× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72b14306c9f95536d03d88cf63204f70630dd9cd00664ad7f86c1d774c8508e9
File name: Virus.doc
Detection ratio: 35 / 58
Analysis date: 2018-04-03 13:57:20 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Exploit.RTF-ObfsStrm.Gen 20180403
AhnLab-V3 RTF/Exploit 20180403
Antiy-AVL Trojan[Exploit]/RTF.Obscure.Gen 20180403
Arcabit Exploit.RTF-ObfsStrm.Gen 20180403
Avast RTF:Agent-F [Expl] 20180403
AVG RTF:Agent-F [Expl] 20180403
Avira (no cloud) TR/Agent.Elmo.pgli.181 20180403
Baidu Win32.Exploit.Agent.k 20180403
BitDefender Exploit.RTF-ObfsStrm.Gen 20180403
CAT-QuickHeal Exp.RTF.CVE-2012-0158.A 20180403
ClamAV Rtf.Dropper.Agent-1641465 20180403
Comodo Exploit.Win32.Agent.A 20180403
DrWeb Exploit.Rtf.135 20180403
Emsisoft Exploit.RTF-ObfsStrm.Gen (B) 20180403
ESET-NOD32 Win32/Exploit.Agent.NKP 20180403
F-Secure Exploit.RTF-ObfsStrm.Gen 20180403
GData Exploit.RTF-ObfsStrm.Gen 20180403
Ikarus Exploit.RTF-ObfsStrm 20180403
K7AntiVirus Trojan ( 0001140e1 ) 20180403
K7GW Trojan ( 0001140e1 ) 20180403
Kaspersky HEUR:Exploit.MSWord.Generic 20180403
MAX malware (ai score=98) 20180403
McAfee Exploit-RTF 20180403
McAfee-GW-Edition Exploit-RTF 20180403
eScan Exploit.RTF-ObfsStrm.Gen 20180403
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn 20180403
Qihoo-360 heur.rtf.obfuscated.1 20180403
Rising Exploit.ExKit!1.A9A8 (CLASSIC) 20180403
Sophos AV Troj/DocDrop-FK 20180403
Symantec Trojan.Mdropper 20180403
Tencent Word.Exploit.Generic.Hsse 20180403
TrendMicro TROJ_CVE20151641.AIW 20180403
TrendMicro-HouseCall TROJ_CVE20151641.AIW 20180403
ZoneAlarm by Check Point HEUR:Exploit.MSWord.Generic 20180403
Zoner Probably RTFBadVersion 20180403
AegisLab 20180403
Alibaba 20180403
ALYac 20180403
Avast-Mobile 20180403
AVware 20180403
Bkav 20180403
CMC 20180403
Cylance 20180403
Cyren 20180403
Endgame 20180403
F-Prot 20180403
Fortinet 20180403
Sophos ML 20180121
Jiangmin 20180403
Kingsoft 20180403
Malwarebytes 20180403
Microsoft 20180403
nProtect 20180403
Palo Alto Networks (Known Signatures) 20180403
Panda 20180403
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180403
Symantec Mobile Insight 20180401
TheHacker 20180330
Trustlook 20180403
VBA32 20180403
VIPRE 20180403
ViRobot 20180403
WhiteArmor 20180324
Yandex 20180403
Zillya 20180402
The file being studied is a Rich Text Format file! RTF is a proprietary document file format with published specification developed by Microsoft Corporation since 1987 for Microsoft products and for cross-platform document interchange.
Document properties
Non ascii characters
479410
Embedded drawings
0
Rtf header
rtvpn
Default ansi codepage
Cyrillic
Generator
Msftedit 5.41.15.1507
Read only protection
False
User protection
False
Default character set
ANSI
Custom xml data properties
0
Dos stubs
0
Objects
OLE embedded (Word.Document.12)
OLE control (Word.Document.12)
OLE embedded (Word.Document.12)
OLE embedded (Word.Document.12)
OLE embedded (Word.Document.12)
OLE embedded (Word.Document.12)
Embedded pictures
0
Longest hex string
35136
Default languages
Russian, Arabic - Saudi Arabia
File identification
MD5 99289be18f8eff90737733fd7e1255c6
SHA1 736c1b31cb3735f301d8cd4981c24ad70d017083
SHA256 72b14306c9f95536d03d88cf63204f70630dd9cd00664ad7f86c1d774c8508e9
ssdeep
24576:kbKw4bfMpV7ceKPvi14LEt5k/W0DPwCna++V8TQheoP:TwOMAtPq18Et5k+qH+GTQZ

File size 1.1 MB ( 1162424 bytes )
File type Rich Text Format
Magic literal
data

TrID Unknown!
Tags
ole-embedded rtf cve-2015-1641 cve-2012-0158 ole-control exploit attachment

VirusTotal metadata
First submission 2016-03-15 10:05:05 UTC ( 2 years, 4 months ago )
Last submission 2018-04-03 13:57:20 UTC ( 3 months, 2 weeks ago )
File names dd23599cb51d6b508ececc76e6d4d5da60618926
Virus.doc
schet1074.15.03.16.doc.infected
schet1074.15.03.16.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!