Cryptam // document analysis


Sample Details

original filename: cca4b74f184a71139f7be9c2f248c64d.virus

size: 155648 bytes
submitted: 2017-07-12 17:42:21
md5: cca4b74f184a71139f7be9c2f248c64d
sha1: 6f4e3cc82d89f4171e1de3258d53afc14091592a
sha256: 0d2d2ff7d80760d38ea475b0e1e112f5c0176e001f96b604c2f4cf5143216a25
ssdeep: 3072:gyfE/u19R9m+1gb8mUt+qFsF8NpP8chx:TV19R9r1p+qFuK8c
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.12 s
result: malware [22]
embedded executable: found

signature hits:

149202: suspicious.office Visual Basic macro
24695: string.CloseHandle
24663: string.CreateFileA
dropped.file vbs 118880c8f8bd78877f3a6b239c852cd2 / 25628 bytes / @ 130020


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 130020
md5: 118880c8f8bd78877f3a6b239c852cd2
sha1: 6399dfe55c1445253d1f3a7a3703bd4ad3bfa3c7
sha256: 3b750ec5d093f38f49a85a8fb80a4dac1a47a121834d437946bf8e2dc73db461
view strings