Mal/HTMLGen-A | 8badd7a5fe07

C:\Users\kEecfMwgj\Desktop\Bank details.doc.rtf

Sample File

RTF

»

MIME Type	text/rtf
File Size	89.66 KB
MD5	ed242be953e58e86d97af7f85e2959ce
SHA1	a48f55176bb38dbe83f99b64035407bae95fbeb9
SHA256	8badd7a5fe0794d035783f9afcb7fc3af9a354f3cfb96acb080d3fb53658bb03
SSDeep	768:KwAbZSibMX9gRWjawP6x05z1g7H/weVsKsb0xtfiY7XOFvIas:KwAlR5wSUGH/sQxtfiY7XOFvIas
ImpHash	-

File Reputation Information

»

Verdict

Malicious

Office Information

»

Document Content Snippet

»

40582139please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver

C:\Users\kEecfMwgj\AppData\Roaming\nellyadh476528.exe

Downloaded File

Binary

»

Also Known As	c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\nellyzx[1].exe (Downloaded File, Extracted File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	576.00 KB
MD5	fc7ab7f0b03e4c4ea5c3315736328dd4
SHA1	3cd67957a043d5d5d824aa65bee6eab163cff5b1
SHA256	a636769bcc6e11b5a9be209faa164fc778df5ee6e34ae53a6eeb440314f79929
SSDeep	12288:g9J8Bs0b3AU/4K6HivrnChdeKe4x3lqhuobhfryFH1:g9y0hKSxdRrqEoblryFV
ImpHash	-

PE Information

»

Image Base	0x00400000
Size Of Code	0x0008F2DA
Size Of Initialized Data	0x00000A00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	2023-08-12 16:06 (UTC+2)

Version Information (9)

»

CompanyName	耳麻考青羊閑吾
FileDescription	羊閑吾貝自風羊鼠而邑老考馬自豕羽黽羊自風自田自鬼自非自閑.
FileVersion	1.8.4.7
InternalName	羊豸羽麥考黽而
LegalCopyright	© 2023 耳麻考青羊閑吾 .
OriginalFilename	羊龠羊馬老身自龍
ProductName	羽四羊非而隹羽
ProductVersion	1.8.4.7
Comments	至辵自走老鹿吾革考邑羽金吾目老二至九至鬼老田羽隹羊四自早耳鹿考馬老十自鳥老麻羽.

Sections (2)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x0008F2DA	0x0008F400	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	8.0
.rsrc	0x00492000	0x00000974	0x00000A00	0x0008F600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.96

Memory Dumps (4)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
nellyadh476528.exe	3	0x00D60000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	3	0x003C0000	0x003C1FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	3	0x02319928	0x0231992A	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
nellyadh476528.exe	3	0x00D60000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump

UNKNOWN_1

Extracted File

Stream

»

Parent File	C:\Users\kEecfMwgj\Desktop\Bank details.doc.rtf
MIME Type	application/octet-stream
File Size	1.63 KB
MD5	2eebb9cc750e134ead748bf53a7aea1e
SHA1	24352c1b8a1eb5db794130f6110ec00f9831fa8d
SHA256	905867a0cc20d4662917009832accccf883d327487ef6a2e5cf8c6d249e4d55d
SSDeep	24:PM3+9+Bl0z+tlBfj2dEdBI187JgCIIR1xho1V4pPitqKEx1+h3ss5pnYn:K+MHJa857JgQxho1unp1u5BY
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information