a7aae835...4d15 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Downloader, Spyware, Backdoor, Exploit

a7aae83573aa9a682ce9733468882e841564f41ec4aa004cb795b98fd4834d15 (SHA256)

SS BRAID PO.doc.rtf

RTF Document

Created at 2018-09-05 20:13:00

...

Notifications (2/2)

The maximum number of reputation URL requests (25 per analysis) was exceeded. As a result, the reputation status could not be queried for all contacted URLs. In order to get the reputation status for all contacted URLs, please increase the 'Max URL Requests' setting in the system configurations.

The overall sleep time of all monitored processes was truncated from "16 minutes, 44 seconds" to "2 minutes, 10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\SS BRAID PO.doc.rtf Sample File Text
Blacklisted
...
»
Mime Type text/rtf
File Size 385.86 KB
MD5 02b6f049f4d8246ee982d8c34a160311 Copy to Clipboard
SHA1 088ed5abd0edda72a846ddcec24fceeafe394188 Copy to Clipboard
SHA256 a7aae83573aa9a682ce9733468882e841564f41ec4aa004cb795b98fd4834d15 Copy to Clipboard
SSDeep 6144:F4onJC0hW+WeUu34wHH63enY8mti3o9QFXiNb0ejUFp:qStQSv/2e9mtIOQ1iNTE Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-09-05 04:25 (UTC+2)
Last Seen 2018-09-05 20:59 (UTC+2)
Names Document-Word.Exploit.CVE-2017-11882
Families CVE-2017-11882
Classification Exploit
C:\Users\aETAdzjz\AppData\Roaming\jsjhdhdhdhjfjhhf.exe Modified File Binary
Suspicious
...
»
Also Known As C:\Users\aETAdzjz\AppData\Roaming\jsjhdhdhdhjfjhhf.exe (Created File)
Mime Type application/x-dosexec
File Size 1.07 MB
MD5 e2c7b5d78675bbccc85af58db4711648 Copy to Clipboard
SHA1 f9865f7d0fa19d942aa9be0a57580af0c7ad07f1 Copy to Clipboard
SHA256 411ad7a95a34da04211b3887c3c2ab4b08359363fb1c4baf22fb323af6d9e408 Copy to Clipboard
SSDeep 12288:7KrQPt9tEZjhY8LbbEjLQvJ2o/X8FMidEdwccqA5LboI5dg7taDncJGM:2EtkbwjaMo/sFDdewV5t5duADcJGM Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2018-09-05 04:34 (UTC+2)
Last Seen 2018-09-05 18:30 (UTC+2)
Names Win32.Trojan.Injector
Families Injector
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x5143ee
Size Of Code 0x112400
Size Of Initialized Data 0xa00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 1993-04-04 10:19:39+00:00
Version Information (10)
»
Assembly Version 0.0.0.0
LegalCopyright Copyright © 2018 M & T Bank Corporation
InternalName ORDER#mm.exe
FileVersion 17.4.20.2
CompanyName M & T Bank Corporation
Comments olikeqogumugiyewuzamah
ProductName Andersen Consulting
ProductVersion 17.4.20.2
FileDescription Andersen Consulting
OriginalFilename ORDER#mm.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x1123f4 0x112400 0x200 cnt_code, mem_execute, mem_read 6.55
.rsrc 0x516000 0x630 0x800 0x112600 cnt_initialized_data, mem_read 4.66
.reloc 0x518000 0xc 0x200 0x112e00 cnt_initialized_data, mem_discardable, mem_read 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1143c0 0x1125c0 0x0
C:\Users\aETAdzjz\AppData\Roaming\pid.txt Created File Text
Whitelisted
...
»
Mime Type text/plain
File Size 0.00 KB
MD5 320722549d1751cf3f247855f937b982 Copy to Clipboard
SHA1 7fdec83a2662ffe53af456402cbaeafa380b15b4 Copy to Clipboard
SHA256 88820462180e5c893eff2ed73f4ec33e205d1cd5acc4d17fa7b2bca2495d3448 Copy to Clipboard
SSDeep 3:QV:QV Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-05-30 00:20 (UTC+2)
Last Seen 2018-08-07 19:58 (UTC+2)
c:\users\aetadzjz\appdata\roaming\microsoft\windows\ietldcache\index.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 256.00 KB
MD5 8ed682d01fa076cced515bf6b21ba022 Copy to Clipboard
SHA1 e69667b35d101d9cd052697da198c40a88e16e74 Copy to Clipboard
SHA256 4abb12ce35853bda9c190e84a3329ab50701e035b92436eba8f4ddf9b96e4e6c Copy to Clipboard
SSDeep 384:p8JEJHPiHzw9qthimENkKHK0M/kWJAm0yvCUW0TT0nufeuP6DYAfIc1FAPEOyAa2:pTHPUpI2djFQ7JNAocaKTbUZUzx3S Copy to Clipboard
c:\users\aetadzjz\appdata\local\gdipfontcachev1.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 109.69 KB
MD5 8c07b597e04adb6ef1c7a91e611668d8 Copy to Clipboard
SHA1 03bfce03604869383ecb864c4d8ab9b99d4af8c8 Copy to Clipboard
SHA256 63304f19e0ad5ec509b7e5484ec4074b451db2379f2838de3b4b2c14c8b6dd8c Copy to Clipboard
SSDeep 1536:A2cnwUXHgTlmIUxyX337I5NZjP4LMLzZ5KsLJ:PTArrHvLJ Copy to Clipboard
C:\Users\aETAdzjz\AppData\Roaming\pidloc.txt Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.05 KB
MD5 87819f6ce8eada938d45a0a19258bb58 Copy to Clipboard
SHA1 28cab071479d4d2ebeda3662a66b58f220ecf7f6 Copy to Clipboard
SHA256 3d1d10f3d9b4de9aefc08608f20c0c0c789bf430b73cb2fa0d20b8b575075aa7 Copy to Clipboard
SSDeep 3:oNJxzp4EaKC5uhDPfQC:oN/zpJaZ5uiC Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image