Cryptam // document analysis


Sample Details

original filename: 336a508be3cb4c802cdd20ad49bb1a05.virus

size: 190464 bytes
submitted: 2017-04-16 01:23:14
md5: 336a508be3cb4c802cdd20ad49bb1a05
sha1: 919ab8dabd10c0f9f3c62c3b4ada4e6aeae68c34
sha256: 1e84560c4755b390fae8935ec00980a413d32b84a603fcd894e5b05641ce1b2c
ssdeep: 1536:g666g6BbX/uOJ+6lFMu2fo4QgckBFg2DDDIYrXN9CWgWJdHDwMyqyUvv51ykluL7:KDDDLvDlh2jcc0lbxOKTjhJtXQrfxb
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.90 s
result: malware [72]
embedded executable: found

signature hits:

144779: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
145363: exploit.office embedded Visual Basic execute shell command Wscript.Shell
151856: exploit.office embedded Visual Basic accessing file OpenTextFile
179922: suspicious.office Visual Basic macro
142069: string.vbs On Error Resume Next
dropped.file vbs ea0c27817cee62bf970c45c52ab2a0e6 / 19998 bytes / @ 148469
dropped.file vbs e76b872ac995ee6836fb3ebd46e4be25 / 21997 bytes / @ 168467


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 148469
md5: ea0c27817cee62bf970c45c52ab2a0e6
sha1: f7ef9a84eda3df07b921368ce2b4a3f7b78dc7d1
sha256: dbe09e3589d90c5778007850f52ffc29d1650d45ff65fd71f3c9348a7500f537
view strings

vbs at 168467
md5: e76b872ac995ee6836fb3ebd46e4be25
sha1: ff1928ef79d327e08e04b1eecb72b2442c9960f5
sha256: e278b4ca65f38b1e0185a115875287a4f41084d3f3f5b3232010526fdf2736c9
view strings