MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e946fa472af2cd0b449fe857b961941d374e75d66783e2f14cddc865f7dee646. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 2 File information Comments

SHA256 hash:	e946fa472af2cd0b449fe857b961941d374e75d66783e2f14cddc865f7dee646
SHA3-384 hash:	a1baefa22d4e866ca50be955a1850917be313976840095b039d75b0fddd6e93aae232a91ae95a6edfdd32da6f472724f
SHA1 hash:	1610acd9416713c285426ce09f4b5032363e401b
MD5 hash:	dba69da87a497561022dff1ec7b1631c
humanhash:	aspen-double-crazy-quebec
File name:	invoice.wbk
Download:	download sample
File size:	15'471 bytes
First seen:	2021-09-16 12:26:27 UTC
Last seen:	Never
File type:	unknown
MIME type:	application/octet-stream
ssdeep	384:NMzb6DhPZDdhxblSD1IhGwkgvOTPpH7ADshM+sR+r21/K:S6DrjSD1IhGwkgvOp7ADsDsIH
TLSH	T16362F8BDE99B529DCF977AA0270E5B4C134C321E678860733A3C53746BD6867462387C
Reporter	info_sec_ca
Tags:	CVE-2017-11882 wbk

Intelligence

File Origin

# of uploads :

# of downloads :

140

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Spam-473.UNOFFICIAL

Sanesecurity.Malware.27333.RtfHeur.BadVer.UNOFFICIAL

SecuriteInfo.com.FakeRTF-1.UNOFFICIAL

Sanesecurity.Malware.26244.RtfHeur.UNOFFICIAL

MiscreantPunch.RTF.EvilRTF.CVE-2017-0199-Obfus.UNOFFICIAL

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6175227ddb358dd15ed927c7/reports/9612c570-821f-42c6-98e9-22de47d3eacc/overview

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e946fa472af2cd0b449fe857b961941d374e75d66783e2f14cddc865f7dee646/

Threat name:

Document-RTF.Exploit.CVE-2017-11882

Status:

Suspicious

First seen:

2021-09-15 09:05:16 UTC

AV detection:

13 of 28 (46.43%)

Threat level:

5/5

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e946fa472af2/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/e946fa472af2cd0b449fe857b961941d374e75d66783e2f14cddc865f7dee646

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_RTF_MalVer_Objects Create hunting rule
Author:	ditekSHen
Description:	Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.

Rule name:	SUSP_RTF_Header_Anomaly_RID2F7F Create hunting rule
Author:	Florian Roth
Description:	Detects malformed RTF header often used to trick mechanisms that check for a full RTF header
Reference:	https://twitter.com/ItsReallyNick/status/975705759618158593

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown e946fa472af2cd0b449fe857b961941d374e75d66783e2f14cddc865f7dee646

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1624929/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample