Cryptam // document analysis


Sample Details

original filename: e874c0abc4a8cf8d26b01078d51dea90642f74caa76ab10a54968aaccad406eacd83d76844c46c7dd3548fd4049011071cabf734b601f03cb9e041bd58c2b031

size: 371200 bytes
submitted: 2017-04-16 10:02:12
md5: 5a9e035c7b1c1e1dbbbf8f45532455c8
sha1: e064559e9ac56d21fff6ae44b2c13ef55bf658d8
sha256: 2b787b627c71db6d271c96f23e753940af53e55c92a77314602e705f54efe44a
ssdeep: 6144:BP1gxv7yZmspH7+cclKC+mhntkoRWGNsLuE7K79BUeG8zLP3LqRA+vTAf37f:BfIj08zLP3gbu
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.60 s
result: malware [22]
embedded executable: found

signature hits:

346800: suspicious.office Visual Basic macro
300707: string.RegOpenKeyExA
349908: string.KERNEL32


Strings

raw strings
decrypted raw strings