Cryptam // document analysis


Sample Details

original filename: 00 1TMB GIAO THONG.xls

size: 2993152 bytes
submitted: 2017-09-09 10:39:15
md5: ff35097b9e844cbb9e6e5e84c59ae470
sha1: 0fa0fc2543e5c1cb1f9dfa846f5d7b3bdb9afff8
sha256: 2da697a1be54232f27fe19619165b568fc8995187aa424517729941a347cbe2d
ssdeep: 24576:1x15mv4m+wqeXp1yJ0l8MA/xFhrl0WSqstYnSY:c4m+QZmMOxFhrl0WSqstst
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 506.20 s
result: malware [32]
embedded executable: found

signature hits:

2795149: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2925790: suspicious.office Visual Basic macro
2941480: string.shell32.dll


Strings

raw strings
decrypted raw strings