Cryptam // document analysis



Sample Details

original filename: aircanada_eticket_820910108.doc

size: 446800 bytes
submitted: 2014-03-19 15:08:32
md5: af17892aa82b48282d956adeb5e70e65
sha1: bc9963b91511291343a651ce93f81d6a219cf0aa
sha256: eda6764f859e1112977569cb9f50dfe99a015aebb0c88fca2b6cad3c91b6c55d
ssdeep: 6144:fV/+XEhXr7UEC7c6QpYUKnrPFvkcmr4S9oIb2qs+R1pZVOJ5RUmbkA:f59oIbPXnbOJ5Gm5
content/type: Rich Text Format data, version 1, ANSI
analysis time: 585.55 s
result: malware [2923]
embedded file objects: yes

signature hits:

embedded.file datastore-16851 9516c93a2d7604dc3941e326744bb164
datastore-16851.embedded.file activeX37.xml e9f8bd38512b5e6224f7bbe68cb5dead
datastore-16851.activeX37.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX19.xml 9270fbfc67c607aebbf40aac13550219
datastore-16851.activeX19.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX61.xml 7a2668d05f709d22e1608c4601712d3b
datastore-16851.activeX61.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX62.xml d89bc8996a64bcd2de7f8ecfb99e68cc
datastore-16851.activeX62.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX35.xml a86091a49d64643babd5b02a416796e1
datastore-16851.activeX35.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX104.xml 31c8a7e0912cbd33c0d3dfc3e9236427
datastore-16851.activeX104.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX38.xml f0254e77a3a7f2d7bd64b451663fa9d4
datastore-16851.activeX38.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX58.xml 2940aa6f67c54b6282581597e6bb2875
datastore-16851.activeX58.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX129.xml 2a5a238b5b5fda827e97e325fa35f942
datastore-16851.activeX129.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX18.xml 2ed291c38ea43af28ab51e3bdef89a43
datastore-16851.activeX18.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX97.xml 5410da7d4fc802be0e7d5324e1307cb9
datastore-16851.activeX97.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX70.xml 39a65ad2d579c783fa4548e0956c1958
datastore-16851.activeX70.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX77.xml c83a01a034fe0fa23c941645ad826391
datastore-16851.activeX77.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX137.xml 0b3105bfba1e9ee5793546a0b17f28e5
datastore-16851.activeX137.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX109.xml 7fd97f21d6e783c403df9dcdb85af2d9
datastore-16851.activeX109.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX74.xml 60b3107b8de615c2bc9abea2c9fa2577
datastore-16851.activeX74.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX23.xml c31d0d4301a78fa54fc7fbbc3294b962
datastore-16851.activeX23.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX106.xml 32dd7782924b39e1d4cd3f9c8331b8f7
datastore-16851.activeX106.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX85.xml a6e74e22519588d79e95fc5360296c92
datastore-16851.activeX85.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX125.xml ea0efa259cf82027d1ccd78f24dc67bc
datastore-16851.activeX125.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX25.xml e4eaa1da63b8bcd337c3015d268ce704
datastore-16851.activeX25.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX127.xml 4add6f6484902515e71c66c9057a8c91
datastore-16851.activeX127.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX144.xml 9ba347b89c23af4d94df84992f83bae0
datastore-16851.activeX144.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX41.xml f3ccd1991314fedf4c498e699a092291
datastore-16851.activeX41.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX21.xml 88718b862435c055fd6719f23859ec2b
datastore-16851.activeX21.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX123.xml f924b1bb50ac9acbf726b374a4ea690f
datastore-16851.activeX123.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX135.xml da2df502b6ad9efcc109f93d5ca87553
datastore-16851.activeX135.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX128.xml e75b9509c6d0c500917b8e74e440ac05
datastore-16851.activeX128.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX147.xml b8e98b1c9c889aa923e1aed5036ba41a
datastore-16851.activeX147.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX141.xml 0214d9bb7b073a2defcf2fef801d3b2f
datastore-16851.activeX141.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX112.xml d3c0a27ab0c761369afd461dce50a417
datastore-16851.activeX112.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX15.xml 4d6c11a62e8d192dda7ae6738c52ea55
datastore-16851.activeX15.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX115.xml e654e6e0a30a6459e38d005b23921607
datastore-16851.activeX115.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX12.bin daacdd89a2b2798cac0903e3896c55ab
