Cryptam // document analysis


Sample Details

original filename: resume.doc

size: 686662 bytes
submitted: 2018-04-12 04:32:01
md5: b0f1d539be2bdebf33139967bfa68bcf
sha1: a9b261f4ab2872894dc88197bf0bfbaceb406fe5
sha256: 200c0f7c18875380015e06f9199eac9b09542015edc3038b2cdab3905f709469
ssdeep: 3072:zNkFi2qKOM2AA3z1mMbgMqlY1xWOt4yMYqFy0dQDvOgA:qFi2q9AazDbgMNWvYDNA
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.30 s
result: malware [32]
embedded executable: found

signature hits:

55148: exploit.office embedded Visual Basic execute shell command Wscript.Shell
60126: suspicious.office Visual Basic macro
48687: string.shell32.dll


Strings

raw strings
decrypted raw strings