Initial release

Author: codeyourweb

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Jean-Pierre GARNIER
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

example/documents/ESET_OceanLotus.pdf

@@ -0,0 +1,11 @@
+theses lines are not valid hashs:
+07bf024a43c324dd2a4b8a8s0
+ef49780995d9bab25bcbzzz0bd206df4
+
+this is a good hash:
+2b14f9f3c758a2cf842a61aca6a3455d
+
+this is the same hash:
+2b14f9f3c758a2cf842a61aca6a3455d
+
+this is a 1e295a6c8ca911746165812c61527730 hash inside a text content

example/documents/bad_file_example.txt

@@ -0,0 +1,127 @@
+07bf024a43c324dd2a4b8a8cf6e63480
+ef49780995d9bab25bcb4b70bd206df4
+986f263ca2c529d5d28bce3c62f858ea
+52beacccecd9342421aa682ad538e677
+597425ea47067eaee6f2ace7376614bb
+d532e06adb3000bcda9d94079ce0ca1b
+c6798d524de5dae9a34aa665175b2677
+0a3ea5ecd7e29cd66da02a17ff6e86a4
+bdfb9ad55e908799d6b78c41cb340710
+de457bdf41b07faaa728e9122adfd064
+eaaf9f763ae8c70d6e63d4b1e3364f74
+1619fee6d8b9f99abcdae1cd78b16e60
+78f8144c138332937e78833146bb34b9
+c713cf68acd195e0c6e05fd6d9c3cdcd
+88b76be1f1ffb9afa3fd8a1dca0fe92a
+4dccffe134ac6f21083d70c917a8dfe5
+3c04b325aeb77ba957f98b53cddac88d
+978b1cc65241e768d6b611436dc11696
+efa53c81f9b6d0b245609fdcdd652826
+890c13f99a35dcd780ca151dcf1c7aa2
+5926ed4e825635589f2fb9220e1e8dc1
+7200e355f0573f054d80472f41976519
+481af8ec3f2e3f96d984693df8602e2f
+5924eac8af1f3e3f1f825998bc59c062
+25433e78c32d3d074ac68260957f5659
+9573f452004b16eabd20fa65a6c2c1c4
+ab3e7524f8e75bee47cfa1a838782f1d
+71dd8648a286d4d5ccb040db4f81a3cb
+4c0a84a2ebe157fbab2c42f8e92ab330
+44fb1516e3c290237b4bed7d59496442
+65e6025462d5b47e07d5fd724a549c92
+2262bb56584a0e58193404e5fb3a8eed
+28024234c30880ecf146526ca430f9ca
+9e8d05e70588e4d3b2feb1a5e895960a
+5bc96f6c393f73f78ebc4bd28167f57d
+80fc5df5022be7b91de43017f586f1d7
+b41fbdd02e4d54b4bc28eda99a8c1502
+252ec60966a4e249d1fecbea52519438
+d1018c9860ab45185816f8c3aa2fa6cd
+26a7f2fe450f9033c8496baa404f1ef9
+899e28b6ec1f9c5ad2de5ab93d20e38d
+47870ff98164155f088062c95c448783
+0d1a72a9d89d8c08245e951ccdee7f0d
+8ac035756d3a3b0659c8253a8292dc79
+4657e8128ce3e4f8f3b913f363e64a2e
+163451f0f8ac882d7218422e594d7c38
+10772c88a8053b3c73544feca1d040c3
+9cd8a8c58b076a355188038b34424bb2
+55ba9886ff2ab87a1e088c2deb72bdbe
+7c834d71a108c4da3c0a8b7af05507ad
+4deb0196b26ced848d300158eca103f0
+d91153dc28274eb12e2e1233ab0552f1
+81468559724652d91df6b26833cc34bf
+6f8f369641401b3440c9faaf63773cd8
+8bdad50d7f2b2f30f1c8d5323475f35c
+f643205cda53f8f7f157cf2b6a0a443d
+ad27c99559a742a9949560d42c25a5b2
+e8ab99fcd9bd876ca79e0ea7ab32e6ed
+47c17d62cd1962e4bd282bbc40647940
+1f8a62d84c8d521aa333a9bcd7f630d3
+f19f0170ede809218b35b705478dc1a9
+eb928bca5675722c7e9e2b09eec1158a
+78d3f074b70788897ae7e20e5137bf47
+4a9eb485e7324499da77e00eb222d553
+db1156b072d58acdac1aeab9af2160a2
+f93ce76f6580d68a95260198b2d6feaa
+a5e8e5633bb06f12a511011d6adb3a83
+031782fccc281aca377cef1d6d6ffc6b
+45e611c1bede7d1ff0a9a169590c0c28
+9456197d0f8b6cabfea5f02ffb0176dd
+2540ddea844c96e61460392a8ee573ae
+87ad17f943692fa749259190a52c81e3
+e0abec19095864c3f67dd9cb50c1144d
+a45cac94e6e7dfd66b28d3b01fa8c8aa
+64b2e54e905373d09bc4458ea34c7bd0
+347c626ebd441790fc73c103af192893
+0063f785a411dd1c290a33edd7248362
+b759f62ae689f6004f86f92c3f77b3ad
+a48227bdd058e0d507dad9d570b9d71d
+fe82adcdca51ef8038b2c9cbf7671e7a
+97bc5d5b77ce385e9820cd4477892dd1
+8d2e0400c2c16fbdeafe4e8737542203
+cccc15cb2db720fc6ffbd319b82648fc
+d5de9bd2ea9045bc2dcb6fccf24f4b62
+be58f7bc35fb5f215a39470ae43ea2ac
+5036314c2f8f594cc2d597307c814176
+f993d53e05a3b87262219802a8e3ae38
+daaa03e1c73d613dd0b221abbd6998ea
+6889eff32b36c63a25172144516bebbd
+e028c0d5842313dc746c14342622549e
+8940b9b7e6d0d669c7a9d3082016354e
+710da05065780eac2203b60e692b79e7
+2c091aead3f99908a77597ad224295a6
+4181de1b2e03b20d6b7ad42efe6ec514
+bc7bd81607aacb5a5198b988946cc29f
+ca8d5f41c074dfb2f8fbb66a352aef06
+edfd33d319af1cce7baa1b15b52940e7
+a352f93e5f63bbf5cd0905c38f054d27
+0c8be90f4c6f3299a727b1db7406b87e
+19db0b290b19b66041eec48a51804124
+fb3b84d2d28a599281afa3c32b2946f9
+fd99b6a8a95e3126005813bafcbba70f
+e88029a87ca6e3f7b271e5d35471b240
+988df2967a7239a4b916cc9fcedaff68
+f3bf767fb3f1f53ef5f9527168f98e46
+599c6a452973c04ffd285c69ac62a260
+e1fdde61d9db9d6875994e4a412987f7
+96be1e1f997a3bad8a179af72e9e45e2
+01e2e224a63886a9640334ba449f8a3a
+7731d42b043865559258464fe1c98513
+3e93f8b7c46a32236c225926d9f063f2
+2df3d9ad6759556d11764e7423b37b94
+448524fd62dec1151c75b55b86587784
+f4273f979565c66fe00fdcc0619793b1
+11dc55d38e4d29acf32fe40c2bbfb461
+111ed2f02d8af54d0b982d8c9dd4932e
+55319464e46e2c31d22b39b46d5477fb
+a2a5c24530c2aa8efaadcf78f8dc54bd
+2b14f9f3c758a2cf842a61aca6a3455d
+8851f2fd31964f867eb07c398d57112a
+9443437c07299dd30089437430900b25
+83dbdf9cfcf65a97e5addc7e824a6842
+1e295a6c8ca911746165812c61527730
+41705c15ca2e5b707ec2fcd25e69a025
+103dc636c7d970f2f88d4cacff06db20
+5bd6544e0884613743607b7084610186
+6f29e6cae443412ff6086322eeffb56f

example/documents/evolution-of-the-nymaim-criminal-enterprise.pdf

@@ -0,0 +1,3 @@
+md5,sha1,sha256,vhash,creation_date,first_submission,last_analysis,file_names,file_type,file_size,imphash,statement,microsoft_defender,tags,url
+2b14f9f3c758a2cf842a61aca6a3455d,f9d52bb5a30b42fc2d1763be586cee8a57424732,25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c,2140365515180b51235020,2014-06-20T16:04:09,2019-01-14T17:25:05,2020-11-12T17:17:35,[Microsoft.Exchange.MessagingPolicies.Search.exe 2b14f9f3c758a2cf842a61aca6a3455d.bin F:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.MessagingPolicies.Search.dll H:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.MessagingPolicies.Search.dll C:/Samples/2B14F9F3C758A2CF842A61ACA6A3455D],,14.00KB (14336 bytes),f34d5f2d4577ed6d9ceec516c1f5a744,54 / 72,Backdoor:Win32/Turla.TA,[peexe assembly direct-cpu-clock-access detect-debug-environment runtime-modules],https://www.virustotal.com/gui/file/25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c
+1e295a6c8ca911746165812c61527730,e36a0d93d4d67e034bbca353c251d134f656038f,d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650,125066655d1515555078z6c3z97z37z97z14z3,2009-09-14T17:28:07,2019-03-12T14:40:33,2020-03-08T12:29:08,[MSJAVAVM MsJavaVM.dll d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650.bin cf5e73c4517c8547732f01a6fd614f9ad1aa628b9fc6a82d3b2f222f7b2a0433_dump7_0x00250000_reconstructed],,209.00KB (213504 bytes),84f56657d2da7b88e5464d21a43aaf1d,51 / 71,Trojan:Win32/Tiggre!rfn,[pedll],https://www.virustotal.com/gui/file/d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650

example/documents/turla_hash_example.txt

@@ -0,0 +1 @@
+[{"md5":"2b14f9f3c758a2cf842a61aca6a3455d","sha1":"f9d52bb5a30b42fc2d1763be586cee8a57424732","sha256":"25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c","vhash":"2140365515180b51235020","creation_date":"2014-06-20T16:04:09","first_submission":"2019-01-14T17:25:05","last_analysis":"2020-11-12T17:17:35","file_names":["Microsoft.Exchange.MessagingPolicies.Search.exe","2b14f9f3c758a2cf842a61aca6a3455d.bin","F:\\Program Files\\Microsoft\\Exchange Server\\V14\\Bin\\Microsoft.Exchange.MessagingPolicies.Search.dll","H:\\Program Files\\Microsoft\\Exchange Server\\V14\\Bin\\Microsoft.Exchange.MessagingPolicies.Search.dll","C:/Samples/2B14F9F3C758A2CF842A61ACA6A3455D"],"file_type":"","file_size":"14.00KB (14336 bytes)","imphash":"f34d5f2d4577ed6d9ceec516c1f5a744","statement":"54 / 72","microsoft_defender":"Backdoor:Win32/Turla.TA","tags":["peexe","assembly","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"url":"https://www.virustotal.com/gui/file/25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c"},{"md5":"1e295a6c8ca911746165812c61527730","sha1":"e36a0d93d4d67e034bbca353c251d134f656038f","sha256":"d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650","vhash":"125066655d1515555078z6c3z97z37z97z14z3","creation_date":"2009-09-14T17:28:07","first_submission":"2019-03-12T14:40:33","last_analysis":"2020-03-08T12:29:08","file_names":["MSJAVAVM","MsJavaVM.dll","d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650.bin","cf5e73c4517c8547732f01a6fd614f9ad1aa628b9fc6a82d3b2f222f7b2a0433_dump7_0x00250000_reconstructed"],"file_type":"","file_size":"209.00KB (213504 bytes)","imphash":"84f56657d2da7b88e5464d21a43aaf1d","statement":"51 / 71","microsoft_defender":"Trojan:Win32/Tiggre!rfn","tags":["pedll"],"url":"https://www.virustotal.com/gui/file/d458e8927e11d401448b4ddc18242e4c2e349f070504ac39cf366da841832650"}]

example/results/results_bad_file_example.csv

@@ -0,0 +1,16 @@
+md5,sha1,sha256,vhash,creation_date,first_submission,last_analysis,file_names,file_type,file_size,imphash,statement,microsoft_defender,tags,url
+cf474dbebbbbbc394db61d876b62a219,ac0b5ed0e1a02ade91161a51766e8354354e1099,cf608be7dc6738dd178dc5a63bb21925e70800667a5876f2742bed59b5f6f5a1,8a6582ebe396de28feae178e13cd504d,2016-04-18T18:01:00,2016-04-20T17:49:37,2016-05-12T03:10:09,[Campbell Soup Co.doc],,133.00KB (136192 bytes),,24 / 56,TrojanDownloader:O97M/Donoff,[obfuscated macros doc create-ole],https://www.virustotal.com/gui/file/cf608be7dc6738dd178dc5a63bb21925e70800667a5876f2742bed59b5f6f5a1
+ffb4480220c57db1a509f30a48503d7a,59479dff247d937021d10f658fdde9d7fed77b25,ef4b06c20fae78d44c41402163d7624833fbbff4993d228682718b6b637fd637,f2a72d3b1f3d401173c5fc4df0a02b5c,2016-04-18T17:30:00,2016-04-18T20:32:31,2016-05-12T03:10:36,[Brite Divinity School-ACody.doc],,142.00KB (144896 bytes),,22 / 56,TrojanDownloader:O97M/Donoff,[obfuscated macros doc create-ole],https://www.virustotal.com/gui/file/ef4b06c20fae78d44c41402163d7624833fbbff4993d228682718b6b637fd637
+aa0c0ca1a48ea3c77d00ab9c1777c2f7,736292be37432784cddfe38c40bdb2cc5e10a8b9,ae56c3c196a60d380782a61d318065577b3f6abd04489c7c24d50fef1ed1429e,c56f0a63dd71a0d944b73204d9dfe15f,2016-04-18T17:53:00,2016-04-18T21:36:21,2016-05-12T03:10:59,[Miller-Valentine Group.doc],,139.00KB (141824 bytes),,22 / 56,TrojanDownloader:O97M/Donoff,[obfuscated macros doc create-ole],https://www.virustotal.com/gui/file/ae56c3c196a60d380782a61d318065577b3f6abd04489c7c24d50fef1ed1429e
+ae57ce7ef337b281ea8a5eb7064d433f,818f396b9280e0031f2e259fb049be2fb4f9e816,976ec8a4ed5026842ad397565c9ae1ee6911ffdd4007d2761e9b573e79f41384,8c51268a5f148ee06c809a866d643201,2016-04-18T17:33:00,2016-04-18T18:44:56,2016-05-12T03:10:24,[Gellman Research Associate.doc],,138.00KB (141312 bytes),,23 / 56,TrojanDownloader:O97M/Donoff,[obfuscated macros doc create-ole],https://www.virustotal.com/gui/file/976ec8a4ed5026842ad397565c9ae1ee6911ffdd4007d2761e9b573e79f41384
+73c409bc47f91e5290f803f0823aec2b,053b5a874d82a34eba828cc5df60ccb4bc86daa2,ce0c220603d23fbb072f91a6a813c07e0c1d02559f54f9899d3d3be1db6d8851,5f08fd43771585e215a61693e58ccc73,2016-02-25T17:15:00,2016-02-26T06:11:21,2020-02-14T19:03:39,[Invoice_897-84579.doc qb_invoice_1147630.doc],,24.00KB (24924 bytes),,38 / 64,,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/ce0c220603d23fbb072f91a6a813c07e0c1d02559f54f9899d3d3be1db6d8851
+1170efc7f6b01e2a17454d2734a8b95d,3f148bac3cbe8f06819d138db5994d51c8052b9b,d78e20396efc39af29717d8dcceaf48a241ebd36a2f89d0c903ecf81fa9f5d0c,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:30:00,2016-02-22T10:16:57,2020-02-19T18:00:56,[invoice_32117172.doc Intuit_updates-65175.doc 6026f3cc38f8d9e5e833ed29f9d1ae35 c5f8913dfbf635573166464c71ad315c 59630f81d06140383cf76fa53c8ce8a9],,24.00KB (24941 bytes),,42 / 64,Trojan:O97M/Madeba.A!det,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/d78e20396efc39af29717d8dcceaf48a241ebd36a2f89d0c903ecf81fa9f5d0c
+e2d4e073b75ea4368c0f1b15c7729ad0,07467af0f5e4dea6965e1479b114a78e29dde527,5cdf41ef8cc330a5ea7fa06de6e220afdd8c2d5b708041296801f45bcafa16e3,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:30:00,2016-02-22T12:13:44,2020-01-10T00:54:13,[Intuit_updates-65165.doc e38e9de6319820a4d20c08fa80542601],,24.00KB (24843 bytes),,41 / 64,Trojan:O97M/Madeba.A!det,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/5cdf41ef8cc330a5ea7fa06de6e220afdd8c2d5b708041296801f45bcafa16e3
+7abdd24acca5cc5d10d77213ca258c40,f4888d5b02cc016fc4dc63eda6e91921c2e8c078,d4e3fb25f0d397967f1e88baffb97cfd6f40953d0c9f998d1c4694d1982d2d65,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:31:00,2016-02-22T11:08:30,2018-11-19T07:11:36,[invoice_321882.doc 054ddca6bc34873a06a2b5b7c540d647 7c32400c6c12de11fa9a508bb9efb4b5 673701b6bd62c6a98f8cf6416e4cfc04],,24.00KB (24921 bytes),,37 / 61,TrojanDownloader:O97M/Donoff,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/d4e3fb25f0d397967f1e88baffb97cfd6f40953d0c9f998d1c4694d1982d2d65
+50c32b49f8f1c605ae78d36aaf433164,50f426430d5305a3bee8bc6c607b40f6bf5ff10a,8efdfcf63f1dbfa9666bce23246f49c5788ec8c8edacc722038d9110375d89b5,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:30:00,2016-02-22T12:28:18,2020-01-10T01:28:12,[invoice_32112122.doc 3b1bf79f278c8f32c031ca598edd4dce Intuit_updates-65125.doc 09af3ab044c2c5f2910d23d78bca17ea],,24.00KB (24960 bytes),,41 / 61,TrojanDownloader:O97M/Donoff,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/8efdfcf63f1dbfa9666bce23246f49c5788ec8c8edacc722038d9110375d89b5
+2065c03c9c4456061022077a1e805b06,6cb74f9a788b51d4a064711b8b1ecc51586d01de,e5c5385b79743ced00adebc0daae5fa619cf3836417bc2b0379f98a24f81c4bb,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:30:00,2016-02-22T10:17:52,2018-12-04T10:23:17,[682ce07d78e0f9b635b91ed8c9453cf2 1377359b40ea09fdd9fce0e4926f057e 609864af844fcc583f6d8931f8bb7b47 (e5c5385b79743ced00adebc0daae5fa619cf3836417bc2b0379f98a24f81c4bb) - invoice_321112.doc ca6977fecf5b066624dfabbf3bc6885e],,24.00KB (24946 bytes),,40 / 61,Trojan:O97M/Madeba.A!det,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/e5c5385b79743ced00adebc0daae5fa619cf3836417bc2b0379f98a24f81c4bb
+25ea3c797bc0954012aac08f476361ce,61ae557a7c8406bf26f7ee0fe488f5975b1f8087,c0515052e8bc2e2772b29cbb694e72af9a6c2be8ebceba5766bcdaf26fe955da,5f08fd43771585e215a61693e58ccc73,2016-02-22T03:32:00,2016-02-22T10:27:08,2018-11-19T07:10:35,[63f9ea77fc64a8d8f5666021540f9340 invoice_321992.doc e25f27e6c8b8003a173a9ee67d5bc34f 88352cee47fefd83e9cb416790acd09c 7cfbcc465423e3b1d05c820cf35f3986],,24.00KB (24883 bytes),,36 / 59,Trojan:O97M/Madeba.A!det,[obfuscated open-file auto-open create-file docx macros write-file create-ole],https://www.virustotal.com/gui/file/c0515052e8bc2e2772b29cbb694e72af9a6c2be8ebceba5766bcdaf26fe955da
