Cryptam // document analysis


Sample Details

original filename: 03 NHA LO HOI.xls

size: 3262464 bytes
submitted: 2017-09-09 12:22:51
md5: 1798283924df6a6c751fb5a9b6d7abc1
sha1: b47e5eec0eb35374b5c372b08346c51206f92230
sha256: 1ddd17dc57d5b7d651ef8f7530c035c40657151d8d69f1a115dd0a1b4b902f28
ssdeep: 12288:zEx15woq1QovkNhSiwYIp3yrYom88o8h9e68kWEHFWKUGZ48Y8wgtPtj/dlCymee:Ax15UsNhdCReKHU8a3TWGHbjf+ih0Y
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 300.03 s
result: malware [32]
embedded executable: found

signature hits:

3064440: exploit.office embedded Visual Basic execute shell command Wscript.Shell
3191518: suspicious.office Visual Basic macro
3207328: string.shell32.dll


Strings

raw strings
decrypted raw strings