| SHA256: | 4dd1866e4bedd4fb7005c8d5a3bf6f395030b40a75bb2afabfd5153658d16a24 |
| Detection ratio: | 16 / 59 |
| Analysis date: | 2018-04-03 13:44:39 UTC ( 1 year ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AegisLab | Exploit.Msoffice.Cve!c | 20180403 |
| CAT-QuickHeal | Exp.RTF.CVE-2017-11882.AF | 20180403 |
| DrWeb | Trojan.Trick.45194 | 20180403 |
| Fortinet | W32/Kryptik.GCVH!tr | 20180403 |
| Ikarus | Win32.SuspectCrc | 20180403 |
| Kaspersky | HEUR:Exploit.MSOffice.CVE-2017-8570.a | 20180403 |
| NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn | 20180403 |
| nProtect | Suspicious/RTF.Agent.Gen | 20180403 |
| Qihoo-360 | virus.exp.21711882.c | 20180403 |
| Rising | Exploit.CVE-2017-8570!1.AFC6 (CLASSIC) | 20180403 |
| Sophos AV | Mal/Generic-S | 20180403 |
| Symantec | ML.Attribute.HighConfidence | 20180403 |
| TrendMicro | BAT_LOKI.LKM | 20180403 |
| TrendMicro-HouseCall | BAT_LOKI.LKM | 20180403 |
| ZoneAlarm by Check Point | HEUR:Trojan.Win32.Generic | 20180403 |
| Zoner | Probably RTFBadHeader | 20180403 |
| Ad-Aware | 20180403 | |
| AhnLab-V3 | 20180403 | |
| Alibaba | 20180403 | |
| ALYac | 20180403 | |
| Antiy-AVL | 20180403 | |
| Arcabit | 20180403 | |
| Avast | 20180403 | |
| Avast-Mobile | 20180403 | |
| AVG | 20180403 | |
| Avira (no cloud) | 20180403 | |
| AVware | 20180403 | |
| Baidu | 20180403 | |
| BitDefender | 20180403 | |
| Bkav | 20180403 | |
| ClamAV | 20180403 | |
| CMC | 20180403 | |
| Comodo | 20180403 | |
| CrowdStrike Falcon (ML) | 20170201 | |
| Cybereason | None | |
| Cyren | 20180403 | |
| eGambit | 20180403 | |
| Emsisoft | 20180403 | |
| Endgame | 20180403 | |
| ESET-NOD32 | 20180403 | |
| F-Prot | 20180403 | |
| F-Secure | 20180403 | |
| GData | 20180403 | |
| Sophos ML | 20180121 | |
| Jiangmin | 20180403 | |
| K7AntiVirus | 20180403 | |
| K7GW | 20180403 | |
| Kingsoft | 20180403 | |
| Malwarebytes | 20180403 | |
| MAX | 20180403 | |
| McAfee | 20180403 | |
| McAfee-GW-Edition | 20180403 | |
| Microsoft | 20180403 | |
| eScan | 20180403 | |
| Palo Alto Networks (Known Signatures) | 20180403 | |
| Panda | 20180403 | |
| SentinelOne (Static ML) | 20180225 | |
| SUPERAntiSpyware | 20180403 | |
| Symantec Mobile Insight | 20180401 | |
| Tencent | 20180403 | |
| TheHacker | 20180330 | |
| Trustlook | 20180403 | |
| VBA32 | 20180403 | |
| VIPRE | 20180403 | |
| ViRobot | 20180403 | |
| WhiteArmor | 20180324 | |
| Yandex | 20180403 | |
| Zillya | 20180402 |
The file being studied is a Rich Text Format file!
RTF is a proprietary document file format with published specification
developed by Microsoft Corporation since 1987 for Microsoft products and for
cross-platform document interchange.
Document properties
Non ascii characters
1515
Embedded drawings
0
Rtf header
rt
Read only protection
False
User protection
False
Default character set
ANSI (default)
Custom xml data properties
0
Dos stubs
0
Objects
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
OLE embedded (ShockwaveFlash.ShockwaveFlash.23)
OLE control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
Hypertext Markup Language (HTML) control (ShockwaveFlash.ShockwaveFlash.23)
OLE embedded (ShockwaveFlash.ShockwaveFlash.23)
OLE control (ShockwaveFlash.ShockwaveFlash.23)
Embedded pictures
1
Longest hex string
206196
File identification
MD5 c545884cf6e9990e3e60cf198a215532
SHA1 5e0ab852faa11109241364a6c3633d245d8ecb5c
SHA256 4dd1866e4bedd4fb7005c8d5a3bf6f395030b40a75bb2afabfd5153658d16a24
ssdeep
6144:/V2wBM3ZchWk/MkGIurZxTBSZuVidUF5MXuHI:N+WhWEyIurZnSZu+UvOuo
File size
370.8 KB ( 379679 bytes )
File type Rich Text Format
Magic literal
ASCII text, with very long lines
| TrID |
Poser pose (100.0%) |
Tags
ole-embedded
rtf
cve-2017-11882
ole-control
cve-2017-8570
exploit
html-control
cve-2018-0802
VirusTotal metadata
First submission
2018-04-03 13:08:57 UTC ( 1 year ago )
Last submission
2018-08-07 06:59:43 UTC ( 8 months, 2 weeks ago )
| File names |
sage_invoice93484324.doc |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!