datastore-16851.embedded.file activeX56.xml c2caa6232443f8e0e2b6d89f45437c43
datastore-16851.activeX56.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX71.xml c0836f3a927955e486e50b10792e12ab
datastore-16851.activeX71.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX64.xml 195941139b5b5f38f865ee7c55d4a6b6
datastore-16851.activeX64.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX16.xml a42ba4d569c108db939d3f9c33601b30
datastore-16851.activeX16.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX138.xml a42968a2135b63d441e86d81a4d5cb8f
datastore-16851.activeX138.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX91.xml 8c6c5a64cce831ee23488d0b5d8f086c
datastore-16851.activeX91.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX93.xml 71dfde31ff0d8e23e551fa90868efb51
datastore-16851.activeX93.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX122.xml 88532e74fb34de2361e93b49cb7ca1fa
datastore-16851.activeX122.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX101.xml d7d5536f09266044dc6fd99ecd9f1ad6
datastore-16851.activeX101.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX149.xml cc821c45ce6e4a223f0bbc37675f23eb
datastore-16851.activeX149.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX75.xml e28981e9f3d5f5cf99286ed9fb6b8741
datastore-16851.activeX75.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX99.xml b86ef30610741c617be88a023f20aabb
datastore-16851.activeX99.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX95.xml 16f8360aa1147a0a793a508a16d4e4e5
datastore-16851.activeX95.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX152.xml 661770bb1a07b96b15cb4220581e40fa
datastore-16851.activeX152.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX146.xml a39b2f09c8556a22758c98798f3447fa
datastore-16851.activeX146.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX94.xml 3fb3b83e098998faae2c7e09bf79fc4c
datastore-16851.activeX94.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX66.xml 72cfbc2504c0ac153a5aa2eda33def19
datastore-16851.activeX66.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX110.xml 094578fdea51a7520ee5a16ecaa8314a
datastore-16851.activeX110.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX126.xml 6226bcdf00ab5852ca7a0a9c3fd83830
datastore-16851.activeX126.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX124.xml 4f2376f31b4447102aa89f06b835129a
datastore-16851.activeX124.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX82.xml 91e1c9588e0398c334566f9509cab2b6
datastore-16851.activeX82.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX51.xml c85f0b935231d467f7a8ad5fc4633a6e
datastore-16851.activeX51.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX102.xml 1a51d12c467275cdf63eb55ff90465b1
datastore-16851.activeX102.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX14.xml 87497baef832e25391839f8d4424e723
datastore-16851.activeX14.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX39.xml 7aa891f42c354e04f7f3e3253b305c03
datastore-16851.activeX39.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX118.xml 4aa60600bb09379cd1ccbea3b6b5d4cd
datastore-16851.activeX118.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX103.xml d4f73671d655ee53f1049f5ca50a7dd7
datastore-16851.activeX103.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX145.xml 7aaf66d1f92cec5a32d1b25ae76cc4fe
datastore-16851.activeX145.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX12.xml 2cd479469d73a9ff476c31fa9a981c2d
datastore-16851.activeX12.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX29.xml 490767870e5c65e7763e57c72c60d0b8
datastore-16851.activeX29.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX34.xml 7af4e56fd92d65fc8e7399612999168d
datastore-16851.activeX34.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX68.xml 219a7b5afc8f431bf571ae5bd24bbe52
datastore-16851.activeX68.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX133.xml 543aa1eb8b103ae590827bc06bc96aeb
datastore-16851.activeX133.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX88.xml 5abcb096091dbe91528aed720ecd0915
datastore-16851.activeX88.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX43.xml fc7c3d1f2130d7fb04d1e6e0154147a9
datastore-16851.activeX43.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX13.xml a45fe75cff21b0e63b2317f50c821ee5
datastore-16851.activeX13.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX53.xml 7a8ccf64ab3ef316e8ef35aaf31c7b91
datastore-16851.activeX53.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX80.xml 693f1dee0b9c39241a237d8e5fcd1f6b
