popup

Report - Quranic Arabic Language Course.docx

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.17 10:20 Machine s1_win7_x6403
Filename Quranic Arabic Language Course.docx
Type Microsoft OOXML
AI Score Not founds Behavior Score
2.4
ZERO API file : clean
VT API (file) 3 detected (CVE-2017-0199, equmby, Probably Heur, W97OleLink)
md5 6af2470805fe10cf881871a6babf9986
sha256 66ddbdfe9328d6a3f49abbb814252617fce0e05934ceeef9813e8bd30385fe50
ssdeep 768:B5KuMwE7M7AGpDn+Rqo4g1e+yn0lKpZwnbm7:B5KuMwEkDeqo4Ee+ynVpOnm
imphash
impfuzzy
  Network IP location

Signature (6cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://behr.ppinewsagency.live/5098/1/1069/2/0/0/0/m/
whois
MD MivoCloud SRL 185.163.45.63 clean
https://behr.ppinewsagency.live/5098/1/1069/2/0/0/0/m/files-3607001e/file.rtf
whois
MD MivoCloud SRL 185.163.45.63 mailcious
https://behr.ppinewsagency.live/5098/1/1069/2/0/0/0/m/files-3607001e/
whois
MD MivoCloud SRL 185.163.45.63 clean
behr.ppinewsagency.live
whois
MD MivoCloud SRL 185.163.45.63 mailcious
185.163.45.63
whois
MD MivoCloud SRL 185.163.45.63 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure