Report - PO20201120 PACKING LIST & INVOICEs.xls

Generic Malware MSOffice File

ScreenShot

Info
Location map


Created	2021.08.03 18:30	Machine	s1_win7_x6402
Filename	PO20201120 PACKING LIST & INVOICEs.xls
Type	CDFV2 Encrypted
AI Score	Not founds	Behavior Score	4.0
ZERO API	file : clean
VT API (file)	23 detected (Hacktool, OLE2, CVE-2018-0802, CVE-2017-1188, probably a variant of Win32, CVE-2018-0798, ai score=100)
md5	4a044c98d5e93a64d63e0bd2aa4f14d8
sha256	fcde7b2708053160d0d4b6347faa1963bd0bc15006a77e65f168a8ae0a31bccd
ssdeep	24576:DWRO9NlvzNvreP9s1zVobNcCYqbqk+c37aTeki7vqkxmiU:DWE9N5xvq+1zVIlu/craTe5vh9U
imphash
impfuzzy

Network IP location

Signature (9cnts)

Level	Description
warning	File has been identified by 23 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Creates (office) documents on the filesystem
notice	Creates hidden or system file
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
info	One or more processes crashed

Rules (2cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (upload)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://45.137.22.103/cctv/vbc.exe whois		RootLayer Web Services Ltd.	45.137.22.103		malware
45.137.22.103 whois		RootLayer Web Services Ltd.	45.137.22.103		malware

Suricata ids

Similarity measure (PE file only) - Checking for service failure