Cryptam // document analysis


Sample Details

original filename: SAT_Documento_390139.doc

size: 245248 bytes
submitted: 2017-09-09 09:57:19
md5: 6a352271764bb06bf87b8a990d5b6c05
sha1: d83ae17ac5813fbfd0b274b968188000aa8c9a26
sha256: 157f01b33c5320efb5ae14aaa8271766720b9af2b66bbfe78d83f5b5b681445e
ssdeep: 3072:b/jqkQsscjb8zSCokf6TXhb85lpOfGwXf4YJfIyUK7tkSo91DSoH8pu39:b/jqk5scX4SdQ6Gwv4YJfpUK7WnDnHB
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 26.60 s
result: malware [32]
embedded executable: found

signature hits:

240862: suspicious.office Visual Basic macro
169321: exploit.office VB Macro auto execute
242744: string.shell32.dll


Strings

raw strings
decrypted raw strings