RTF Document Takes Advantage of CVE-2017-11882 Vulnerability   | Network
Try VMRay Analyzer
Connection Overview
Remarks
Critical The sample contacted only unknown URLs.

Remote Hosts (1)
-
Host Country City Protocols Reputation Status
doc2th.com (192.232.251.15) United States Houston HTTP, DNS, TCP
Unknown
URL (1)
-
URL Connection Successful Reputation Status
doc2th.com/tin/off.exe True
Unknown
Connections
DNS (1)
+
Operation Additional Information Success Count Logfile
Resolve Name host = doc2th.com, address_out = 192.232.251.15 True 1
Fn
HTTP Sessions (1)
+
Information Value
Total Data Sent 0.07 KB (71 bytes)
Total Data Received 232.23 KB (237802 bytes)
Contacted Host Count 1
Contacted Hosts doc2th.com
HTTP Session #1
+
Information Value
Server Name doc2th.com
Server Port 80
Data Sent 0.07 KB (71 bytes)
Data Received 232.23 KB (237802 bytes)
Operations
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = doc2th.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /tin/off.exe True 1
Fn
Send HTTP Request headers = host: doc2th.com, connection: Keep-Alive, url = doc2th.com/tin/off.exe True 1
Fn
Data
Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Read Response size = 65536, size_out = 8972 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 3508 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 2
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 20328 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 17424 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 30492 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 30492 True 1
Fn
Data
Read Response size = 54850, size_out = 15972 True 1
Fn
Data
Read Response size = 38878, size_out = 2904 True 1
Fn
Data
Read Response size = 35974, size_out = 24684 True 1
Fn
Data
Read Response size = 11290, size_out = 11290 True 1
Fn
Data
Close Session - True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image