× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c87b713f8416ba47ab9c02d5d2fe51eb3d1ee1c7c663db0f159512612a20a8d3
File name: tuemoney.doc
Detection ratio: 33 / 57
Analysis date: 2019-01-08 17:43:32 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Exploit.CVE-2017-11882.Gen 20190108
AhnLab-V3 OLE/Cve-2017-11882.Gen 20190108
ALYac Exploit.CVE-2017-11882.Gen 20190108
Arcabit Exploit.CVE-2017-11882.Gen 20190108
Avast Win32:ShellCode [Expl] 20190108
AVG Win32:ShellCode [Expl] 20190108
Avira (no cloud) EXP/CVE-2017-11882.Gen 20190108
BitDefender Exploit.CVE-2017-11882.Gen 20190108
CAT-QuickHeal Exp.RTF.CVE-2017-0199.AO 20190107
ClamAV Rtf.Exploit.CVE_2017_11882-6584355-0 20190108
Cyren CVE-2017-11882.C.gen!Camelot 20190108
DrWeb Exploit.ShellCode.69 20190108
Emsisoft Exploit.CVE-2017-11882.Gen (B) 20190108
ESET-NOD32 probably a variant of Win32/Exploit.CVE-2017-11882.A 20190108
F-Secure Exploit:W97M/CVE-2017-0199.B 20190108
Fortinet MSOffice/CVE_2017_11882.BB!exploit 20190108
GData Generic.Exploit.CVE-2017-0199.E 20190108
Ikarus Exploit.CVE-2017-11882 20190108
Kaspersky HEUR:Exploit.MSOffice.Generic 20190108
MAX malware (ai score=81) 20190108
McAfee CVE2017-11882.bb!215C4389A249 20190108
McAfee-GW-Edition CVE2017-11882.bb!215C4389A249 20190108
Microsoft Exploit:O97M/CVE-2017-11882.L 20190108
eScan Exploit.CVE-2017-11882.Gen 20190108
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn 20190108
Qihoo-360 virus.exp.21711882.d 20190108
Rising Exploit.CVE-2017-11882!1.B40D (CLASSIC) 20190108
Sophos AV Troj/RtfExp-EQ 20190108
Symantec Exp.CVE-2017-11882!g3 20190108
TACHYON Trojan-Exploit/RTF.CVE-2017-11882 20190108
TrendMicro Trojan.W97M.CVE201711882.SMD 20190108
TrendMicro-HouseCall Trojan.W97M.CVE201711882.SMD 20190108
ZoneAlarm by Check Point HEUR:Exploit.RTF.Agent.gen 20190108
Acronis 20181227
AegisLab 20190108
Alibaba 20180921
Antiy-AVL 20190108
Avast-Mobile 20190108
Babable 20180918
Baidu 20190108
Bkav 20190108
CMC 20190107
Comodo 20190108
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20190108
eGambit 20190108
Endgame 20181108
F-Prot 20190108
Sophos ML 20181128
Jiangmin 20190108
K7AntiVirus 20190108
K7GW 20190108
Kingsoft 20190108
Malwarebytes 20190108
Palo Alto Networks (Known Signatures) 20190108
Panda 20190108
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
Tencent 20190108
TheHacker 20190106
Trapmine 20190103
Trustlook 20190108
VBA32 20190108
ViRobot 20190108
Webroot 20190108
Yandex 20181229
Zillya 20190105
Zoner 20190108
The file being studied is a Rich Text Format file! RTF is a proprietary document file format with published specification developed by Microsoft Corporation since 1987 for Microsoft products and for cross-platform document interchange.
Document properties
Non ascii characters
0
Embedded drawings
0
Rtf header
rtf
Read only protection
False
User protection
False
Default character set
ANSI (default)
Custom xml data properties
0
Dos stubs
0
Objects
OLE autolink
Embedded pictures
0
Longest hex string
8284
ExifTool file metadata
MIMEType
text/rtf

FileType
RTF

Warning
Unspecified RTF encoding. Will assume Latin

FileTypeExtension
rtf

File identification
MD5 9d8143947667fe8eea596c1d85587f80
SHA1 29fcd4e77b0478f6ebd192f88bde4dd90fdc1b82
SHA256 c87b713f8416ba47ab9c02d5d2fe51eb3d1ee1c7c663db0f159512612a20a8d3
ssdeep
96:I8BhvxZdAKX1JG01tyDm8fAwrpbcAWCcIbsCaroj7AWmD/2rZ+3SEE:Is5xZdNJG0XyDmmtP0IbsChOD/WZ+e

File size 8.2 KB ( 8351 bytes )
File type Rich Text Format
Magic literal
Rich Text Format data, unknown version

TrID file seems to be plain text/ASCII (0.0%)
Tags
exploit rtf cve-2017-11882 cve-2017-0199 ole-autolink

VirusTotal metadata
First submission 2019-01-08 17:43:32 UTC ( 3 months, 1 week ago )
Last submission 2019-01-08 17:43:32 UTC ( 3 months, 1 week ago )
File names tuemoney.doc
ExifTool file metadata
MIMEType
text/rtf

FileType
RTF

Warning
Unspecified RTF encoding. Will assume Latin

FileTypeExtension
rtf

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!