F6eVStnh2YAq2:HlreM799
Reported: 2016-03-02 05:25:03
Detection engine: 213
Result: Suspicious file - MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 75
Scan hits: 2

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: genexploit
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @200192 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 9b7e14df2ffe3c32566f3fff8481c6f2 More
XOR Key:


Detected entities:

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 show hexdump

Embedded Executable Transposition cipher This program cannot be run in DOS mode: [199476] show hexdump

RepositoryStatusMore Info

vicheck.ca

MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158
Confidence: 75
Scan hits: 2

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

reported

click here

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: genexploit - MS Office Exploit RTF MSCOMCTL.OCX RCE CVE-2012-0158 found @16982.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Comments (0): show/hide