Categories: Malware

What is “Exploit:O97M/CVE-2017-11882.AZL!MTB”?

The Exploit:O97M/CVE-2017-11882.AZL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Exploit:O97M/CVE-2017-11882.AZL!MTB virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
Possible date expiration check, exits too soon after checking local time
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
A potential decoy document was displayed to the user
Creates a hidden or system file

How to determine Exploit:O97M/CVE-2017-11882.AZL!MTB?


File Info:
crc32: DEF0FFC7md5: c442eddb89f85c2c9aca3a7155413b0ename: upload_filesha1: 36b582b33c8633b9ca6d1c3eb3e73dc42abac1basha256: 4a25856a07811127b8f1b492abc00f953572f0c6bee4e5c1056c0af93528ca68sha512: ff9fd1931b081693a4dfca3d3c1288e310cd8ec47560c2537ac449295ba2481f868edc92f002732dadc1c7e5c5a1ccadb8d65281e4ce014d08b068988b1830f8ssdeep: 192:HU8ePXwgvwc6aAnwBJk2Rlof+vSCQYUOZ7peVtYFCHfJCP:08ePXFvw7akMJkOlkoSCjjwVSkfJCPtype: Rich Text Format data, unknown version
Version Info:
0: [No Data]

Exploit:O97M/CVE-2017-11882.AZL!MTB also known as:

MicroWorld-eScan	Trojan.GenericKD.44168186
FireEye	Trojan.GenericKD.44168186
CAT-QuickHeal	Exp.RTF.Obfus.Gen
McAfee	Exploit-GCO!C442EDDB89F8
AegisLab	Hacktool.RTF.CVE-2017-11882.3!c
Sangfor	Malware
TrendMicro	TROJ_FRS.VSNW18J20
Cyren	RTF/CVE-2017-11882.N.gen!Camelot
Symantec	Exp.CVE-2017-11882!g2
TrendMicro-HouseCall	TROJ_FRS.0NA103JO20
Avast	RTF:Obfuscated-gen [Trj]
Kaspersky	HEUR:Exploit.RTF.CVE-2017-11882.gen
BitDefender	Trojan.GenericKD.44168186
NANO-Antivirus	Exploit.Rtf.Heuristic-rtf.dinbqn
Ad-Aware	Trojan.GenericKD.44168186
Sophos	Troj/RTFDl-BXP
Comodo	Malware@#1emrz14jlmnh8
F-Secure	Malware.W97M/Abnormal.ereiv
DrWeb	Exploit.Siggen2.57904
Invincea	Troj/RTFDl-BXP
McAfee-GW-Edition	Exploit-GCO!C442EDDB89F8
Emsisoft	Trojan.GenericKD.44168186 (B)
Ikarus	Trojan.Doc.Agent
GData	Trojan.GenericKD.44168186
Avira	W97M/Abnormal.ereiv
Antiy-AVL	Trojan[Exploit]/RTF.Obscure.Gen
ZoneAlarm	HEUR:Exploit.RTF.CVE-2017-11882.gen
Microsoft	Exploit:O97M/CVE-2017-11882.AZL!MTB
Cynet	Malicious (score: 85)
AhnLab-V3	RTF/Malform-A.Gen
ALYac	Trojan.GenericKD.44168186
TACHYON	Trojan-Exploit/RTF.CVE-2017-11882
Zoner	Probably Heur.RTFBadVersion
ESET-NOD32	a variant of DOC/Abnormal.A
MAX	malware (ai score=100)
Fortinet	RTF/CVE_2017_11882.C!exploit
AVG	RTF:Obfuscated-gen [Trj]
Qihoo-360	susp.rtf.objupdate.gen