datastore-16851.activeX80.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX31.xml af44d9dc557c47902b9e3916b8e638b4
datastore-16851.activeX31.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX116.xml 466e60d83616c965c89c52720fe4d65f
datastore-16851.activeX116.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX132.xml 3380bcbb23a4691c8ca38e24ec2a9a24
datastore-16851.activeX132.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX32.xml 5176b89edc7e6dea3e6036856ab66ce4
datastore-16851.activeX32.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX139.xml 003a2de3b179c51bc7aa7d1a4e7383bc
datastore-16851.activeX139.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX143.xml bb0a01339173ba2abc3a2173b2765617
datastore-16851.activeX143.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX36.xml 2cce042139aa855cd917d00cfeefe0a6
datastore-16851.activeX36.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX105.xml f69f68c5454e0b15a45eae7d803a7137
datastore-16851.activeX105.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX121.xml 6b2fba6e3d4a39bb1d896cffa2492d57
datastore-16851.activeX121.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX131.xml 186a31baba4afb0ac67e5538a96224fd
datastore-16851.activeX131.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX59.xml cee383181fa655f59372174a73bd07d6
datastore-16851.activeX59.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX113.xml bcc69008fccff29b484fde7ae2a5e207
datastore-16851.activeX113.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX111.xml f11dabedb1e2ff732bdb0d40b3a1a972
datastore-16851.activeX111.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX87.xml 0eedf6bdd0f9344df56e9442afdcfbdc
datastore-16851.activeX87.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX49.xml f0a5a3d33a2c6969e8fdf7db5d547edd
datastore-16851.activeX49.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX55.xml e0a4b5813152a9fd3631654fc21cef7b
datastore-16851.activeX55.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX96.xml e9d703a2786142493bffa16ec5110887
datastore-16851.activeX96.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX57.xml 9e87e2479265c01e868d8195e8447c0d
datastore-16851.activeX57.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX130.xml b7880a74a500d0a52ccf98e656c564d6
datastore-16851.activeX130.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX120.xml 1137b03e227f4d79bf8b516874b1050c
datastore-16851.activeX120.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX108.xml 3d4cc5cd17c87649ec0f56ef3593bb9a
datastore-16851.activeX108.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX148.xml 4a621a3e2a01135a436eb693521c6b69
datastore-16851.activeX148.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX107.xml 20e14b78e4633529be8686231576f1ed
datastore-16851.activeX107.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX117.xml 9d04a67a5e1f13e09cc62a72a53d6c1f
datastore-16851.activeX117.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX27.xml 1334e9fc12c51f3d87297f49e177e468
datastore-16851.activeX27.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX44.xml b83cf1a40d1fb6cebb5dce3eb5e34c0d
datastore-16851.activeX44.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX28.xml 7352e9609a3cabb0ee8b3e2452616c8e
datastore-16851.activeX28.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX22.xml 13394d4ffcccf8746ff163b3b10a56eb
datastore-16851.activeX22.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX78.xml 931f3dc63ba920f53423baef34e4a07f
datastore-16851.activeX78.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX60.xml ea2ebd8292906f9dc9539930156ecee7
datastore-16851.activeX60.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX83.xml 08a898a6c7a372391b35deefab4bc33f
datastore-16851.activeX83.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX81.xml 393f3dfbc15f098157b4f9d56ae1ce13
datastore-16851.activeX81.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX90.xml fe3ddba60c0e1741a8aa8ca2d88a84e4
datastore-16851.activeX90.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX48.xml 7e42142edcd8b265e68cf2a7539fc344
datastore-16851.activeX48.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX100.xml eed864f23e42e73ff83b991383f868bc
datastore-16851.activeX100.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX151.xml 2ed22dfa6d474575172ab897cb8f55a1
datastore-16851.activeX151.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX24.xml cafad1572fd7274f03a6caf930f9bf72
datastore-16851.activeX24.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX33.xml f81e6016eb2899d3cd7142760830c922
