Report - inv_009000987.wbk

RTF File doc
ScreenShot
Created 2021.10.27 17:54 Machine s1_win7_x6402
Filename inv_009000987.wbk
Type Rich Text Format data, unknown version
AI Score Not founds Behavior Score
4.8
ZERO API file : clean
VT API (file) 28 detected (ObfsStrm, CVE-2017-1188, CVE2017, Save, Camelot, Bloodhound, a variant of DOC, Abnormal, dinbqn, Obfuscated, RTFMALFORM, Malformed, ai score=86, ASDOH, Malicious, score, Malform, Probably Heur, RTFBadVersion, GenericKD)
md5 18dd40cd43c42c1fb35bea3f13b4056a
sha256 dba4aece8605ee17c1560428142fd548f00606ef0b4cdf73f9ceb320e829dfa9
ssdeep 768:Rqy2GvbDNR8fIm4HBFVCEyUKjX/y/OV1hm1WtIiUa:RpzEwm4hF8EyfjIOV1h8WtIib
imphash
impfuzzy
  Network IP location

Signature (11cnts)

Level Description
warning File has been identified by 28 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates hidden or system file
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice RTF file has an unknown version
notice Sends data using the HTTP POST Method
info One or more processes crashed

Rules (1cnts)

Level Name Description Collection
info Rich_Text_Format_Zero Rich Text Format Signature Zero binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://secure01-redirect.net/ga21/fre.php RU LLC Baxet 193.38.51.112 clean
http://202.55.132.141/0091/vbc.exe VN ADTEC Media Joint Stock Company 202.55.132.141 clean
secure01-redirect.net RU LLC Baxet 193.38.51.112 clean
193.38.51.112 RU LLC Baxet 193.38.51.112 clean
202.55.132.141 VN ADTEC Media Joint Stock Company 202.55.132.141 mailcious

Suricata ids



Similarity measure (PE file only) - Checking for service failure