ScreenShot
| Created | 2021.11.01 11:15 | Machine | s1_win7_x6403 |
| Filename | invc_0004500005000.wbk | ||
| Type | Rich Text Format data, unknown version | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (RTFObfustream, Save, ObfsStrm, CVE-2017-1188, Camelot, Bloodhound, a variant of DOC, Abnormal, Malicious, score, dinbqn, RtfExp, Obfuscated, RTFMALFORM, CVE2017, Minerva, klqcl, ai score=81, ASDOH, Malform, Probably Heur, RTFBadVersion, Hupe, GenericKD) | ||
| md5 | 95b2667f1a1f47ebb18aeccc1a229443 | ||
| sha256 | fbfbc6e81fb48d1ee2de7dd6ca830b58f5f5f9c41468052c730222db6bdac7ac | ||
| ssdeep | 768:q3IB+SvswyCkWGP3vKPQ5t6cLsK3D2BdPcET:ASwHWGP3vwkt6U3icET | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates hidden or system file |
| notice | One or more potentially interesting buffers were extracted |
| notice | RTF file has an unknown version |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | Rich_Text_Format_Zero | Rich Text Format Signature Zero | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|