datastore-16851.activeX33.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX69.xml 1213c4e4db99e3eaf1845c59c68c9bf3
datastore-16851.activeX69.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX72.xml 66119e860070e655ae459d8758f3e783
datastore-16851.activeX72.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX65.xml 41d795a3d10418ef82784da9c337a89b
datastore-16851.activeX65.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX40.xml 9646c2b94daac057c0829cea4757fd98
datastore-16851.activeX40.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX20.xml 1209bbf1ada0e8a84efe50447220b537
datastore-16851.activeX20.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX42.xml c7e366e607cce920b0a60f8b8e26f4ed
datastore-16851.activeX42.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX114.xml 48d9bc68aeecc00b251ad335c59f2262
datastore-16851.activeX114.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX46.xml c253751e11a6a54f9d2e4208950d28b9
datastore-16851.activeX46.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX54.xml 8ebed41798501d7b43bae63590581945
datastore-16851.activeX54.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX92.xml cac1c05cdc3019e96b88e3b774a9cec0
datastore-16851.activeX92.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX89.xml 8e0dc4cba9cf2ef26011f3a88e551b96
datastore-16851.activeX89.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX26.xml 598e75cb0555c06781f447e8f98511c7
datastore-16851.activeX26.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX50.xml acb42d55fd7e414438effb8202cf171b
datastore-16851.activeX50.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX79.xml db2089384de168342e71ce94b4fb1b9e
datastore-16851.activeX79.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX73.xml 1d6d4e8c97dd58e0d7bf54e8c81aaa13
datastore-16851.activeX73.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX119.xml f719c4332f14d728b5b15a1d91b3ab26
datastore-16851.activeX119.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX30.xml 8f746609688f77d93d82ce5b3959f864
datastore-16851.activeX30.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX76.xml b5a331e23bbd823c158990943145f495
datastore-16851.activeX76.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX84.xml ddf6c060a6d06511d0a7c4061a21c893
datastore-16851.activeX84.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX136.xml 20bb4f7755038c3cd6b109c5107c9676
datastore-16851.activeX136.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX47.xml 9fff52b291b123c71ef132ddf65431e0
datastore-16851.activeX47.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX150.xml a91bc0de89fc590eff1d9e435d87cb7e
datastore-16851.activeX150.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX45.xml 6a199a50c2dbf3fc4ce86285760578a6
datastore-16851.activeX45.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX17.xml 284dc5d9f8c206e7010da6c21fa39939
datastore-16851.activeX17.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX67.xml 25ae2f66990d4a5ac0e2742cc9856ada
datastore-16851.activeX67.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX142.xml f4e98d199346f91b5fe7be4e4e49bdd3
datastore-16851.activeX142.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX52.xml 4ef3f3d9f2ba056d121c0e5779ba97dc
datastore-16851.activeX52.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX98.xml cf6a930d1353c46f146c81d395eb2c33
datastore-16851.activeX98.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX134.xml a9d3cfe119d3d96249fa430f3c198426
datastore-16851.activeX134.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX63.xml 087cb09028df44db6e4fb5af126e3861
datastore-16851.activeX63.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX86.xml 29988ce178dfe5e56679db8265f3ebc7
datastore-16851.activeX86.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-16851.embedded.file activeX140.xml f730889b1ca88dc4d18527f01af5cdc5
datastore-16851.activeX140.xml.215: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
embedded.file datastore-361084 ffe34f1c70b367c65d9d758482f2a0eb
datastore-361084.1155: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs E
embedded.file datastore-393738 d8a8176ab9e7504d6af2b7216cc6ad1d
datastore-393738.664: exploit.office TIFF CVE-2013-3906 B
363454: exploit.office RTF MSCOMCTL.OCX RCE CVE-2012-0158 obs D
370306: exploit.office CVE-2010-3333 E
16794: obfuscation.office RTF embedded Word Document
393713: exploit.office RTF TIFF CVE-2013-3906 A


Strings

raw strings

Dropped Files

datastore-393738 at rtf
md5: d8a8176ab9e7504d6af2b7216cc6ad1d
sha1: d440f698fd666e11502635bf91ab8a8be3376ccc
sha256: dca454b88ece53b28d84fe6492a94a0b93c91be840d647e2a645fe5f4b8e1f39
view strings