× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a
File name: 200f7930de8d44fc2b00516f79033408ca39d610_rtf.rt
Detection ratio: 39 / 57
Analysis date: 2015-06-19 14:01:37 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
ALYac Exploit.DOC.CVE-2014-1761 20150619
AVG Exploit_c.ACAP 20150619
AVware Exploit.RTF.CVE-2014-1761.a (v) 20150619
Ad-Aware Exploit.CVE-2014-1761.A 20150619
Agnitum Exploit.CVE-2014-1761.A 20150618
AhnLab-V3 RTF/Cve-2014-1761 20150619
Arcabit Exploit.CVE-2014-1761.A 20150619
Avast RTF:CVE-2014-1761 [Expl] 20150619
Avira EXP/CVE-2014-1761.A 20150619
BitDefender Exploit.CVE-2014-1761.A 20150619
CAT-QuickHeal Exp.RTF.CVE-2014-1761 20150619
Comodo UnclassifiedMalware 20150619
Cyren CVE141761 20150619
DrWeb Exploit.Rtf.CVE2012-0158 20150619
ESET-NOD32 Win32/Exploit.CVE-2014-1761.C 20150619
Emsisoft Exploit.CVE-2014-1761.A (B) 20150619
F-Prot CVE141761 20150619
F-Secure Exploit:W32/CVE-2014-1761.A 20150619
Fortinet MSOffice/CVE_2014_1761.A!exploit 20150619
GData Exploit.CVE-2014-1761.A 20150619
Ikarus Exploit.CVE-2014-1761 20150619
Jiangmin Exploit.MSWord.CVE-2014-1761.a 20150618
K7AntiVirus Exploit ( 00495f081 ) 20150619
K7GW Exploit ( 00495f081 ) 20150619
Kaspersky Exploit.MSWord.CVE-2014-1761.a 20150619
McAfee Exploit-CVE2014-1761 20150619
McAfee-GW-Edition Exploit-CVE2014-1761 20150618
MicroWorld-eScan Exploit.CVE-2014-1761.A 20150619
Microsoft Exploit:Win32/CVE-2012-2539 20150619
NANO-Antivirus Exploit.Rtf.CVE-2014-1761.dgyrmk 20150619
Qihoo-360 virus.exp.20141761 20150619
Sophos Exp/20141761-A 20150619
Symantec Trojan.Mdropper 20150619
Tencent Word.Exploit.Cve-2014-1761.Lnyc 20150619
TrendMicro TROJ_ARTIEF.NSA 20150619
TrendMicro-HouseCall TROJ_ARTIEF.NSA 20150619
VIPRE Exploit.RTF.CVE-2014-1761.a (v) 20150619
Zillya Exploit.CVE.MacroWord.220 20150619
nProtect Exploit.CVE-2014-1761.A 20150619
AegisLab 20150619
Alibaba 20150619
Antiy-AVL 20150619
Baidu-International 20150619
Bkav 20150619
ByteHero 20150619
CMC 20150618
ClamAV 20150619
Kingsoft 20150619
Malwarebytes 20150619
Panda 20150619
Rising 20150618
SUPERAntiSpyware 20150619
TheHacker 20150619
TotalDefense 20150619
VBA32 20150619
ViRobot 20150619
Zoner 20150619
The file being studied is a Rich Text Format file! RTF is a proprietary document file format with published specification developed by Microsoft Corporation since 1987 for Microsoft products and for cross-platform document interchange.
Summary
Revision time
2014-03-08 03:09:00
Sidtbl
sid8596814sid8926214sid10110685
Author
ism{\\creatim\\yr2014\\mo3\\dy8\\hr3\\min9
Company
home{\\creatim\\yr2014\\mo3\\dy8\\hr3\\min9
3929
?;
Creation time
2014-03-08 03:09:00
Number of non whitespace characters
69
Operator
ismail - [2010]
Document properties
Non ascii characters
366022
Embedded drawings
20
Rtf header
rt
Read only protection
False
User protection
False
Default character set
ANSI (default)
Custom xml data properties
0
Dos stubs
0
Objects
OLE control (MSComctlLib.ImageComboCtl.2)
Embedded pictures
1
Longest hex string
16838
ExifTool file metadata
FileAccessDate
2015:02:17 16:20:22+01:00

FileCreateDate
2015:02:17 16:20:22+01:00

File identification
MD5 a2fe8f03adae711e1d3352ed97f616c7
SHA1 200f7930de8d44fc2b00516f79033408ca39d610
SHA256 e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a
ssdeep
12288:+/ONoJjU8KZXmr3itt76Zm743yQkb3RTZX5OEyWbhLro0UrttvNL7D3S:JeJjvMWpZm77pbBTcco0UrtzL7

File size 771.5 KB ( 790048 bytes )
File type Rich Text Format
Magic literal
data

TrID file seems to be plain text/ASCII (0.0%)
Tags
rtf cve-2012-0158 ole-control cve-2014-1761 exploit cve-2012-2539

VirusTotal metadata
First submission 2014-04-01 14:49:08 UTC ( 1 year, 3 months ago )
Last submission 2015-06-19 14:01:37 UTC ( 2 weeks, 2 days ago )
File names e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.bin
sample.doc
Word漏洞 CVE-2014-1761.RTF
Word漏洞 CVE-2014-1761.bin
CVE-2014-1761
vti-rescan
test.rtf
e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a
rtf.rt
e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.docx
a2fe8f03adae711e1d3352ed97f616c7.doc
hjhp
e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.bin.rtf
e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a from friends.bin
CVE-2014-1761.rtf
e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.rtf
live_sample.rtf
Hombres Mercurio.doc
CVE-2014-1761.docx
1.doc
200f7930de8d44fc2b00516f79033408ca39d610_rtf.rt
file-6840075_rtf
ms14-17.doc
CVE2014_1761_e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.doc
a2fe8f03adae711e1d3352ed97f616c7.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

ExifTool file metadata
FileAccessDate
2015:02:17 16:20:22+01:00

FileCreateDate
2015:02:17 16:20:22+01:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!