ScreenShot
| Created | 2023.03.16 09:24 | Machine | s1_win7_x6401 |
| Filename | extracted_at_0x1c7bb.rtf | ||
| Type | ASCII text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (RTFMALFORM, Probably Heur, RTFBadHeader) | ||
| md5 | be975b96947f0c9f0a09396755c37ee6 | ||
| sha256 | df8ba07d968e6829a587cea681fe82d51b4f7860d383a52ec43b2dcc3e94f2ba | ||
| ssdeep | 12:SedQIWLHob6WLYmaLYKmWL5WLmWLb6WLahmWL2Qu6WL8FGgmWLxu6WL56WLGjKu2:5E098b8KhVWLhf94hKQu9ogghFu9t9KM | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Libraries known to be associated with a CVE were requested (may be False Positive) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates hidden or system file |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | MS_RTF_Suspicious_documents | Suspicious documents using RTF document OLE object | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|