MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff23451671f17a91f859182de5787439f2fb4ee3e33de8aba58bf7ce0ab786a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ff23451671f17a91f859182de5787439f2fb4ee3e33de8aba58bf7ce0ab786a8
SHA3-384 hash:	d7184233adda26ec69358588ed86f4c50fa2274007bd96cdbea7abfb6007e9c5fb6c2ac0de37d58a90e9a9ec038f6133
SHA1 hash:	7dcab0dce4518a01104cec6eefcc2e0e1d8fdb7c
MD5 hash:	d3af9fb77865745207a08e16c484c565
humanhash:	two-fillet-echo-mars
File name:	svch.dot
Download:	download sample
File size:	11'458 bytes
First seen:	2021-04-21 17:48:48 UTC
Last seen:	Never
File type:	unknown
MIME type:	application/octet-stream
ssdeep	192:EYTm5m0LI0WeUhrCZGRQflhIpyoTXUpqKQOrH9JafgRfyjkbBEDfAJ2BOtT4cU7h:EacmB0WeX/2OpqKQOL9JayKj2woJoyMh
TLSH	98329EAC3ED56A7D8BE812B17BA51A56010D3E2C3F0A75B5790C22D0AFC5237E742C62
Reporter	info_sec_ca
Tags:	CVE-2017-11882 dot

Intelligence

File Origin

# of uploads :

1

# of downloads :

66

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Spam-473.UNOFFICIAL

Sanesecurity.Malware.27333.RtfHeur.BadVer.UNOFFICIAL

SecuriteInfo.com.FakeRTF-1.UNOFFICIAL

Sanesecurity.Malware.26244.RtfHeur.UNOFFICIAL

MiscreantPunch.RTF.EvilRTF.CVE-2017-0199-Obfus.UNOFFICIAL

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ff23451671f17a91f859182de5787439f2fb4ee3e33de8aba58bf7ce0ab786a8/

Threat name:

Document-RTF.Exploit.CVE-2017-11882

Status:

Malicious

First seen:

2021-04-21 18:15:41 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/ff23451671f17a91f859182de5787439f2fb4ee3e33de8aba58bf7ce0ab786a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown ff23451671f17a91f859182de5787439f2fb4ee3e33de8aba58bf7ce0ab786a8

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1150732/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample