08fc0df9...6ff8 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Exploit
Downloader
Spyware
Threat Names:
MailPassView
Exploit.RTF-ObfsObjDat.Gen
Gen:Variant.Ser.MSILPerseus.3740
...

gymhei.rtf

RTF Document

Created at 2020-03-09T01:30:00

...

Remarks (1/1)

(0x02000010): The operating system was rebooted during the analysis.

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\gymhei.rtf Sample File RTF
Malicious
...
»
Mime Type text/rtf
File Size 3.69 KB
MD5 800bbc469213a096ca2756a8ffd795b2 Copy to Clipboard
SHA1 14e05f21dc89b493c287c479422f57fcbd52f756 Copy to Clipboard
SHA256 08fc0df9273e8860da43897a2b9ae7a989c47c1a27ef93126e3ffd2615f26ff8 Copy to Clipboard
SSDeep 48:w8HzYE/14NASLDiscaYwnhGkJoq1j2s4g9Q892qAcZczwcLEbRFUdHaAGs7GSq:ZzYE/1PULaANb3xZmwcwbRFUdHaY7Jq Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Office Information
»
Controls (1)
»
CLSID Control Name Associated Vulnerability
{00021700-0000-0000-C000-000000000046} Equation3 CVE-2017-11882
Local AV Matches (1)
»
Threat Name Severity
Exploit.RTF-ObfsObjDat.Gen
Malicious
C:\Users\aETAdzjz\AppData\Roaming\poiuytrewsdfghjk.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Users\aETAdzjz\AppData\Roaming\poiuytrewsdfghjk.exe (Downloaded File)
C:\Users\aETAdzjz\AppData\Roaming\urhatNqflNdYH.exe (Downloaded File)
Parent File analysis.pcap
Mime Type application/vnd.microsoft.portable-executable
File Size 1.15 MB
MD5 7309330e2e9f3800b1b198992a42e7a5 Copy to Clipboard
SHA1 897a666aa994781d5f64ea746d19ec1876aea5ad Copy to Clipboard
SHA256 daac75df0b8e08e4007f3424e99dbbfedaa87ed8981c9ca04c77baf217a66e53 Copy to Clipboard
SSDeep 24576:EGfkkY5HlsfC03+a8RT9HNmuTeOQBduDOi3yU:kdH+fCYTONmketSDZ Copy to Clipboard
ImpHash -
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ser.MSILPerseus.3740
Malicious
C:\Users\aETAdzjz\AppData\Local\Temp\tmp139F.tmp Dropped File Text
Whitelisted
...
»
Mime Type text/plain
File Size 2 Bytes
MD5 f3b25701fe362ec84616a93a45ce9998 Copy to Clipboard
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb Copy to Clipboard
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 Copy to Clipboard
SSDeep 3:Qn:Qn Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\aetadzjz\appdata\roaming\microsoft\windows\ietldcache\index.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 256.00 KB
MD5 8ed682d01fa076cced515bf6b21ba022 Copy to Clipboard
SHA1 e69667b35d101d9cd052697da198c40a88e16e74 Copy to Clipboard
SHA256 4abb12ce35853bda9c190e84a3329ab50701e035b92436eba8f4ddf9b96e4e6c Copy to Clipboard
SSDeep 384:p8JEJHPiHzw9qthimENkKHK0M/kWJAm0yvCUW0TT0nufeuP6DYAfIc1FAPEOyAa2:pTHPUpI2djFQ7JNAocaKTbUZUzx3S Copy to Clipboard
ImpHash -
C:\Users\aETAdzjz\AppData\Local\Temp\32f4c789-19cd-4310-170a-5756ff13bdf0 Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 88 Bytes
MD5 b391a4276a7d3334241ca08aaab6da7c Copy to Clipboard
SHA1 96722dcd09001cfa1d2e9bd9e9b03a2fda6e8e27 Copy to Clipboard
SHA256 6d4aed382eb9502afe06035735ea7f8cfc71b73320627c76d461c3babf88231f Copy to Clipboard
SSDeep 3:4aRrWhd6xYwpYFm3wiXk/CX:prUaYwpFh9X Copy to Clipboard
ImpHash -
C:\Users\aETAdzjz\AppData\Local\Temp\tmpD0F4.tmp Dropped File Text
Unknown
...
»
Also Known As C:\Users\aETAdzjz\AppData\Local\Temp\tmp118.tmp (Dropped File)
Mime Type text/xml
File Size 1.60 KB
MD5 ed0cd55fefc80ba825fdd94096cfe6aa Copy to Clipboard
SHA1 083322c6b4e404d7ba22ec2e9d8b5bd65a355bb7 Copy to Clipboard
SHA256 1a99743dfb94e5e6373af54817d5cf6844cd646e901127087b81908bfecafe08 Copy to Clipboard
SSDeep 24:2dH4+SEqCH7wlNMFo/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBJBtn:cbhH7wlNQo/rydbz9I3YODOLNdq3vT Copy to Clipboard
ImpHash -
C:\Users\aETAdzjz\AppData\Local\Temp\d2b24b39-a0dd-85cb-81d9-1a92584567e6 Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 88 Bytes
MD5 c6795ee2cc5cc8629cd344567b97de12 Copy to Clipboard
SHA1 33c97692a8c630b85c5fa8cdbfbc8abde8b3f8e4 Copy to Clipboard
SHA256 d8f83b29f6cc094a4a96ea6c28763ae1412128394d7a2c0cbb1afb68b33d55b8 Copy to Clipboard
SSDeep 3:4aRrWhd6xYzuwsjJ1RWc1W0P:prUaYi71T1T Copy to Clipboard
ImpHash -
C:\Users\aETAdzjz\AppData\Local\Temp\tmp915.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 499 Bytes
MD5 7fae1c43adaa0a17dc380f77a12b9f9d Copy to Clipboard
SHA1 d35a5ffa0e94adc8a7434f16cccdb6413c69d877 Copy to Clipboard
SHA256 bd59c6f189c3eaa095055c67110df28fa18d36bb69659c62bb5c3c0fb55f6824 Copy to Clipboard
SSDeep 6:QAXyNqU8eTpvPADAwzRIj0FSAbkdBGezRSPMMPpnDWm2cnDWAwb:Qjb8CvPADzRIn1BGe9SxPtyeyAwb Copy to Clipboard
ImpHash -
Equation3_1 Embedded File Stream
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\gymhei.rtf
Mime Type application/octet-stream
File Size 1.52 KB
MD5 9947dc3e3a67dab6084121064fb9b1aa Copy to Clipboard
SHA1 a3ef1a0f4001dc5c031c2725a13ff4849bc1f776 Copy to Clipboard
SHA256 7b4f483fec4fa044ae212932fc903e2c0a47a1b7bd4167fddef463fd4308df8e Copy to Clipboard
SSDeep 24:UKhp7Puwewm5mGUlN/IYqXZMDEMc1TPr+umWOfEK5JO+Nm:vr7uwewm5P2N/7Kz+EK5JO+Nm Copy to Clipboard
ImpHash -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image