This signature is hitting false positives. It seems to be a relatively old
signature, but the subsignatures seem to be rather generic so it's
difficult to know why this is supposed to be malicious.
VIRUS NAME: Doc.Downloader.Emotet-7196349-0
TDB: Engine:51-255,Target:2
LOGICAL EXPRESSION: 0&1&2&3&4
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Bedfordshire
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Buckinghamshire
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Cambridgeshire
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Fantastic
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Gorgeous
False positive VT scan:
https://www.virustotal.com/gui/file/f5d047b2e88f2ebf7beb2593d877c7b9bd7b25d7c28fde0ca8540e96104556f1/detection
MD5: 6e038caa6be70e02533b0a3c6c223b7d:3536896
signature, but the subsignatures seem to be rather generic so it's
difficult to know why this is supposed to be malicious.
VIRUS NAME: Doc.Downloader.Emotet-7196349-0
TDB: Engine:51-255,Target:2
LOGICAL EXPRESSION: 0&1&2&3&4
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Bedfordshire
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Buckinghamshire
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Cambridgeshire
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Fantastic
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Gorgeous
False positive VT scan:
https://www.virustotal.com/gui/file/f5d047b2e88f2ebf7beb2593d877c7b9bd7b25d7c28fde0ca8540e96104556f1/detection
MD5: 6e038caa6be70e02533b0a3c6c223b7d:3536896