MALICIOUS
82
Risk Score
Heuristics 3
-
MSCOMCTL.ListView — CVE-2012-0158 high CVE likely CVE_2012_0158MSCOMCTL.ListView — CVE-2012-0158
-
Egg-hunter shellcode pattern high SC_EGG_HUNTEREgg-hunter shellcode pattern
Disassembly
x86 disassembly · validity: code (1.0) — 3/3 branch targets land on an instruction boundary (100% coherence)000068AC 6681caff0f or dx, 0xfff 000068B1 42 inc edx 000068B2 83c27c add edx, 0x7c 000068B5 52 push edx 000068B6 6a02 push 2 000068B8 58 pop eax 000068B9 cd2e int 0x2e 000068BB 3c05 cmp al, 5 000068BD 5a pop edx 000068BE 74ec je 0x68ac 000068C0 b841904190 mov eax, 0x90419041 000068C5 89d7 mov edi, edx 000068C7 af scasd eax, dword ptr es:[edi] 000068C8 75e8 jne 0x68b2 000068CA af scasd eax, dword ptr es:[edi] 000068CB 75e5 jne 0x68b2 000068CD ffe7 jmp edi 000068CF 90 nop 000068D0 90 nop 000068D1 90 nop 000068D2 90 nop 000068D3 90 nop 000068D4 90 nop 000068D5 90 nop 000068D6 90 nop 000068D7 90 nop 000068D8 90 nop 000068D9 90 nop 000068DA 42 inc edx 000068DB 004200 add byte ptr [edx], al 000068DE 42 inc edx 000068DF 004200 add byte ptr [edx], al 000068E2 42 inc edx 000068E3 004200 add byte ptr [edx], al 000068E6 42 inc edx 000068E7 004200 add byte ptr [edx], al 000068EA 42 inc edx 000068EB 004200 add byte ptr [edx], al 000068EE 42 inc edx 000068EF 004200 add byte ptr [edx], al 000068F2 42 inc edx 000068F3 004200 add byte ptr [edx], al 000068F6 42 inc edx 000068F7 004200 add byte ptr [edx], al 000068FA 42 inc edx 000068FB 004200 add byte ptr [edx], al 000068FE 42 inc edx 000068FF 004200 add byte ptr [edx], al 00006902 42 inc edx 00006903 004200 add byte ptr [edx], al 00006906 42 inc edx 00006907 004200 add byte ptr [edx], al 0000690A 42 inc edx 0000690B 00 .byte 0x00
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.euskonews.com/0573zbk/gaia57301es.html In document text (OLE body)
Open this report in the interactive analyzer, or submit your own file for analysis.