Report - 1.rtf

Malicious Packer Anti_VM RTF File doc
ScreenShot
Created 2021.11.01 16:24 Machine s1_win7_x6402
Filename 1.rtf
Type Rich Text Format data, version 1, unknown character set
AI Score Not founds Behavior Score
3.0
ZERO API file : clean
VT API (file) 27 detected (CVE-2017-1188, Obfuscated, RTFObfustream, Save, ObfsObjDat, PLBK, Bloodhound, a variant of DOC, Abnormal, Malicious, score, dinbqn, Dztk, RTFMALFORM, Malformed, ai score=86, Probably Heur, RTFObfuscationE)
md5 847446bc1b6221de28dc78cef9d34623
sha256 50cb0313a049f5df3f0fe95dc588bf7dca6ef76a7d713fc4b07348e21134749e
ssdeep 6144:f8jk0y7FXUVW58AspUHC5K2JS1/Gh0Z2+b3vQP5ZYy+sf/ZIsQmo2HhuS:f8Y5JUI56g2JS1/Ghm3vS5ZYylXoch3
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates hidden or system file
notice One or more potentially interesting buffers were extracted
notice RTF file has an unknown character set
info One or more processes crashed

Rules (3cnts)

Level Name Description Collection
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info Rich_Text_Format_Zero Rich Text Format Signature Zero binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
gert.kozow.com BG Belcloud LTD 185.177.59.52 clean
185.177.59.52 BG Belcloud LTD 185.177.59.52 clean

Suricata ids



Similarity measure (PE file only) - Checking for service failure