Cryptam // document analysis


Sample Details

original filename: 2937b0a1a4df3927a501c039740af77f.virus

size: 1720832 bytes
submitted: 2017-07-12 17:54:33
md5: 2937b0a1a4df3927a501c039740af77f
sha1: b85a95e7a86a8dd326ea63ce1667bd92087162d6
sha256: 2883ce2ba23f305fe3f0a9fbca6faa3cc86f32629b7bb7876f74f8fb3139eda9
ssdeep: 49152:35ytGrH+mPpOr6Rt72/IZ/uT7GBxPIorzVfO+wBsFoIdnhX2ZLGNY5k1:35jHUGRl2n7AxnrZfn
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 4.25 s
result: malware [22]
embedded executable: found

signature hits:

1681570: suspicious.office Visual Basic macro
1534409: string.CloseHandle
1534332: string.CreateFileA


Strings

raw strings
decrypted raw strings