+d7f10f0195b718e1fab63cd5ad6f77aa,099f30502894e8ceeaff2ba312f25f10083deaf1,b5b6b37f28dc16bbbac8df75af51f66436f7a4b4dec7ee3d911fb2601c1bb3b5,09c669ea80e95b7792b44a56d386c47f,2016-02-17T10:21:00,2016-02-17T16:04:04,2016-05-17T21:40:50,[fedex-20160217-134582467925.doc 4f71e9604c844066cc262882eabd9711 dfd6810c40264220ea7181e722140613 099f30502894e8ceeaff2ba312f25f10083deaf1.doc],,183.00KB (186880 bytes),,37 / 57,TrojanDropper:O97M/Artitex.C,[obfuscated open-file auto-open doc run-file macros environ create-ole],https://www.virustotal.com/gui/file/b5b6b37f28dc16bbbac8df75af51f66436f7a4b4dec7ee3d911fb2601c1bb3b5
+885ea084aa2281ba106d13c19f014c4d,7d1c3a9d02f698480039a1fe08ee340c202bdf98,642420b08d6333b8cf48014b62c60f9bd1f51be4b3c00b6023e824987d177b73,f733be6a661fecf1c38415c433c5cb25,2016-02-17T10:21:00,2016-02-17T15:55:03,2020-09-06T16:52:08,[eba41f09788bf0bad97590c420fddb5d31453be260a47b760f017b0bc9f6213bfinal_invoice.doc ce138ac0e656cae0fcf9105147b48f217b803b8e85cba677562aee2876ac8603final_invoice.doc 31d9de8e9912a5afb14116352b69b02cd8412d3e3a9565dc9a33b8df2d8fac1efinal_invoice.doc final_invoice.doc C:\Users\ThuyND\Desktop\massive\Fareit\642420b08d6333b8cf48014b62c60f9bd1f51be4b3c00b6023e824987d177b73 file.doc VIRUSS.doc final_invoice_spam.doc 020c11be873275dee5ec061538354d1f e238f1a4d5a8d95501515c42ebe81599 7d1c3a9d02f698480039a1fe08ee340c202bdf98.doc],,194.00KB (198656 bytes),,41 / 59,TrojanDropper:O97M/Artitex.C,[obfuscated open-file auto-open run-file macros environ attachment via-tor xls create-ole],https://www.virustotal.com/gui/file/642420b08d6333b8cf48014b62c60f9bd1f51be4b3c00b6023e824987d177b73
+f33d13a2bc29cf8e1ccd44c1f6eaf342,1375da78dddd0d00849df327a1c3e6017eb8fec9,4d0c14edfa616c0a5618b312f5ca90b3a29188288f35c5d8c1c2ae37ef11371f,494a9e356057863aecbaa6173fd46e23,2016-03-15T17:37:00,2016-03-15T19:45:50,2020-01-27T21:15:53,[Harley-Davidson Motor Company_Unpaid_Quote_ Starbucks_Unpaid_Quote_ref.Z140443366.doc Z140443366.doc GoPro_Past due_Quote_#Z178464070.doc],,122.00KB (124928 bytes),,38 / 61,TrojanDownloader:O97M/Adnel.S,[obfuscated auto-open doc macros environ create-ole],https://www.virustotal.com/gui/file/4d0c14edfa616c0a5618b312f5ca90b3a29188288f35c5d8c1c2ae37ef11371f
+ad9c255868ab55652555e47d8985ea2f,f5249c827757e4ef4bc107e7ca0e8e5b3e361bdc,a8ae681463b75470be8dc911f0cf7ca01a2eaea87005564263a5bbe38d652369,e02d13fceae315dc2852e3799b02bc98,2016-06-01T15:13:00,2016-06-01T19:35:09,2019-03-04T00:41:59,[Reed Smith LLP.doc],,123.00KB (125440 bytes),,39 / 59,TrojanDownloader:W97M/Ursnif.A,[obfuscated macros doc create-ole],https://www.virustotal.com/gui/file/a8ae681463b75470be8dc911f0cf7ca01a2eaea87005564263a5bbe38d652369