Cryptam // document analysis


Sample Details

original filename: 11 COT CO.xls

size: 2981888 bytes
submitted: 2017-09-09 10:30:22
md5: 63b299d06b26cc6ce4dd29ec8e634107
sha1: 8bf2d5bf850eaf84ae3f6d1ba639aea6d32106df
sha256: 0c0c4c06d62285f7049bf34d266d5be04893f8d24cf93059d06226e8c1555aff
ssdeep: 12288:BjNx15woiruqJ3lBoT8v7+7E/Q6gcEWk1kG3GEx8QrHHTLU/nVYC2me0ckcC4S9c:nx15kuqT7+brhax197QgNudqY
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 349.24 s
result: malware [32]
embedded executable: found

signature hits:

2783373: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2914526: suspicious.office Visual Basic macro
2930224: string.shell32.dll


Strings

raw strings
decrypted raw strings