Report - ....-.......................-.....................................-................w..............................wiz.wiz

RTF File doc
ScreenShot
Created 2021.11.12 10:29 Machine s1_win7_x6401
Filename ....-.......................-.....................................-................w..............................wiz.wiz
Type Rich Text Format data, unknown version
AI Score Not founds Behavior Score
4.4
ZERO API file : clean
VT API (file) 26 detected (Obfuscated, ObfsStrm, Save, CVE-2017-1188, Camelot, Bloodhound, multiple detections, dinbqn, RtfExp, RTFMALFORM, CVE2017, Malformed, ai score=85, ASDOH, Malicious, score, Malform, RTFObfustream, GenericKD)
md5 c4d7770f7d9230c9b9167a4327ae32c7
sha256 f0aa64e048ba6e054e31b86ae0dfdaee0dcdab73e324e7bb926c9dccdee63a14
ssdeep 768:cPaU6Xo3I3ziKJbvR1ejCSOjcLU9vtaOSh:cPaUMwIjiMb32CSO4LG4h
imphash
impfuzzy
  Network IP location

Signature (10cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates hidden or system file
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice RTF file has an unknown version
info One or more processes crashed

Rules (1cnts)

Level Name Description Collection
info Rich_Text_Format_Zero Rich Text Format Signature Zero binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://198.12.127.139/1113/vbc.exe US AS-COLOCROSSING 198.12.127.139 clean
198.12.127.139 US AS-COLOCROSSING 198.12.127.139 clean

Suricata ids



Similarity measure (PE file only) - Checking for service failure