popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xlaisveryeasyprocesstoloveherwithallhappinessandkindofloverwhichwecantell__ireallylovehertrulyfromthe.doc

MS_RTF_Obfuscation_Objects doc RTF File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 16, 2024, 3:23 p.m. April 16, 2024, 3:23 p.m.
Size 71.6KB
Type Rich Text Format data, version 1, unknown character set
MD5 48a9554413e1893bd21a8e1b31d42d7a
SHA256 7c7a8c8c4c2bcc488c2eaff4baad7d097118b3127deb59c8726f7e4f4c2dcbc5
CRC32 422EF9FB
ssdeep 1536:aG5d5pXKc0aGmXb+VlVmcCJFnxvHbOmt1YJt0oQG5J6qQty8mbNhqfWgqOwz2RL8:aGX5pXb0aGqbIlVmcCJFnxKmt1YJt00L
Yara
  • SUSP_INDICATOR_RTF_MalVer_Objects - Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.
  • Rich_Text_Format_Zero - Rich Text Format Signature Zero

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

filetype_details Rich Text Format data, version 1, unknown character set filename xlaisveryeasyprocesstoloveherwithallhappinessandkindofloverwhichwecantell__ireallylovehertrulyfromthe.doc
CAT-QuickHeal Exp.RTF.Obfus.Gen
Skyhigh Exploit-CVE2017-11882.z
McAfee Exploit-CVE2017-11882.z
VIPRE Exploit.RTF-ObfsStrm.Gen
Sangfor Exploit.Generic-Doc.Save.74c7ccbf
Arcabit Exploit.RTF-ObfsStrm.Gen
Symantec Bloodhound.RTF.20
ESET-NOD32 multiple detections
Avast RTF:Obfuscated-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Exploit.RTF-ObfsStrm.Gen
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn
MicroWorld-eScan Exploit.RTF-ObfsStrm.Gen
Emsisoft Exploit.RTF-ObfsStrm.Gen (B)
F-Secure Heuristic.HEUR/Rtf.Malformed
DrWeb Exploit.Rtf.Obfuscated.32
TrendMicro HEUR_RTFMALFORM
FireEye Exploit.RTF-ObfsStrm.Gen
Sophos Troj/RtfExp-EQ
Ikarus Exploit.CVE-2017-11882
Google Detected
Avira HEUR/Rtf.Malformed
Antiy-AVL Trojan[Exploit]/OLE2.CVE-2017-11882
ZoneAlarm HEUR:Exploit.MSOffice.Generic
GData Exploit.RTF-ObfsStrm.Gen
Varist CVE-2017-11882.C.gen!Camelot
AhnLab-V3 RTF/Malform-A.Gen
Zoner Probably Heur.RTFObfuscation
Tencent Exp.Office.CVE-2017-11882.a
MAX malware (ai score=80)
AVG RTF:Obfuscated-gen [Trj]